Monday, 2018-12-10

*** cgoncalves has quit IRC00:00
*** pbourke_ has quit IRC00:13
*** pbourke_ has joined #openstack-lbaas00:13
*** sapd1_ has joined #openstack-lbaas00:36
*** PagliaccisCloud has quit IRC00:37
*** sapd1_ has quit IRC00:44
*** sapd1_ has joined #openstack-lbaas01:07
*** sapd1_ has quit IRC01:19
*** hongbin has quit IRC01:45
*** PagliaccisCloud has joined #openstack-lbaas01:49
*** yamamoto has quit IRC01:50
*** sapd1_ has joined #openstack-lbaas01:50
*** yamamoto has joined #openstack-lbaas01:53
*** yamamoto has quit IRC01:53
*** yamamoto has joined #openstack-lbaas01:56
*** yamamoto has quit IRC01:56
*** yamamoto has joined #openstack-lbaas01:57
*** yamamoto has quit IRC02:05
openstackgerritYang JianFeng proposed openstack/octavia master: Add listener and pool protocol validation
*** yamamoto has joined #openstack-lbaas02:39
*** yamamoto has quit IRC02:46
*** yamamoto has joined #openstack-lbaas02:50
*** hongbin has joined #openstack-lbaas03:05
*** hongbin has quit IRC04:00
*** ramishra has joined #openstack-lbaas04:34
*** sapd1_ has quit IRC05:05
*** sapd1_ has joined #openstack-lbaas05:18
*** sapd1_ has quit IRC05:23
*** khomesh has joined #openstack-lbaas05:24
*** abaindur has joined #openstack-lbaas05:35
*** yamamoto has quit IRC05:36
*** yamamoto has joined #openstack-lbaas05:39
*** yamamoto has quit IRC05:44
*** sapd1_ has joined #openstack-lbaas06:03
*** zufar has joined #openstack-lbaas06:17
zufarHello all, it is possible to deploy octavia on multi master node on openstack?06:18
*** yamamoto has joined #openstack-lbaas06:37
*** yamamoto has quit IRC06:42
*** sapd1_ has quit IRC06:48
*** sapd__ has joined #openstack-lbaas06:48
johnsomzufar: what do you mean by multi master?06:54
johnsomThe control plane processes are all HA capable and the amphora can run in active/standby mode.06:55
*** sapd__ has quit IRC06:55
zufarim sorry, not multi master, but multi controller node.07:04
zufarI am following this tutorial ( for creating lb-mgmt-net that controller need to talk to amphora instance. I have testing in single controller, but still confusing with multi controller node.07:08
*** numans has joined #openstack-lbaas07:10
zufarwhich controller node need to create ovs port?07:10
johnsomOk, all of the controller processes; worker, health manager, housekeeping, and API can be deployed on multiple hosts without issue.07:11
johnsomWorker, health, and housekeeping will need access to the lb-mgmt-net07:12
*** yamamoto has joined #openstack-lbaas07:12
zufarSo if i have 3 controller node, i need to create 3 neutron-port from `lb-mgmt-net` and attach the port into controller (1 neutron port/controller)?07:12
johnsomYes, that would work07:16
*** rcernin has quit IRC07:23
zufarthank you, but how i fill the octavia configuration, especially [health_manager] bind_ip?07:27
zufarbecause i have 3 ip address from the port07:27
*** ccamposr has joined #openstack-lbaas07:28
openstackgerritOpenStack Proposal Bot proposed openstack/octavia-dashboard master: Imported Translations from Zanata
*** abaindur has quit IRC08:03
openstackgerritYang JianFeng proposed openstack/octavia master: Add listener and pool protocol validation
*** velizarx has joined #openstack-lbaas08:23
*** rpittau has joined #openstack-lbaas08:27
*** abaindur has joined #openstack-lbaas08:32
*** yboaron has quit IRC08:36
zufarHi Johnsom, I want to ask about nova keypair. how about the certificate? should i generate from 1 controller node and copy to other node?08:39
zufar*other controller node08:39
zufaror generating each controller node?08:39
*** yamamoto has quit IRC08:47
openstackgerritJacky Hu proposed openstack/octavia master: Allow release id to be specified with fedora
*** yamamoto has joined #openstack-lbaas09:17
*** gcheresh has joined #openstack-lbaas09:35
*** abaindur has quit IRC09:47
*** yboaron has joined #openstack-lbaas09:49
*** sapd1_ has joined #openstack-lbaas09:54
*** yamamoto has quit IRC09:58
*** yboaron_ has joined #openstack-lbaas10:04
*** sapd1_ has quit IRC10:06
*** yboaron has quit IRC10:07
*** salmankhan has joined #openstack-lbaas10:15
*** jarodwl has quit IRC10:25
*** cgoncalves has joined #openstack-lbaas10:27
*** yamamoto has joined #openstack-lbaas10:31
*** yamamoto has quit IRC10:39
*** cgoncalves has quit IRC10:40
*** yboaron_ has quit IRC10:41
*** yboaron_ has joined #openstack-lbaas10:41
*** cgoncalves has joined #openstack-lbaas10:42
*** sapd1_ has joined #openstack-lbaas10:52
*** yamamoto has joined #openstack-lbaas10:53
*** sapd1_ has quit IRC10:58
*** velizarx has quit IRC11:01
*** velizarx has joined #openstack-lbaas11:03
*** pbourke_ has quit IRC11:05
*** pbourke_ has joined #openstack-lbaas11:08
*** zufar has quit IRC11:23
*** dayou_ has quit IRC11:34
*** brtknr has joined #openstack-lbaas11:38
brtknrhey all, im trying to setup neutron lbaas for a kubernetes service deployed using Magnum11:38
brtknrmy kube-controller-manager is complaining with this error:
*** sapd1_ has joined #openstack-lbaas11:39
brtknranyone have any experience with this?11:39
*** sapd1_ has quit IRC11:43
*** dayou has joined #openstack-lbaas11:43
*** yamamoto has quit IRC11:47
*** yamamoto has joined #openstack-lbaas11:47
*** dayou has quit IRC11:51
*** dayou has joined #openstack-lbaas11:58
*** yamamoto has quit IRC12:04
brtknrwhat is the extent of lbaas support from kubernetes via cloud-provider=openstack?12:05
*** yamamoto has joined #openstack-lbaas12:16
sapd1Hi guys. I can't create loadbalancer with terminated https on rocky version.12:21
sapd1my boby API: {"loadbalancer":{"name":"saaaa","description":"","network_type":"external","listeners":[{"name":"Default Listener","protocol":"TERMINATED_HTTPS","protocol_port":443,"default_pool":{"session_persistence":{},"lb_algorithm":"ROUND_ROBIN","name":"Default","protocol":"HTTP","members":[{"address":"","name":"test-network-qos-policy-default","protocol_port":80,"weight":1,"network_name":""}],"healthmonitor":{"type"12:21
sapd1I receiver 400 bad request from API12:21
sapd1    "message": "Could not retrieve certificate: ['https:/barbican_api:9311/v1/containers/afa60020-fb2e-4527-8a44-4387538cec5b'] (HTTP 400) (Request-ID: req-f8014c65-c726-481b-bf85-f7be11878d11)"}12:22
*** yamamoto has quit IRC12:22
*** salmankhan has quit IRC12:24
*** salmankhan has joined #openstack-lbaas12:31
openstackgerritCarlos Goncalves proposed openstack/octavia master: Support remote debugging with PyDev
*** dayou has quit IRC12:32
sapd1cannot create listener with tls certificate12:33
*** dayou has joined #openstack-lbaas12:34
cgoncalvessapd1, check the logs between Octavia and Barbican12:53
*** dayou has quit IRC13:01
jitekasapd1: looks like missing ACLs13:12
*** dayou has joined #openstack-lbaas13:17
*** sapd1_ has joined #openstack-lbaas13:32
*** sapd1_ has quit IRC13:36
*** aojea_ has joined #openstack-lbaas13:48
*** aojea_ has quit IRC14:06
*** openstackstatus has joined #openstack-lbaas14:18
*** ChanServ sets mode: +v openstackstatus14:18
cgoncalvesjiteka, starting from Rocky, Octavia sets up ACLs on behalf of the user --
*** velizarx has quit IRC14:40
*** aojea_ has joined #openstack-lbaas14:43
jitekacgoncalves: hmm I think I remember that from last project update at Berlin yes14:44
jitekacgoncalves: but when I tried that scenario, that feature wasn't included yet14:44
jitekarm_work:  cgoncalves: that's a great improvement btw, thanks :)14:45
*** aojea_ has quit IRC14:48
*** sapd1_ has joined #openstack-lbaas14:51
*** velizarx has joined #openstack-lbaas14:54
*** KeithMnemonic has joined #openstack-lbaas14:54
*** yboaron_ has quit IRC15:01
*** yboaron_ has joined #openstack-lbaas15:02
openstackgerritMerged openstack/octavia-dashboard master: Imported Translations from Zanata
*** KeithMnemonic has quit IRC15:10
*** salmankhan1 has joined #openstack-lbaas15:11
*** salmankhan has quit IRC15:12
*** salmankhan1 is now known as salmankhan15:12
pbourke_anyone around that's using octavia in a multinode environment that could give some tips on configuring lb-mgmt-net routing?15:39
*** gcheresh has quit IRC15:57
*** yboaron_ has quit IRC16:06
*** yboaron_ has joined #openstack-lbaas16:07
johnsompbourke_ Hi, what is your question?16:13
*** gcheresh_ has joined #openstack-lbaas16:31
pbourke_johnsom: the overall process of hooking up the control plane to lb-mgmt-net is confusing me big time. Most answers seem to boil down to the ovs-vsctl add-port command seen at
*** ccamposr has quit IRC16:35
pbourke_but nothing I've tried so far has resulted in the amphorae being pingable, I wonder if I'm missing something more basic16:35
*** openstackgerrit has quit IRC16:35
johnsompbourke_ Well, by default ICMP ping is not enabled for the amphora. This is blocked by security groups, so might not be the best test.16:36
pbourke_true, though I have this open from the sec group. I can ping the amphorae from within the router namespace16:36
pbourke_its just getting at it from outside the namespace where octavia_worker is running is the issue16:36
johnsomthe lb-mgmt-net is simply a neutron network that the amphora are attached to at boot time. It is used for command and control. The control plane processes send requests to the amphora on TCP 9443 and the amphora send back heartbeats on UDP 5555 to the health manager.16:37
johnsomThere are a number of ways to set this up, but the ovs port option is the one we use in devstack and I think tripleo. OSA uses a provider network.16:38
pbourke_I thought about going the provider network route16:38
pbourke_but booting vms directly on a provider network is something that doens't seem to be commonly done, there's some other trickery needed to get that working16:38
johnsomSo, let's take a look at your port. can you do an "ip a" and "ip link" and paste the lb-mgmt-net port info from a controller?16:38
pbourke_johnsom: here's an overview of what I've tried so far along with the output from various commands
johnsomOk, give me a few minutes to catch up there. I was out of the office on Friday so haven't caught up on e-mail yet.16:40
pbourke_johnsom: sure thing, I really appreciate any input on it as I've been looking at this a few days now without much luck!16:41
*** gcheresh_ has quit IRC16:43
*** yboaron_ has quit IRC16:46
johnsompbourke_ Ok, let's look at the port on the host.  Can you paste me the output of "ip a" and "ip link" for o-hm0?16:47
johnsomAs it is now16:47
*** zufar has joined #openstack-lbaas16:52
*** yamamoto has joined #openstack-lbaas16:55
zufarHi im running octavia, but when try to create lb service, i got error in worker.log, ERROR octavia.controller.worker.controller_worker Error: [('PEM routines', 'PEM_read_bio', 'no start line'), ('SSL routines', 'SSL_CTX_use_certificate_file', 'PEM lib')]16:58
zufaranyone know what is happen? im using 3 octavia node, I think the problem is in certificate, because I am generating each server.16:58
*** yamamoto has quit IRC16:59
johnsomzufar That means your controller certificate file is bad or the wrong form.  Check this document for detailed steps on how to setup the certificates and install them.
johnsomAlso note, the certificates should be copied to each instance of your control plane (they should share the same certs here).17:00
johnsomThe details of that error is that the "-----BEGIN CERTIFICATE-----" is missing from the certificate file.17:01
zufarSo, the control plane have same certs right?17:02
zufarmaybe this is the problem, I am generating with script in each control plane17:02
*** rpittau has quit IRC17:03
pbourke_johnsom: sure, one moment17:03
johnsomzufar Yep, that might be the issue, but I don't think so as this is an error that the file is bad in general17:04
zufarbut i have no problem when using my step in single node controller (i am installing octavia in this)17:07
cgoncalvespbourke_, outputs of ip o-hm0, ovs-vsctl show and ovs dumpflow would help troubleshooting17:12
cgoncalvesopenstack network show lb-mgmt-net too17:13
pbourke_cgoncalves: can do, but I think I'm missing steps. Whats in devstack is fine for one node17:13
pbourke_in the follow up mail on the ML a guy says he had to add o-hm0 into the namespace, and assign it an ip17:13
cgoncalvespbourke_, by one node you mean all-in-node deployment?17:13
johnsompbourke_ It works the same across multiple nodes17:13
pbourke_Im just bringing up a fresh deployment so I can paste more accurate output17:14
*** khomesh has quit IRC17:18
pbourke_johnsom: cgoncalves:
pbourke_so far I've created the neutron port and the ovs port17:26
*** PagliaccisCloud has quit IRC17:26
johnsompbourke_ I would not add that tag parameter, it should figure that out from the neutron network17:27
cgoncalvespbourke_, you're setting tag=2 but ovs-vsctl shows tag=409517:27
pbourke_ok, let me try without the tag17:27
pbourke_also, I have two network nodes - only one has the router namespace17:28
pbourke_does it matter which I add the port on?17:28
cgoncalvesyeah, you shouldn't. ovs should pick whichever tag lb-mgmt-net uses17:28
johnsomCan you do "openstack subnet list | grep lb-mgmt-net"?17:28
johnsomSo this port is only added on the Octavia controller hosts. Using the OVS approach assumes neutron extended to those hosts.17:29
johnsomOk, and the openstack port create command you ran?17:31
johnsomAs well as a port show for that17:31
*** velizarx has quit IRC17:33
cgoncalvesbinding_vif_type      | binding_failed17:33
johnsomYeah, is "operator-upstream" the host your octavia install is on?17:33
*** openstackgerrit has joined #openstack-lbaas17:33
openstackgerritMerged openstack/octavia master: Allow release id to be specified with fedora
pbourke_johnsom: operator-upstream is just the host I have my clients on17:34
pbourke_johnsom: then I have 1xcompute, 3xcontrol, 2xnetwork17:34
pbourke_maybe I should take out the --host17:34
johnsompbourke_ Ok, there is a problem. you asked neutron to create the neutron port on "$(hostname)"17:34
johnsomIt should be your Octavia host17:34
pbourke_which is the octavia host though, do I pick one of the controls?17:35
johnsomThat tells neutron to extend the lb-mgmt-net over to that host and to create the port on that host in OVS17:35
pbourke_or can I just leave this arg out17:35
johnsomNo, it is critical17:35
johnsomOtherwise neutron doesn't know where to setup OVS17:36
cgoncalvesyou also have to create such port for each controller nodes17:36
pbourke_so I should use one of the network nodes?17:36
cgoncalvesif o-{cw,hm,hk} services run in network nodes, yes. create a port per network node17:37
johnsomIt doesn't have to be a full network node, but neutron needs to be present there17:37
pbourke_cgoncalves: these run on the control nodes17:37
rm_workzufar: did you figure out the health-manager ip config?17:38
pbourke_so if I create a port per controller, do I also have to create a corresponding ovs port for each?17:38
rm_workjohnsom: ugh, this multi-subnet thing is T_T17:38
rm_workI may need to rewrite that section17:39
johnsomrm_work Yes... Another big issue with the network driver....17:39
rm_workhey, i'm back on the normal network driver! :P17:39
zufarhi pbrourke_, sorry for late response17:44
rm_worktrying to figure out if is relevant or not17:44
zufarhi johnsom, its work, i am using single cert and copy to all octavia node.17:45
zufarnow my lbaas is working.17:45
pbourke_cgoncalves: johnsom: if I create a port using --host control01-upstream, its still binding failed. Using a network node seems to work17:45
zufarto create neutron port, i am following this guide,
johnsomSounds like the neutron agent isn't on control01-upstream17:46
pbourke_in a standard openstack layout it generally isn't17:46
johnsomYeah, agreed. But using the OVS method you need neutron there to extend the network over and configure OVS17:47
pbourke_maybe it sounds like I need to deploy o-{cw,hm,hk} on the network nodes17:47
zufarfor health_manager ip address, if you install octavia in many node, use
rm_workjohnsom: so, do you think I can change the CalculateAmphoraDelta to return a larger list of stuff (filtering by unique subnet, not network) and that should be OK?17:48
*** zufar has quit IRC17:49
johnsomrm_work I'm not sure, it's been a while since I looked at that stuff. I know that whoever wrote it made a ton of assumptions about networks vs. subnets that aren't necessarily valid.17:49
rm_workyeah... i'm gonna try17:58
jitekahey rm_work, got a question about to make sure I understood it correctly18:01
jitekaIt allows generating amphora on multiple availability zone but not on multiple region (on nova terminology) righyt ?18:01
xgermanha, I wrote an initoial version many years ago… but so many changes...18:02
rm_workyeah, regions are ... different18:02
jitekarm_work: thanks18:04
pbourke_johnsom: I redeployed the octavia services to be on the network nodes18:15
pbourke_created the neutron port on the first network node, and added the ovs port18:16
openstackgerritSwaminathan Vasudevan proposed openstack/neutron-lbaas stable/pike: Improve speed of listing from DB
pbourke_added the ip from the neutron port to o-hm018:18
pbourke_and the mac18:18
pbourke_still no luck pinging outside of the namespace though18:19
rm_workjohnsom: this is a really bad bug, not sure why more people haven't run into this18:19
rm_worki guess member subnets tend to be on unique networks?18:19
rm_workit's a glaringly obvious issue in devstack though, where the default setup is ipv6 and ipv4 on the same network18:20
rm_workis the statement "a neutron subnet will be ONE OF: ipv4, ipv6" true?18:20
rm_worktrying not to start with my own equally bad assumptions18:22
*** sapd1_ has quit IRC18:24
openstackgerritSwaminathan Vasudevan proposed openstack/neutron-lbaas stable/ocata: Remove unnecessary lazy-loaded queries
*** PagliaccisCloud has joined #openstack-lbaas18:34
*** salmankhan has quit IRC18:36
openstackgerritSwaminathan Vasudevan proposed openstack/neutron-lbaas stable/ocata: Improve speed of listing from DB
sapd1cgoncalves: jiteka I have checked.  There is no error log in octavia-api and barbican. I have reverted code to queens, and It's working now.18:48
sapd1Does anyone try to create load balancer with ssl certificate on rocky version.18:48
*** sapd1_ has joined #openstack-lbaas18:51
*** sapd1_ has quit IRC18:55
sapd1pbourke_: Could you get dhcp for o-hm0 port?18:56
*** sapd1_ has joined #openstack-lbaas18:58
johnsomrm_work According to this it is 4 or 6 only:
johnsomrm_work Just don't forget that a network can have lots of subnets of each type....19:03
rm_workwe need to plug each and every subnet19:09
johnsomWell, only if they are asked for.... Otherwise we are just wasting IPs19:15
rm_workeach and every subnet that's used on the lb19:17
rm_worknot all of them that exist in neutron19:17
rm_workobviously :P19:17
johnsomJust checking....19:17
johnsomlol, nicely done19:23
johnsomOk, a-rebasing I go, sorry for the spam19:23
openstackgerritMichael Johnson proposed openstack/octavia master: Add amphora statistics to the admin API
openstackgerritMichael Johnson proposed openstack/octavia master: Add flavor, flavor_profile table and their APIs
rm_workeugh.... "amp_boot_network_list" ....19:27
*** PagliaccisCloud has quit IRC19:27
rm_workwe just pick the first subnet from them AFAICT?19:27
*** aojea has joined #openstack-lbaas19:27
rm_workshould be "amp_boot_subnet_list" >_>19:28
johnsomThat was a RAX thing before my time. I still have no idea *why* it is useful to be a list19:28
rm_worki love in the tests for stuff where we make comments like "I guess we call this 3 times? not sure why"19:30
rm_work(the best part is when it's me)19:30
*** aojea has quit IRC19:33
*** aojea_ has joined #openstack-lbaas19:33
johnsomMy meme game is not up to standard, couldn't find any good "bring sanity" content19:38
rm_workI would have accepted:
rm_workbut now i think i see why19:47
rm_workthis test is bunk19:47
xgermanjohnsom: the idea of the network list was that neutron crapped out when you had more than 100 ports on a network and hence multiple were needed for big installations19:47
rm_workerr though that's not how it was used xgerman, if that's the case19:48
rm_workwe plug every network from the list19:48
johnsomxgerman Yeah, but the way that list is setup it would actually make that worse19:48
xgermanyeah, implementation error19:48
* rm_work dies19:48
xgermanthe only reason you would plug multiple nets is if you are concerned about redundancy/HA19:49
rm_workshould we just retire this? >_>19:50
rm_workI can add "amp_boot_subnet" <_<19:50
rm_workand deprecate this19:50
rm_workdo you think there's any problem switching to subnet?19:50
rm_workoh, yeah, rax19:50
rm_workor anyone using a provider network19:51
rm_worknot that RAX runs this on their public cloud (which ... does or doesn't still exist?)19:51
johnsomDoes still exist, but no is not running this19:52
rm_workbut I think it would affect anyone using a provider network for the management net19:52
*** abaindur has joined #openstack-lbaas19:53
xgermanmy provider ntes have subnets19:53
xgermanso would be fine ;-)19:53
*** aojea_ has quit IRC19:54
*** abaindur has quit IRC19:58
openstackgerritMichael Johnson proposed openstack/octavia master: Add flavor, flavor_profile table and their APIs
openstackgerritMichael Johnson proposed openstack/octavia master: Add flavors/flavor_profile api-ref
openstackgerritMichael Johnson proposed openstack/octavia master: Adds flavor support to the amphora driver
*** salmankhan has joined #openstack-lbaas20:01
*** aojea has joined #openstack-lbaas20:04
*** salmankhan has quit IRC20:06
rm_workwtf, on my old laptop, pycharm let me run specific class/method unittests20:23
rm_work like that20:23
rm_worknew pycharm install on new laptop, unittests only let me specify a script, so it's forcing me to run everything.... grrr20:24
sapd1Does flavor profile support nova flavor ?20:27
johnsomit will20:27
openstackgerritMichael Johnson proposed openstack/octavia master: Add provider driver capabilities API
johnsomsapd1 The first capability I am implementing is topology, but the others will follow on. I'm just finishing the base flavor support now.20:29
sapd1I have read your patch. It does not support now :D20:29
johnsomYeah, we will work through them once the base is in place. I don't want to overload reviewers with "all features now"... grin20:29
sapd1i'm Looking for this feature20:29
johnsomBut should make Stein20:29
jitekaI was doing some testing on adding external IP as new pool member for existing LB and was curious about something20:30
jitekaFrom what I remember, amphoras are getting their route from the management subnet they are created on but is it possible to update these routes when adding a new member ?20:30
jitekaI didn't looked at the logic yet but, I guess that --subnet-id is here ot do that update ? what about IP that doesn't belong to any neutron subnet in my deployement20:30
johnsomjiteka Tenant traffic is isolated in a network namespace and can't see the management network or routes.20:30
johnsomWhen you plug a VIP we plug that into the namespace. It gets all of the routes neutron provides, including the host routes. Same with the members. So yes, we accept IPs that are not members of a neutron network, such as As long as the subnet plugged has a route (could be default) it will go out to google.com20:32
openstackgerritMichael Johnson proposed openstack/octavia master: Add provider driver capabilities API
jitekajohnsom: ok that confirm what I had in mind20:33
jitekajohnsom: routes only come from subnet used to create the LB or member subnet provided as optional arg when creating a new member for an existing pool20:34
johnsomRight, if no subnet is provided, the VIP subnet is used20:35
jitekajohnsom: thanks for the help20:39
johnsomSure, no problem20:39
rm_workwow, i may have to go back to pycharm 2016 <_<20:40
rm_worklooks like they removed the ability to run only specific tests O_o20:41
*** aojea has quit IRC20:42
*** aojea has joined #openstack-lbaas20:44
*** yamamoto has joined #openstack-lbaas20:57
*** yamamoto has quit IRC21:01
*** salmankhan has joined #openstack-lbaas21:04
*** cgoncalves has quit IRC21:10
*** cgoncalves has joined #openstack-lbaas21:11
*** yboaron_ has joined #openstack-lbaas21:12
*** sapd1_ has quit IRC21:21
*** sapd1_ has joined #openstack-lbaas21:24
*** yboaron_ has quit IRC21:24
*** aojea has quit IRC21:28
*** aojea_ has joined #openstack-lbaas21:28
*** salmankhan has quit IRC21:36
*** sapd1_ has quit IRC21:58
*** sapd1_ has joined #openstack-lbaas22:03
*** sapd1_ has quit IRC22:07
openstackgerritMichael Johnson proposed openstack/octavia master: Add provider driver capabilities API
*** aojea_ has quit IRC22:33
openstackgerritSwaminathan Vasudevan proposed openstack/neutron-lbaas stable/pike: Updated "create_pool" method in plugin
*** rcernin has joined #openstack-lbaas22:59
rm_workjohnsom: ugh but, a single port can have multiple fixed-ips and thus multiple subnets <_<23:24
rm_workso network_id for a port is top-level, but subnet_id can exist multiple times23:25
rm_workbut we would really just add another port for an additional subnet, RIGHT?23:26
rm_workwe wouldn't want to add an additional fixed-ip to an existing port just because it shares the network?23:26
rm_workor would we?23:26
rm_workugh that would be a mess tho23:26
johnsomWe should not add more ports, we should just do the subnets23:27
rm_workso, if an additional subnet exists on an already plugged network, we need to add an additional subnet/fixed-ip to that existing port?23:27
johnsomThere should be one port per network, one or more subnet per port23:27
rm_workIE, plug member1 and member2, member1 is network ABCD and subnet 1234, member2 is network ABCD and subnet 567823:28
rm_workso our delta is: plug network ABCD with subnet 1234, and then add subnet 567823:28
rm_workaugh tho23:28
rm_workthat's going to be such a PITA23:28
rm_workugh this is a mess23:32
johnsomTwo potential pitfalls to watch out for:23:34
johnsom1. DHCP subnets mixed with fixed IP subnets gets tricky when they are on the same port in linux.23:34
johnsom2. Watch out for multiple default gateways being added.23:34
rm_workso we don't even explicitly create the port on a subnet23:34
rm_workwe just tell nova23:34
johnsomport == network23:34
rm_work"please attach this compute to this network_id"23:34
rm_workfrom what I can tell, we don't create the port tho23:35
rm_workthis is weird23:35
rm_worki'm looking at calculateDeltas and then handleDeltas23:36
rm_workwhich are back to back in the flow23:37
rm_workcalculate just makes a list of network_ids23:37
johnsomWe create those too23:37
rm_workand handle calls nova to plug with the compute_id and network_id23:37
rm_workthen to:23:38
rm_workso the call *takes* a port_id, but we didn't pass one23:39
johnsomhmmm, yeah, I see what you see23:39
rm_workso i'm not seeing how we create the port23:40
rm_workwe tell nova "hey plug this network" and it makes a port for us23:40
rm_workI think?23:40
rm_workwhich is super weird because it's *nova*, not neutron23:40
johnsomDang it, I wrote  a bad test...  argh. now to figure out how/where23:40
rm_worklater we get the port_id from the returned interface23:40
rm_workin this case i have no idea how it's even deciding which subnet to provision with23:41
rm_workwe may just be getting lucky and nova prioritizes ipv4 subnets?23:41
rm_workand no one tried ipv6? lol23:41
rm_workinterface_attach() doesn't even take a subnet_id23:43
johnsomWell, my patches test with ipv6, but I think I had to tell it to plug *all* subnets23:43
johnsomJust a second, I have to jump into my way-back machine a month or two23:44
johnsomThis patch:
rm_workk... because my ipv6 testing is showing that right right subnets don't usually get plugged :/23:44
rm_worki was just commenting on that yesterday23:45
rm_workerr, friday23:45
johnsomYou know, a patch from October....23:45
rm_workok so23:45
rm_workinstead of trying to deal with subnets23:45
rm_workwe just .... bring up *all of them all the time*?:=23:45
rm_worki guess that's simpler >_>23:45
*** yamamoto has joined #openstack-lbaas23:45
rm_workbut this is inside the amp -- do we not need to deal with it at the neutron/nova level?23:46
rm_workwe don't have to tell neutron to allow the port to have an additional subnet?23:46
johnsomIt is not the *right* answer, it is the make-it-work answer23:46
rm_workthis changes the network files we set up inside the amp, but23:47
rm_workneutron still won't have multiple subnets on the port?23:47
rm_workit's basing this on "fixed_ips", what defines that? wouldn't the IPs have to be issued from neutron / dhcp?23:48
openstackgerritAdam Harwell proposed openstack/octavia master: Bring up secondary IPs on member networks

Generated by 2.15.3 by Marius Gedminas - find it at!