Wednesday, 2019-05-01

« Tuesday, 2019-04-30 Index Thursday, 2019-05-02 »
*** mithilarun has joined #openstack-lbaas00:59
*** mithilarun has quit IRC01:00
*** mithilarun has joined #openstack-lbaas01:01
*** mithilarun has quit IRC01:30
*** mithilarun has joined #openstack-lbaas01:33
*** mithilar_ has joined #openstack-lbaas01:36
*** mithilarun has quit IRC01:38
*** mithilar_ has quit IRC01:41
*** yamamoto has quit IRC02:29
*** yamamoto has joined #openstack-lbaas03:12
*** yamamoto has quit IRC03:18
*** yamamoto has joined #openstack-lbaas03:48
*** psachin has joined #openstack-lbaas04:23
*** yamamoto has quit IRC04:47
*** AlexStaf has joined #openstack-lbaas05:00
*** yamamoto has joined #openstack-lbaas05:02
*** yamamoto has quit IRC05:29
*** yamamoto has joined #openstack-lbaas05:41
*** yamamoto has quit IRC05:46
*** yamamoto has joined #openstack-lbaas05:47
*** AlexStaf has quit IRC05:55
*** yamamoto has quit IRC06:06
*** yboaron has joined #openstack-lbaas06:08
*** yamamoto has joined #openstack-lbaas06:31
*** gcheresh has joined #openstack-lbaas06:34
*** yamamoto has quit IRC06:36
*** yamamoto has joined #openstack-lbaas07:10
*** pcaruana has joined #openstack-lbaas07:14
*** yboaron has quit IRC07:21
*** numans has joined #openstack-lbaas07:47
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-lbaas-dashboard stable/stein: Imported Translations from Zanata  https://review.opendev.org/65662007:54
zigonmagnezi: johnsom rm_workm: What am I suppose to see in the Amphora /var/lib/octavia/certs folder? Because for me, it's empty there ...07:59
zigoIn the amphora-agent.log, I get this:07:59
zigo[2019-05-01 07:58:35 +0000] [694] [DEBUG] Invalid request from ip=::ffff:192.168.104.1: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2488)07:59
zigo[2019-05-01 07:58:35 +0000] [694] [DEBUG] Failed to send error message.07:59
zigoand in octavia-worker.log, this:08:00
zigo2019-05-01 07:59:55.952 4976 WARNING octavia.amphorae.drivers.haproxy.rest_api_driver [-] Could not connect to instance. Retrying.: requests.exceptions.SSLError: HTTPSConnectionPool(host='192.168.104.248', port=9443): Max retries exceeded with url: /0.5/info (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))08:00
zigoThis happened with both the Ubuntu image created with DIB, and the Amphora image I created with my own script.08:00
zigoHow can I check further what's going on?08:00
zigo(note: I'm running with Debian Buster and Stein)08:00
*** AlexStaf has joined #openstack-lbaas08:00
*** yamamoto has quit IRC08:08
*** psachin has quit IRC08:20
*** yboaron has joined #openstack-lbaas08:25
*** yamamoto has joined #openstack-lbaas08:25
*** yboaron_ has joined #openstack-lbaas08:28
*** yamamoto has quit IRC08:28
*** yboaron has quit IRC08:31
*** yamamoto has joined #openstack-lbaas09:12
*** yamamoto has quit IRC09:18
*** yamamoto has joined #openstack-lbaas09:24
*** yamamoto has quit IRC09:31
*** yamamoto has joined #openstack-lbaas10:12
*** yamamoto has quit IRC10:17
*** mithilarun has joined #openstack-lbaas11:53
*** mithilarun has quit IRC12:12
*** mithilarun has joined #openstack-lbaas12:12
*** mithilarun has quit IRC12:17
*** ianychoi_ has quit IRC12:35
*** ianychoi_ has joined #openstack-lbaas12:35
*** pcaruana has quit IRC12:49
*** yamamoto has joined #openstack-lbaas12:52
*** pcaruana has joined #openstack-lbaas12:54
*** ccamposr has quit IRC12:58
*** ianychoi_ has quit IRC13:00
*** yamamoto has quit IRC13:31
*** AlexStaf has quit IRC13:36
*** ianychoi has joined #openstack-lbaas13:42
*** mithilarun has joined #openstack-lbaas13:49
*** yamamoto has joined #openstack-lbaas14:09
*** AlexStaf has joined #openstack-lbaas14:13
*** yamamoto has quit IRC14:17
*** yamamoto has joined #openstack-lbaas14:18
*** AlexStaf has quit IRC14:18
*** Vorrtex has joined #openstack-lbaas14:20
openstackgerritMerged openstack/octavia master: Make amphora cert validity time configurable  https://review.opendev.org/65640414:47
*** gcheresh has quit IRC14:57
*** dims has quit IRC15:09
*** yamamoto has quit IRC15:09
*** dims has joined #openstack-lbaas15:17
*** mithilarun has quit IRC15:27
*** mithilarun has joined #openstack-lbaas15:27
*** mithilarun has quit IRC15:32
*** mithilarun has joined #openstack-lbaas15:36
*** yamamoto has joined #openstack-lbaas15:52
*** yamamoto has quit IRC15:56
*** sapd1_x has joined #openstack-lbaas16:01
*** yboaron_ has quit IRC16:16
johnsomzigo The certs in /var/lib/octavia/certs are generated automatically by the controller and loaded via config driver/cloud-init.  That directory should be a an encrypted ram-fs mounted to /var/lib/octavia/certs16:21
*** ccstone has quit IRC16:34
*** AlexStaf has joined #openstack-lbaas16:57
*** cbrumm has quit IRC17:04
*** sapd1_x has quit IRC17:16
*** AlexStaf has quit IRC17:44
*** ramishra has joined #openstack-lbaas19:39
*** ramishra has quit IRC19:45
*** gcheresh has joined #openstack-lbaas20:03
*** gcheresh has quit IRC20:17
*** gcheresh has joined #openstack-lbaas20:23
*** Vorrtex has quit IRC20:32
*** pcaruana has quit IRC20:42
*** mithilarun has quit IRC20:52
*** mithilarun has joined #openstack-lbaas20:52
*** rcernin has quit IRC20:53
*** mithilarun has quit IRC20:57
rm_workwe don't run any of the tempest stuff that's in-tree with octavia, right? it's all dead?21:09
rm_work(for v2)21:09
rm_workjohnsom / cgoncalves ^^21:10
johnsomYeah, the in-tree tempest should all be v1 related21:10
rm_workyeah k21:10
rm_workthere's one v2 thing for quotas but i don't think it's used21:10
openstackgerritAdam Harwell proposed openstack/octavia master: Remove v1 API and associated code  https://review.opendev.org/65670721:13
*** gcheresh has quit IRC21:19
*** mithilarun has joined #openstack-lbaas22:05
*** mithilarun has quit IRC22:10
openstackgerritAdam Harwell proposed openstack/octavia master: Remove v1 API and associated code  https://review.opendev.org/65670722:34
rm_worknmagnezi: is this still a thing? https://review.opendev.org/#/c/558194/22:45
rm_workI never understood it22:45
rm_workand it's a year old22:46
rm_worknmagnezi: I think I'm going to abandon it, you can restore it if you think it's still necessary22:46
*** rcernin has joined #openstack-lbaas23:10
*** yamamoto has joined #openstack-lbaas23:18
lxkongjohnsom: hi, a follow-up question to the one of yesterday, if it will cause any problem if we keep the existing sgs on the vip port?23:23
lxkongrm_work ^^23:24
johnsomYes, it creates conflicts and potential vulnerabilities.23:24
lxkongconflict?23:25
lxkongcould you please tell me more?23:25
johnsomFor example, if we need to rebuild it, we don’t want to store and manage tenant sgs23:25
lxkongfor `rebuild`, do you mean failover?23:26
lxkongwhy we need to store the tenant's sgs?23:26
johnsomRight, port rebuild23:26
lxkonghmm...it's still not very clear to me :-( let me check the code to see if i can understand23:27
johnsomThe lb is a managed service, if we let users open ports we can no longer say we manage it.  Likewise, if it is a user visible sg they can delete them, etc.23:28
lxkongthanks johnsom, i will dig more23:35
lxkongjohnsom: btw, if we have someone who is going to lead the acl design and implementation, I am very happy to help coding/review/test23:37
johnsomOk, thanks lxkong23:38
« Tuesday, 2019-04-30 Index Thursday, 2019-05-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!