Tuesday, 2019-04-02

*** hongbin has joined #openstack-lbaas		00:37
*** fnaval has quit IRC		00:43
*** yamamoto has joined #openstack-lbaas		01:02
*** yamamoto has quit IRC		01:07
*** luksky has quit IRC		01:08
*** dulek has quit IRC		01:21
*** ricolin has joined #openstack-lbaas		01:29
*** dulek has joined #openstack-lbaas		01:34
*** rcernin_ has joined #openstack-lbaas		02:05
*** rcernin has quit IRC		02:06
*** rcernin_ has quit IRC		02:12
*** rcernin has joined #openstack-lbaas		02:15
*** hongbin has quit IRC		02:57
*** hongbin has joined #openstack-lbaas		02:58
*** yamamoto has joined #openstack-lbaas		03:06
*** hongbin has quit IRC		03:12
*** psachin has joined #openstack-lbaas		03:14
*** hongbin has joined #openstack-lbaas		03:14
*** hongbin has quit IRC		03:31
*** yamamoto has quit IRC		04:06
*** yamamoto has joined #openstack-lbaas		04:06
*** yamamoto has quit IRC		04:06
*** yamamoto has joined #openstack-lbaas		04:45
*** vishalmanchanda has joined #openstack-lbaas		05:02
*** pcaruana has joined #openstack-lbaas		05:35
*** ramishra has joined #openstack-lbaas		05:38
*** yamamoto has quit IRC		05:48
*** ccamposr has joined #openstack-lbaas		06:09
*** abaindur has quit IRC		06:11
*** abaindur has joined #openstack-lbaas		06:12
*** gthiemonge has joined #openstack-lbaas		06:39
*** ivve has joined #openstack-lbaas		06:43
*** kmadac4 is now known as kmadac		06:51
*** gcheresh has joined #openstack-lbaas		07:02
*** yamamoto has joined #openstack-lbaas		07:13
*** pck has quit IRC		07:14
*** pck has joined #openstack-lbaas		07:14
*** luksky has joined #openstack-lbaas		07:15
*** rpittau\|afk is now known as rpittau		07:23
*** happyhemant has quit IRC		07:47
*** happyhemant has joined #openstack-lbaas		07:48
*** abaindur has quit IRC		08:03
*** ignaziocassano1 has joined #openstack-lbaas		08:09
ignaziocassano1	hello, any help on octavia under queens ? I configured octavia-api under haproxy and it works but in /var/log/messages I got a lot of broken pipe errors	08:09
*** salmankhan has joined #openstack-lbaas		08:10
*** salmankhan has quit IRC		08:25
johnsom	Your haproxy config likely has too low of a timeout config for your app	08:31
*** velizarx has joined #openstack-lbaas		08:40
*** velizarx has quit IRC		08:53
ignaziocassano1	Johnsom, many thanks. What configuration you suggest ?	08:57
*** velizarx has joined #openstack-lbaas		09:06
*** rcernin has quit IRC		09:11
*** sapd1_x has joined #openstack-lbaas		09:26
*** sapd1_x has quit IRC		09:46
*** zigo has joined #openstack-lbaas		09:59
*** yamamoto has quit IRC		10:01
*** yamamoto has joined #openstack-lbaas		10:14
*** yamamoto has quit IRC		10:18
dulek	cgoncalves: Okay, I have that issue I mentioned yesterday reproduced locally.	10:49
dulek	cgoncalves: Any idea where to start debugging? I check that I can reach the pool member's address directly.	10:49
*** yamamoto has joined #openstack-lbaas		10:57
cgoncalves	dulek, can you describe your deployment first? which provider driver?	11:03
*** yamamoto has quit IRC		11:03
*** yamamoto has joined #openstack-lbaas		11:03
dulek	cgoncalves: It's amphora, we're setting a simple LB that points to K8s API we deploy.	11:04
dulek	cgoncalves: At this point I see that the issue is that amphora can't reach 10.0.0.67, which is our K8s API.	11:04
dulek	cgoncalves: And that's because it doesn't have the route.	11:04
dulek	cgoncalves: And that's because even though the VM has that network attached, it doesn't show up inside amphora.	11:05
cgoncalves	dulek, master?	11:05
dulek	cgoncalves:	11:05
dulek	cgoncalves: Yup. 23a411413fbad6e96ed6b3c3ec3876cba3d8f4fd seems suspicious?	11:06
*** numans has joined #openstack-lbaas		11:06
cgoncalves	I hope not	11:06
cgoncalves	dulek, ubuntu or centos amp?	11:07
dulek	cgoncalves: Uhm… Whatever is the default.	11:07
dulek	So probably Ubuntu?	11:07
cgoncalves	yes	11:07
dulek	cgoncalves: networking.service is down on that amp.	11:08
dulek	Let's see what happens if I restart it…	11:09
dulek	Ha, wonderful, it dies.	11:09
cgoncalves	dulek, I have a devstack master from yesterday. I'll test it	11:09
dulek	cgoncalves: Hm I see "Cannot find device "eth0"" in networking logs.	11:10
cgoncalves	oops! houston, we have a problem with centos amps	11:17
*** yamamoto has quit IRC		11:17
dulek	cgoncalves: Uh, but mine's Ubuntu. :P	11:17
dulek	cgoncalves: BTW - 16.04? Really?	11:18
cgoncalves	one thing at a time :)	11:18
cgoncalves	FYI, this is the issue I'm facing now: https://storyboard.openstack.org/#!/story/2005341	11:21
dulek	cgoncalves: Ha, I told you that change was suspicious. xD	11:25
*** openstackgerrit has joined #openstack-lbaas		11:31
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: Fix VIP plugging on CentOS-based amphorae https://review.openstack.org/649282	11:31
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: Fix VIP plugging on CentOS-based amphorae https://review.openstack.org/649282	11:33
cgoncalves	dulek, your amphora is xenial or bionic?	11:35
dulek	cgoncalves: 16.04, so xenial.	11:35
dulek	cgoncalves: It's built by master.	11:36
cgoncalves	yep. building one	11:36
openstackgerrit	Michał Dulko proposed openstack/octavia master: WiP: Revert "Fix ifup failures on member interfaces with IPv6" https://review.openstack.org/649283	11:37
dulek	cgoncalves: I only intend to try this in Kuryr gates to see if it's the culprit. ^	11:37
*** yamamoto has joined #openstack-lbaas		11:42
*** celebdor has quit IRC		11:45
cgoncalves	ok	11:47
*** lemko has joined #openstack-lbaas		11:47
*** goldyfruit has quit IRC		11:57
*** ignaziocassano1 has quit IRC		11:57
openstackgerrit	Carlos Goncalves proposed openstack/octavia master: Fix VIP plugging on CentOS-based amphorae https://review.openstack.org/649282	11:59
*** yamamoto has quit IRC		11:59
*** yamamoto has joined #openstack-lbaas		12:00
*** yamamoto has quit IRC		12:07
*** boden has joined #openstack-lbaas		12:10
*** sapd1_x has joined #openstack-lbaas		12:10
dulek	cgoncalves: Hm, unless my local amphora was somehow cached, it seems like revert doesn't help. :(	12:18
cgoncalves	dulek, rm -rf /opt/stack/octavia/diskimage-create/amphora*	12:18
dulek	cgoncalves: So it's cached? Okay, so let's see if that revert upstream will help.	12:19
dulek	cgoncalves: Meanwhile had you reproduced the issue?	12:20
cgoncalves	dulek, no. I was commuting.	12:21
dulek	cgoncalves: Okay, cool. I'll try to poke amphora's internals a bit to make it detect that interface.	12:22
*** celebdor has joined #openstack-lbaas		12:23
*** trown\|outtypewww is now known as trown		12:24
*** yamamoto has joined #openstack-lbaas		12:33
dulek	cgoncalves: Taking a peek at the gate logs says that revert probably won't help. The cause must be different…	12:42
*** trident has quit IRC		13:30
*** trident has joined #openstack-lbaas		13:33
*** Vorrtex has joined #openstack-lbaas		13:54
*** vishalmanchanda has quit IRC		13:55
*** yamamoto has quit IRC		14:01
*** yamamoto has joined #openstack-lbaas		14:04
*** yamamoto has quit IRC		14:04
*** yamamoto has joined #openstack-lbaas		14:05
*** sapd1_x has quit IRC		14:08
*** sapd1_x has joined #openstack-lbaas		14:22
*** velizarx has quit IRC		14:26
*** velizarx has joined #openstack-lbaas		14:40
dulek	cgoncalves: Hey, so maybe you want to get access to a VM in which I have that issue?	14:40
*** gcheresh has quit IRC		14:42
cgoncalves	dulek, sure	14:53
*** velizarx has quit IRC		14:59
*** fnaval has joined #openstack-lbaas		15:01
cgoncalves	PSA: on going issues with ubuntu mirrors affecting CI and local deployments	15:02
*** velizarx has joined #openstack-lbaas		15:05
*** vishalmanchanda has joined #openstack-lbaas		15:10
dulek	cgoncalves: Okay, get me your SSH key and let's see if you'll be able to find anything. :)	15:11
cgoncalves	dulek, https://github.com/cgoncalves.keys	15:12
dulek	cgoncalves: ssh stack@38.145.34.144	15:13
dulek	cgoncalves: I have a tmux session in which I'm logged to amphora.	15:14
cgoncalves	dulek, you have a bad ip route in the amp	15:23
dulek	cgoncalves: Yeaaah, it seems so. But why?	15:24
cgoncalves	your member (10.0.0.122) is in same VIP network and route was 10.0.0.128/26	15:24
dulek	cgoncalves: I assume you looked at the amphora-haproxy netns?	15:24
cgoncalves	yes	15:24
cgoncalves	private-subnet \| 787672b3-794e-4e1f-ac86-e9a8f609d89a \| 10.0.0.0/26	15:24
cgoncalves	amphora is respecting the subnet range	15:25
dulek	cgoncalves: Okay, so I'll try apuimedo's idea and add --subnet-id to member creation.	15:25
dulek	cgoncalves: But what had changed recently? I'm pretty sure all this worked fine until recently.	15:25
cgoncalves	hmm, on a second thought, shouldn't the route have been 10.0.0.0/26? /me looks	15:26
dulek	cgoncalves: So the LB is on k8s-service-subnet. And the member is on k8s-pod-subnet.	15:26
dulek	cgoncalves: So don't look at private-subnet, we don't use it.	15:27
cgoncalves	ah, haven't seen there was other 10.0.0.X subnets	15:28
*** velizarx has quit IRC		15:30
dulek	cgoncalves: I want to try to remove that member and add another one with --subnet-id specified.	15:30
dulek	cgoncalves: Should I wait until you finish something?	15:30
cgoncalves	yeah, I was checking that	15:31
cgoncalves	k8s-pod-subnet \| c54387a7-8b72-4a67-8fa1-5f9bd6e46b4d \| 10.0.0.64/26	15:31
cgoncalves	k8s-service-subnet \| 6e20720d-9171-43f0-8a2e-e345c799d577 \| 10.0.0.128/26	15:31
*** velizarx has joined #openstack-lbaas		15:31
cgoncalves	both on different networks	15:31
cgoncalves	since you created the member without specifying the subnet, it might have assumed it was on the same network and hence didn't plug	15:32
cgoncalves	dulek, please recreate with --subnet-id set	15:32
dulek	cgoncalves: Okay, going for it	15:32
*** ccamposr has quit IRC		15:33
dulek	Hm, not that it works but at least amp has one more interface now. ;)	15:35
*** ivve has quit IRC		15:35
cgoncalves	that might be my fault because I changed an ip route	15:37
dulek	cgoncalves: So even though Amphora now has access to that 10.0.0.64/26 network, it still doesn't connect to 10.0.0.122	15:37
dulek	cgoncalves: Oh yes, I see.	15:38
dulek	Hm, but no, it should still fall on the correct one, right? Smaller are preferred.	15:38
*** velizarx has quit IRC		15:40
dulek	cgoncalves: Well, seems like there's still some issue. SG's?	15:41
cgoncalves	dulek, checking while multi-tasking	15:44
*** sapd1_x has quit IRC		15:44
johnsom	It has always been that if you don’t specify the subnet for a member it uses the VIP subnet.	15:44
cgoncalves	right. dulek specified the subnet now and he got a new interface plugged	15:45
dulek	johnsom: Sure, it makes sense. But for some reason it was working for us and suddenly stopped. :P	15:45
cgoncalves	dulek, what have you folks changed on your side? ;)	15:46
dulek	Though there's still no connectivity to our member IP. :(	15:46
cgoncalves	that is the real question	15:46
dulek	cgoncalves: Let me go through the git log real quick…	15:46
cgoncalves	dulek, I'll reboot the amp just to check something, k?	15:47
dulek	cgoncalves: Sure!	15:47
cgoncalves	hopefully it boots up in less than 60 seconds	15:47
dulek	cgoncalves: Oh, I doubt it, this is RDO cloud, so no nested virt. :P	15:48
dulek	cgoncalves: There's nothing in kuryr-kubernetes git log that could possibly cause this.	15:48
dulek	cgoncalves: Note that this is an issue on DevStack plugin level.	15:48
cgoncalves	dulek, I don't follow	15:49
cgoncalves	health manager triggered amphora failover	15:50
dulek	cgoncalves: I mean we see the issue before any Kuryr service is started. So only patches affecting the DevStack plugin could possibly cause this regression.	15:50
dulek	cgoncalves: At least when we talk about kuryr-kubernetes patches. ;)	15:50
dulek	cgoncalves: Seems like it still doesn't work?	15:54
cgoncalves	I was distracted confirming a bug johnsom might have introduced :P	15:55
johnsom	We need functional centos gates...	15:56
cgoncalves	johnsom, indeed! I gave a first shot at adding a work around to the systemd bug until update package is released	15:58
cgoncalves	https://review.openstack.org/#/c/643752/	15:58
cgoncalves	while it passes CI, it's not actually fixing anything. job time is still quite high, expected it to be ~1h30	15:59
openstackgerrit	Vishal Manchanda proposed openstack/octavia-dashboard master: Drop nodejs4 jobs https://review.openstack.org/649380	16:03
*** velizarx has joined #openstack-lbaas		16:04
openstackgerrit	Gregory Thiemonge proposed openstack/octavia master: Fix spare amphora check and creation https://review.openstack.org/649381	16:09
openstackgerrit	Gregory Thiemonge proposed openstack/octavia master: Fix invalid query selector with list_ports https://review.openstack.org/649382	16:12
*** velizarx has quit IRC		16:14
cgoncalves	dulek, are you curling or something? there's traffic between amphora and member	16:15
dulek	cgoncalves: Hm, no.	16:18
dulek	cgoncalves: Oh, but Kuryr services are trying to constantly connect to that LB.	16:18
dulek	cgoncalves: So that might be why you see it.	16:18
*** velizarx has joined #openstack-lbaas		16:18
cgoncalves	dulek, let's kill the noise please	16:20
dulek	cgoncalves: Okay, just a sec,	16:21
dulek	cgoncalves: Done.	16:22
cgoncalves	thanks	16:22
*** velizarx has quit IRC		16:22
*** rpittau is now known as rpittau\|afk		16:24
*** velizarx has joined #openstack-lbaas		16:27
*** celebdor has quit IRC		16:31
cgoncalves	dulek, on and off in this. there's a TCP SYNC going out from amphora eth2 but no SYNC ACK back. how can I open a console with the member?	16:33
*** ramishra has quit IRC		16:34
dulek	cgoncalves: Console with the member? Well, it's not really a VM or container.	16:34
dulek	cgoncalves: https://github.com/openstack/kuryr-kubernetes/blob/3e3ed9dbb31133b5175ff792a9636603b2df95e1/devstack/lib/kuryr_kubernetes#L64-L96	16:35
cgoncalves	dulek, ok. I want to do a packet capture on whatever is closer to the member	16:35
dulek	cgoncalves: How about listening on kubelet301ba6f interface?	16:36
dulek	cgoncalves: As from the host 10.0.0.122:443 is reachable, then that should be the place to look.	16:36
*** velizarx has quit IRC		16:46
openstackgerrit	Vishal Manchanda proposed openstack/neutron-lbaas-dashboard master: Drop nodejs4 job https://review.openstack.org/649399	16:47
*** trown is now known as trown\|lunch		16:50
dulek	cgoncalves: So no findings?	17:09
cgoncalves	dulek, I can see the TCP SYN also in the tap device in the hypervisor	17:10
cgoncalves	dulek, looking at SG of the kube port, it seems traffic is not allowed in ingress	17:12
cgoncalves	dulek, add SG rule and retry	17:12
cgoncalves	\| \| created_at='2019-04-02T11:55:54Z', description='k8s service subnet allowed', direction='ingress', ethertype='IPv4', id='7c7db1cd-d123-4c64-9453-bfe2001b24ce', protocol='tcp', remote_ip_prefix='10.0.0.128/26', updated_at='2019-04-02T11:55:54Z' \|	17:12
cgoncalves	either this is not what you want or you also want to allow 10.0.0.64/26	17:13
dulek	cgoncalves: Damn, it worked. But what changed over the weekend?! :P	17:15
*** ricolin has quit IRC		17:17
dulek	Intuition tells me that two distinct issues - missing subnet-id when creating a member and that SG problem must be caused by a single thing.	17:18
dulek	Oh, I think I might see a connection here…	17:20
openstackgerrit	Carlos Goncalves proposed openstack/octavia-tempest-plugin master: Add a scenario test for spare pool https://review.openstack.org/634988	17:22
*** velizarx has joined #openstack-lbaas		17:26
*** velizarx has quit IRC		17:43
*** velizarx has joined #openstack-lbaas		17:49
*** velizarx has quit IRC		17:51
*** velizarx has joined #openstack-lbaas		17:53
*** trown\|lunch is now known as trown		17:55
*** psachin has quit IRC		17:55
*** goldyfruit has joined #openstack-lbaas		18:09
*** lemko has quit IRC		18:17
*** celebdor has joined #openstack-lbaas		19:30
*** velizarx has quit IRC		19:31
*** ianychoi has quit IRC		19:32
*** ianychoi has joined #openstack-lbaas		19:33
*** vishalmanchanda has quit IRC		19:35
*** velizarx has joined #openstack-lbaas		19:36
openstackgerrit	Gaëtan Trellu proposed openstack/octavia master: [diskimage-create] Fix qemu-utils package name https://review.openstack.org/649438	19:43
openstackgerrit	Gaëtan Trellu proposed openstack/octavia master: [diskimage-create] Fix qemu-utils package name https://review.openstack.org/649438	20:00
*** Vorrtex has quit IRC		20:05
*** velizarx has quit IRC		20:06
lxkong	johnsom, rm_work, need your help on this https://storyboard.openstack.org/#!/story/2005348, one of our private cloud is using provider network to bootstrap load balancers, but it keeps failing of this error. It's very hard to know the reason with the log.	20:16
xgerman	probably need the logs on the amphora as well...	20:18
xgerman	since this is where the server error occurs...	20:18
*** blake has joined #openstack-lbaas		20:21
lxkong	xgerman: at least in the worker log, we should see the exception message from the amphora	20:22
lxkong	but in octavia.amphorae.drivers.haproxy.exceptions.check_exception, it's hiding	20:23
lxkong	xgerman: btw, unrelated question, does octavia support multiple certs when doing l7 load balancing?	20:24
xgerman	we support sni	20:29
xgerman	if that’s what you mean with multiple certs ;-)	20:30
*** pcaruana has quit IRC		20:30
xgerman	yeah, it show it in the worker logs but your snippet only shows the internal server error - so was wondering about that	20:30
xgerman	aka we should fix that… most of our errors are not internal server so this is likely a bug :-(	20:31
lxkong	xgerman: exactly	20:31
johnsom	lxkong: The error details are logged above that message in the log.	20:34
lxkong	johnsom: i am afraid i didn't see that :-( i can double check given it's very easy to make this error.	20:36
johnsom	lxkong It should say: "Amphora agent returned unexpected result code" followed by the details	20:40
johnsom	https://github.com/openstack/octavia/blob/master/octavia/amphorae/drivers/haproxy/exceptions.py#L37	20:41
lxkong	hmm....	20:42
lxkong	we are in stable/queens	20:43
johnsom	Yeah, it is the same in queens	20:43
lxkong	really?	20:43
johnsom	https://github.com/openstack/octavia/blob/stable/queens/octavia/amphorae/drivers/haproxy/exceptions.py#L37	20:43
* lxkong goes to update the stable branch		20:43
lxkong	yes, you are right	20:44
lxkong	we should do upgrade	20:44
lxkong	johnsom: thanks	20:44
* lxkong goest to stand up meeting and then mark the story invalid		20:44
johnsom	lxkong I can do it for you	20:45
johnsom	I wonder if we have not released that yet.... I know we were blocked on doing a queens release for a while. Let me check that too	20:48
lxkong	thanks johnsom	21:02
johnsom	lxkong I think we haven't done a release with that in it yet. We want to do that soon though	21:02
lxkong	johnsom: that's fine, my suggestion to our release team just now was we upgrade directly to Stein if possible	21:03
lxkong	we are also keen for the tags feature	21:03
*** blake has quit IRC		21:03
johnsom	Ha, ok. We haven't release that yet either, but there is an RC1 out	21:03
lxkong	that's not a problem for us, we are building debian packages from the source code :-)	21:04
*** trown is now known as trown\|outtypewww		21:04
*** goldyfruit has quit IRC		21:26
*** luksky has quit IRC		21:32
*** boden has quit IRC		21:39
*** blake has joined #openstack-lbaas		22:01
*** blake has quit IRC		22:01
*** abaindur has joined #openstack-lbaas		22:04
*** abaindur has quit IRC		22:08
*** fnaval has quit IRC		22:10
*** rcernin has joined #openstack-lbaas		22:25
*** goldyfruit has joined #openstack-lbaas		22:33
lxkong	johnsom: any chance you know the reason of `SIOCADDRT: Invalid argument\nFailed to bring up eth1`?	22:48
lxkong	the vip subnet is on a neutron provider network	22:49
johnsom	Not off my head.	22:50
lxkong	ok	22:52
openstackgerrit	Merged openstack/octavia master: Add support to the Python Visual Studio Debugger https://review.openstack.org/645280	22:55
*** celebdor has quit IRC		23:22
*** goldyfruit has quit IRC		23:55

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!