Thursday, 2019-01-24

Dinesh_Bhorcgoncalves: Hi, does octavia requires L2 connectivity for controller and load balancer VMs- amphora ?03:50
johnsomNo, it can be routed.03:51
Dinesh_Bhorjohnsom: ok thank you, In our production environment we actually don't provide L2 connectivity to our VM's. We use CLOS based network which ensures all vm's have L3 reachability to each other.04:30
johnsomYeah, the controller to amp and back is routable. The only issue you could have is if a failover can’t get the vip back04:32
Dinesh_Bhorjohnsom:  >>The only issue you could have is if a failover can’t get the vip back.  - -> How octavia does this now? Do you recommend any solution for us with l3 connectivity.04:35
*** hongbin has joined #openstack-lbaas04:35
johnsomCheck with rm _work,04:36
johnsomHe has done a pure l3 deployment before04:36
Dinesh_Bhorrm_work: Hey do you have any opinion on this^^04:36
*** Dinesh_Bhor has joined #openstack-lbaas09:36
*** salmankhan has joined #openstack-lbaas10:29
*** salmankhan1 has joined #openstack-lbaas10:33
*** salmankhan has quit IRC10:35
*** salmankhan1 is now known as salmankhan10:35
*** mkuf has joined #openstack-lbaas12:34
*** mkuf_ has quit IRC12:37
*** trown|outtypewww is now known as trown13:13
*** yboaron_ has quit IRC13:36
*** yboaron_ has joined #openstack-lbaas13:36
*** yamamoto has joined #openstack-lbaas13:40
*** yboaron_ has quit IRC14:07
*** yboaron_ has joined #openstack-lbaas14:08
*** salmankhan has joined #openstack-lbaas14:30
*** yboaron_ has quit IRC14:52
*** salmankhan has quit IRC14:55
*** salmankhan has joined #openstack-lbaas14:56
cgoncalvesthese two patches depend one another15:39
cgoncalvesjohnsom, rm_work: if you have 2 minutes to revisit :)15:39
*** velizarx has quit IRC17:09
*** yamamoto has joined #openstack-lbaas17:13
*** eaayoata has joined #openstack-lbaas17:17
*** yamamoto has quit IRC17:18
eaayoataHey guys! Is it okay to ask noobie Octavia related questions here ? :))17:20
johnsomYes, of course!17:20
eaayoataawesome ! I am trying to create a LB but for some reason I am getting:17:22
eaayoataoctavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: ConnectTimeout: HTTPSConnectionPool(host='', port=9443): Max retries exceeded with url: /0.5/info (Caused by ConnectTimeoutError(<urllib3.connection.VerifiedHTTPSConnection object at 0x7ff7e379ebd0>, 'Connection to timed out. (connect timeout=10.0)'))17:22
eaayoatathe instance is working (Active state) but looks like it's not accessible17:22
eaayoataI can't ping ''17:23
eaayoataand the port is down too..17:23
eaayoataI am creating the LB from another project, I know that Octavia is using lb-mgmt-net which seems okay...17:26
johnsomOk, so those warning messages are normal, the controller will retry to connect to the amphora (service VM) for a long time.17:27
johnsomBasically it is waiting for nova to finish booting the service VM.17:27
johnsomSince Nova will say "ACTIVE" when it *starts* to boot the VM, we have to pool the actual instance to see when it finishes booting.17:27
johnsomIf you load balancer  when into provisioning_status "ACTIVE" that means it did eventually finish booting and the warnings should have stopped.17:28
johnsomAlso of note, the lb-mgmt-net is a private network that is only used for command and control messages between the controllers and the amphora. No tenant/VIP traffic crosses that network.17:29
johnsomWhen you create a load balancer, you specify the VIP network or subnet and optionally an IP address. This is where the load balancer listens for requests. This can be any network/subnet the tenant has access to, such as public-subnet or something they create.17:30
johnsomWhen you try to curl the VIP address, you need to make sure the network you are on can reach that VIP network and address.17:31
johnsomYou cannot PING this address, as it is disabled in the security group. However, when you add a listener (the port to listen on), you will be able to curl the VIP address and listener port and you should get back a 503 message saying there are no members defined yet.17:32
johnsomThat will show you have a working load balancer.17:34
eaayoatathank you very much for the detailed explanation!17:34
johnsomSure, no problem. I hope that helped.  Sorry for the typo-s, still getting my coffee and haven't another side conversation...17:35
eaayoatahaha I understand, I am afraid that even though the VM becomes Active, the LB is still not working let me check that this is the case17:36
johnsom"openstack loadbalancer list" will show the status of the load balancer17:36
johnsomIf that is "provisioning_status" ACTIVE, the load balancer is functional17:37
eaayoata Provisioning Status Error17:37
eaayoatawhen I go to Ports17:37
eaayoatathe port status is Down17:38
johnsomOk, so that means nova failed to bring it up or the lb-mgmt-net networking isn't working and the controller could not reach the amphora service VM.17:38
johnsomThe port down is normal. There are two ports assigned to the amphora instance. One is a real port, on is a "allowed-address-pairs" port. One is up, the other is down in normal operations.17:38
eaayoata network:dhcp  is UP17:39
johnsomThe "allowed address pairs" port is a fake neutron port that is basically how neutron handles secondary IP addresses on ports.17:39
eaayoata network:router_interface17:39
eaayoatais up17:39
eaayoataI see17:39
eaayoatajust want to say thanks again for your assistance because I have been trying to figure this out for 2 days now :(17:40
eaayoataotherwise - openstack is really awesome especially when I combine it with terraform17:40
johnsomYou should have one "octavia-lb-<uuid>" port and one "octavia-lb-vrrp-<uuid>" port per amphora instance.17:40
johnsomThe vrrp one is down, the other is up17:41
johnsomOh, woops, no other  way around.17:41
johnsomSorry you have been having trouble, but we are happy to help get you going.  So this is a full openstack deployment and not devstack?17:42
eaayoatait's devstack forgot to clarify17:43
johnsomOh! are you using neutron-lbaas?17:43
eaayoataone of the ports is from previous attempt17:43
johnsomThat is a whole different scenario, which BTW is deprecated and being retired completely in September.17:44
eaayoataI think so yes, I followed
eaayoataok now I am confused ? :D it is using the octavia plugin ?17:44
johnsomOh, geez, yet another place that has old neutron-lbaas docs.  Thanks for the link, I need to go fix that.17:45
johnsomYeah, so the history here.  Octavia started as a plugin to neutron-lbaas. We realized quickly that neutron-lbaas had some limitations, so we worked to spin Octavia out into it's own service and run standalone.17:46
johnsomHere is an FAQ:
eaayoataI see ... if I may ask, what are my options with devstack + octavia then ?17:48
johnsomIt is fully supported and native with devstack.  Just a second and I will paste a localrc17:48
johnsomThat is the local.conf or localrc I use everyday17:51
johnsomIt will fire up octavia and configure everything for you automatically.17:51
eaayoatathanks a lot ! so I should get a fresh vm and run ./ I suppose ?17:51
johnsomYou will use "openstack loadbalancer" commands instead of "neutron" commands17:52
johnsomSad to say, that is probably the best option.17:52
eaayoatayes I totally understand and prefer that option17:52
eaayoatabut! I am still able to use those commands now...17:52
eaayoatais that normal ?17:52
johnsomYes, in that it is using the new octavia API, but you will see dependencies between the neutron command and the openstack command if you don't setup neutron-lbaas in compatibility mode.17:53
eaayoataokay... I understand now17:54
johnsomI am going to go fix that page right now.  Sigh, I thought we got all of them.17:54
eaayoatalooks like you got something useful from me too :P17:54
johnsomYes, thank you!17:55
eaayoatathanks a lot again, I will try to17:55
eaayoatacreate a new vm and run ./ with17:55
eaayoatayour file17:55
eaayoatais it possible to also enable the LoadBalancer UI with localrc ?17:55
johnsomWe will be here to help if you run into any issues17:55
eaayoatamuch appreciated !17:56
johnsomI think so, originally there was a tricky horizon command or two you had to run, but I think that got fixed that the devstack plugin runs it for you now. Just a second, I can probably figure out what you need to add to that localrc for the dashboard.17:57
eaayoatadon't worry! It's not very complicated17:58
eaayoataI was just wondering :)))17:58
johnsomTry this one:17:58
johnsomOpps, no, typo17:58
eaayoataokay, thank you :))17:59
johnsomThat should install the octavia dashboard in horizon17:59
johnsomFull disclosure, I haven't tried the dashboard devstack plugin, so I'm assuming it is working. We have some good folks that work on it.18:01
* johnsom notes, he should try that....18:01
johnsomeaayoata FYI:
rm_workDinesh_Bhor left :(19:19
johnsomFYI, I have tried to capture any major tempest test gaps in stories:19:30
eaayoataHey Johnsom :) Can I ask you a question ?19:54
johnsomSure thing19:54
eaayoataI am getting the following error while running ./ on ubuntu 16.04:19:55
eaayoata(towards the end of the script)19:58
eaayoatatried  unstack + clear19:59
eaayoataand then stack again19:59
eaayoatawas wondering if you have seen it before and what distribution you're using19:59
johnsomThat is super odd. I'm running both  16.04 and 18.04 right now20:00
johnsomOur gates run those two as well20:01
eaayoatait's just my luck :D20:02
eaayoataI'll try to cleanup everything and run it once more..20:02
johnsomSo, wait a minute, there is no error there. is it failing somewhere else?20:02
johnsomThat is just the command line echo20:03
johnsomAlso, fyi, there is that doesn't have all the ads20:04
eaayoataI wanted to give you a bigger stack trace but I ran the script again20:06
eaayoataI'll definetly use :))20:06
eaayoataI'll let you know how it goes this tie20:06
johnsomOk, I am guessing there is a missing package somewhere20:07
eaayoataJohnsom, trying on 18.04 now, got some curl 503 erros with g-api service during install, so I went for a fresh start :))21:00
johnsomOk. I just recently switched my primary devstack VM over to 18.0421:01
eaayoataI notice the USE_PYTHON3=True line in the localrc file, I was wondering if that's mandatory ? :)21:18
johnsomMight be on 18.04 if you didn't install the python 2 stuff21:18
johnsomI use python3 on 18.0421:18
eaayoataI see21:18
eaayoatais the master branch for all the repos stable ?21:19
johnsomUsually, yes. All patches have to go through gate tests before they merge.21:20
eaayoatasounds good!21:20
johnsomIf you look at this patch that recently merged, You will see all of the test suites we run for each patch.21:21
colin- this won't accept anything besides an IP, right? (fqdn)21:29
johnsomCorrect, it is IP only as we disable DNS in the amphora. They don't have a guaranteed route to a DNS server, etc.21:30
johnsomPlus, disabling DNS speeds things up21:31
colin-oh, duh21:31
colin-thanks johnsom21:31
colin-didn't consider its ability to resolve by default21:32
eaayoataJohnsom :/21:41
eaayoatasame error...21:42
eaayoatajust  a sec21:42
eaayoataI'll paste /var/log/dib-build/amphora-x64-haproxy.qcow2.log as well21:44
johnsomeaayoata It looks like the dib-build log got truncated. How about the tail -n 500 of that file21:48
eaayoatasure, just a moment21:50
johnsomThis is the key:21:54
johnsomSo, somehow DIB has a missing dependency....21:54
johnsomWe use the diskimage-builder project to build the VM OS image.21:55
johnsomDo an "apt-get install python-yaml21:55
johnsomI'll see if I can fix that or open a bug for them21:56
eaayoata.....thank you so much ! I think I set a record this week, have more than 30 vms created and devstack install runs :D21:57
johnsomConsider it "experience"21:57
eaayoatayes! learning a lot :))21:57
eaayoataare you based in Europe ? Where should I send the beers :P21:57
johnsomHa, no I'm in Oregon is the states21:58
eaayoataI see :))21:59
johnsomThough there are folks here that are in Europe.21:59
eaayoatanice :)) let me know if you visit !22:00
johnsomWhere are you located?22:00
eaayoataCopenhagen :) by the way - a stupid question but is it safe to run ./ without ./ before that (in this case)22:00
johnsomNice. Um, no. If I restack, I usually do "./; ./"22:01
eaayoataI suppose it's always better to run ./unstack.sh22:01
johnsomThat is the most reliable method I have found. Unstack sometimes has issues22:01
eaayoatanoted !22:02
johnsomI do that about 20 times a day while reviewing code and such.  I can usually restack in about 10 mintues22:03
eaayoatawow :D nice!22:03
*** salmankhan has joined #openstack-lbaas22:17
eaayoataI'll create a subnet and LB22:30
eaayoataI think it worked!!!22:55
eaayoataBut I don't understand something22:56
eaayoatawhy under my subnet ports the octavia port is with status Down ?22:56
johnsomThis goes back to the "allowed address pairs" discussion I gave earlier today.22:57
johnsomIf you look at your port list, there will be "octavia-lb-vrrp-", which will be ACTIVE.22:58
johnsomIt will also have an "allowed address pairs defined.22:58
johnsomIf you look at that port, it will be "octavia-lb-" and be "DOWN".22:59
johnsomThis is because it's a "fake" or artificial port in neutron that represents the secondary IP address22:59
johnsomyep, looks right23:00
eaayoataawesome.. thank you so much for all the clarifications and patience !23:00
johnsomSure, sorry it was a struggle to get it going.23:00
eaayoatanot at all! :))23:00
