Friday, 2019-06-07

rm_workthen why were we doing it? O_o00:08
rm_workah also, i think i see why these weren't set in the element -- they need to be run inside the netns?00:09
rm_workare these sysctl values unique to a netns? i didn't realize that00:09
rm_worki always thought it was system-wide00:09
johnsomNetns specific00:11
rm_workbut ... we just don't need them in general?00:12
johnsomrm_work Sorry, I was done for the day a few hours ago.00:22
rm_workah lol00:23
johnsomThe netns gets a blank slate, so we have to set them there.  Most of those a perf related for the tenant traffic and don't matter much for the agent.00:23
rm_workyeah i guess you've been working way earlier in the day00:23
johnsomYeah, another 6am day00:23
rm_workright i mean i know they don't matter for the agent, i meant did we need them at all00:23
rm_workso yeah, ok, that's why they're being set at that point00:23
rm_workis the same true for kernel modules tho? O_o that is surprising too00:23
rm_workdidn't think those were netns specific00:24
johnsomThose should not be netns specific....  What are you looking at, I'm context switching here00:25
rm_worksome of the stuff we do as part of the vip plugging00:25
rm_worki don't think "load a kernel module" needs to be part of that <_<00:25
rm_worksince i'm basically refactoring all of right now00:26
rm_worki want to remove as much of this from plug-time as possible and put it in startup or image build00:26
rm_workso like... WHEN we create the netns, i can have it run these sysctl commands... and when we build the image, i can have it add this ip_vs kernel module to boot00:27
rm_workit doesn't need to be run JIT on a vip plug00:27
rm_workoh rofl ok, i see... it actually creates the namespace in the plug00:29
rm_workALSO not sure why00:29
rm_workwhy not just create it in the image build?00:29
rm_workit's a constant00:29
johnsomThere was some reason, I think it is namespace creation time, then we also write it out for reboot scenarios00:29
rm_workwe don't re-run plug on a reboot tho <_<00:30
rm_workIMO we can create the netns and set up these sysctl values during image creation00:30
johnsomRight, we don't which is why it also writes it out.00:30
rm_workyeah so ....00:30
rm_workwhy not just...00:31
rm_workhave it already exist and be written out00:31
johnsomYeah, a bit of this has been fairly "organicly" grown00:33
johnsomI think the netns stuff was in the plug based on that old idea of more than one LB per amp00:35
johnsomEach would need it's own netns, etc.00:35
johnsombonus points if you do not enable conntrack unless it's a UDP listener....00:37
johnsomI thought it was that way, but that may have been something I just gave up on for timing reasons00:38
johnsomOk, afk again00:39
rm_worksoooo research is showing me that these ip forwarding sysctl values are NOT namespace aware anyway <_<00:42
rm_workBUT actual testing shows they obviously are00:43
rm_workso 100% of the docs i've found on the internet showing enabling them outside of the netns for use inside the netns... are wrong00:43
rm_workfor example:
rm_worki can't find any documentation about where sysctl values are written out for network namespaces00:52
johnsomDon’t believe everything you read on the interwebs!01:39
johnsomThere is an obscure kernel doc that talks to it.  I am pretty sure the is what I referenced when dustin proposed that patch calling out they were not being set.01:40
*** goldyfruit has quit IRC02:24
*** goldyfruit has joined #openstack-lbaas02:29
rm_workyeah i just tested with reality02:42
rm_workseems more accurate02:42
rm_workis there really any downside to enabling ipv6 forwarding if there's no ipv6 interface?02:43
*** goldyfruit has quit IRC02:53
*** threestrands has joined #openstack-lbaas02:54
rm_workfor now i am assuming no downside03:16
rm_workand moving that stuff out of the plug03:17
rm_workshould speed up AND stabilize that call a little bit03:17
rm_workthough what did you mean when you said:03:19
rm_work[16:47:43] johnsom:We should not need forwarding03:19
rm_workwe DO need forwarding inside the netns, right?03:20
rm_workdid you mean "not for the agent to work"? which, yeah, i am just reusing that element to do the config for the netns03:20
openstackgerritAdam Harwell proposed openstack/octavia master: WIP: Allow multiple VIPs per LB
openstackgerritAdam Harwell proposed openstack/octavia master: WIP: Allow multiple VIPs per LB
*** yamamoto has quit IRC04:09
*** threestrands has quit IRC04:12
openstackgerritAdam Harwell proposed openstack/octavia master: WIP: Allow multiple VIPs per LB
rm_work^^ is very promising so far :D04:15
rm_work"just worked" in SINGLE topo, with+without additional VIPs04:15
rm_worktrying in ACTIVE_STANDBY now04:16
rm_workworks with one VIP....04:18
rm_workugh, second VIP doesn't come up via keepalived T_T04:23
rm_workfirst one still does tho...04:23
rm_workmaybe something to do with keepalived and ipv6?04:23
rm_workaha! got it04:34
rm_workyep, ipv4+ipv6 don't coexist in a single block, but it's an easy fix04:34
*** yamamoto has joined #openstack-lbaas04:43
*** yamamoto has quit IRC04:54
openstackgerritAdam Harwell proposed openstack/octavia master: WIP: Allow multiple VIPs per LB
rm_workok, now just centos I think :D05:10
rm_workgthiemonge: let me know when you have a sec to sync up ^_^05:10
*** yamamoto has joined #openstack-lbaas05:13
*** luksky has joined #openstack-lbaas05:44
*** ccamposr has joined #openstack-lbaas06:03
*** ccamposr has quit IRC06:05
*** ccamposr has joined #openstack-lbaas06:05
*** sapd1_x has joined #openstack-lbaas06:21
*** pcaruana has joined #openstack-lbaas06:35
*** tesseract has joined #openstack-lbaas07:09
*** Emine has joined #openstack-lbaas07:52
*** rcernin has quit IRC07:55
*** bcafarel has quit IRC08:13
*** sapd1_x has quit IRC08:15
*** bcafarel has joined #openstack-lbaas08:26
*** trident has quit IRC08:35
*** trident has joined #openstack-lbaas08:37
*** emine__ has joined #openstack-lbaas08:51
*** Emine has quit IRC08:52
*** sapd1_x has joined #openstack-lbaas09:23
*** gcheresh has joined #openstack-lbaas09:57
*** yamamoto has quit IRC10:02
*** luksky has quit IRC10:11
*** sapd1_x has quit IRC10:18
*** gcheresh has quit IRC10:24
*** yamamoto has joined #openstack-lbaas10:29
openstackgerritAdam Harwell proposed openstack/octavia master: WIP: Allow multiple VIPs per LB
*** yamamoto has quit IRC10:35
*** luksky has joined #openstack-lbaas10:49
*** ataraday_ has joined #openstack-lbaas10:55
openstackgerritAdam Harwell proposed openstack/octavia-lib master: Add 'additional_vips' field to driver datamodel
openstackgerritAdam Harwell proposed openstack/octavia master: Allow multiple VIPs per LB
rm_work^^ ready for basic review! :) will be working on the client and some tempest tests later today11:16
rm_workand gthiemonge will probably have some fixes for centos edge cases, but it works for the basic testing I've done (SINGLE/ACTIVE_STANDBY with single VIP and double VIP [primary ipv4, additional ipv6] on both Ubuntu and CentOS)11:17
rm_workI dread the tempest testing, as I'll literally just have to spin a ton of new LBs ... may need a whole new tempest test run <_<11:18
rm_workthanks for the review cgoncalves :D11:32
cgoncalvesthanks for the release note and story ;)11:35
*** yamamoto has joined #openstack-lbaas11:46
*** yamamoto has quit IRC11:54
*** yamamoto has joined #openstack-lbaas11:56
*** yamamoto has quit IRC12:18
*** yamamoto has joined #openstack-lbaas12:19
*** gthiemon1e has joined #openstack-lbaas12:20
*** happyhemant has joined #openstack-lbaas12:20
*** gthiemonge has quit IRC12:21
*** ianychoi_ has joined #openstack-lbaas12:23
*** ianychoi has quit IRC12:27
*** gthiemon1e has quit IRC12:32
*** rtjure has joined #openstack-lbaas12:40
*** gcheresh has joined #openstack-lbaas12:42
*** boden has joined #openstack-lbaas12:59
*** gthiemonge has joined #openstack-lbaas13:08
*** yamamoto has quit IRC13:15
*** gcheresh has quit IRC13:15
*** rtjure has quit IRC13:32
*** gthiemonge has quit IRC13:40
*** rtjure has joined #openstack-lbaas13:42
*** henriqueof has quit IRC13:46
*** yamamoto has joined #openstack-lbaas13:48
*** yamamoto has quit IRC13:49
*** yamamoto has joined #openstack-lbaas13:50
*** ricolin has joined #openstack-lbaas13:55
*** ccamposr has quit IRC13:58
*** goldyfruit has joined #openstack-lbaas14:28
*** sapd1_x has joined #openstack-lbaas15:07
*** Vorrtex has joined #openstack-lbaas15:34
openstackgerritMerged openstack/octavia master: Limit cryptsetup key RAM usage
*** gthiemonge has joined #openstack-lbaas15:36
*** goldyfruit has quit IRC15:45
*** gthiemonge has quit IRC15:53
*** ramishra has quit IRC15:56
*** luksky has quit IRC16:11
*** emine__ has quit IRC16:19
*** yamamoto has quit IRC16:23
openstackgerritCarlos Goncalves proposed openstack/octavia master: Add RHEL 8 amphora support
*** tesseract has quit IRC16:40
*** boden has quit IRC16:46
*** yamamoto has joined #openstack-lbaas16:54
*** yamamoto has quit IRC16:59
*** boden has joined #openstack-lbaas17:04
*** KeithMnemonic has quit IRC17:09
*** sapd1_x has quit IRC17:19
*** ricolin has quit IRC17:24
*** goldyfruit has joined #openstack-lbaas17:48
*** luksky has joined #openstack-lbaas17:56
ataraday_johnsom, Hi! I left a comment on - could you check if it is valid or not?18:33
johnsomataraday_ Thank you. Likely I have a bug.18:42
*** ataraday_ has quit IRC19:05
*** boden has quit IRC19:22
*** emine__ has joined #openstack-lbaas19:28
*** boden has joined #openstack-lbaas19:33
*** boden has quit IRC19:33
*** emine has joined #openstack-lbaas19:56
*** emine__ has quit IRC19:59
*** goldyfruit has quit IRC20:02
*** emine has quit IRC20:04
*** emine has joined #openstack-lbaas20:05
*** emine__ has joined #openstack-lbaas20:11
*** emine has quit IRC20:13
*** emine has joined #openstack-lbaas20:15
*** emine__ has quit IRC20:16
*** emine has quit IRC20:53
*** Vorrtex has quit IRC20:57
openstackgerritCarlos Goncalves proposed openstack/octavia stable/stein: Limit cryptsetup key RAM usage
*** pcaruana has quit IRC21:51
*** luksky has quit IRC21:55
rm_workjohnsom: ? :D22:26
*** goldyfruit has joined #openstack-lbaas22:28
openstackgerritMerged openstack/octavia-lib master: Add 'additional_vips' field to driver datamodel
rm_workhmmm, do we have to cut a release for it before it'll work I guess?23:11
rm_workyeah, let's see23:11
rm_workdoesn't look like anything is waiting23:11
rm_workwe can do that now23:11
rm_workah and I had a question for you --
rm_workI did the "virtual_ipaddress_excluded" thing for the ipv6 addresses in keepalived and it seems to work in devstack23:12
rm_workthe address comes up and i can hit it23:12
rm_workbut i don't know if there are other side-effects to that23:12
rm_workthe other way is a bit more complex but also doable...23:12
johnsomrm_work I think the virutal_ipaddress_excluded is a fine path.  Have you tested if the address in this block is ifdown it fails over correctly?23:19
rm_workhmmm i need to do some failover tests23:19
rm_worki did not yet23:19
johnsomI think it should, but might be work a quick test.23:19
rm_workyeah sec23:19
johnsomYeah, that is a super odd edge case, but if it passes that I think it's fine23:19
rm_worki'm looking for the release doc23:20
rm_workI am on
rm_workbut it doesn't ... actually tell me HOW in a technical sense23:20
rm_workah k23:20
rm_worki couldn't find the link you sent earlier23:20
johnsomBTW, did you tell me you dropped Carlos from the release liaison and added me? I thought he was still on the release list but they didn't accept his patch.23:21
rm_workCarlos should still be it23:21
rm_workbut now i see you there23:22
rm_workhold on23:22
johnsomYou can probably add us both23:22
rm_worki switched you for something else23:22
rm_worki thought23:22
rm_workunless i'm misremembering, but obviously it shows me doing that so23:22
rm_workmaybe i had the wrong field23:23
rm_workfixed it23:25
rm_workso we're in "train"23:26
rm_workso that's what the release is for?23:26
rm_workit's going to be `train octavia-lib feature`?23:27
johnsomtrain octavia-lib feature23:27
rm_workor are we at a milestone23:27
johnsomThis week was MS1, but I would do feature so the version number is right.23:28
johnsomin semver those are <major>.<feature>.<bugfix>23:28
johnsomin which number gets bumped23:28
*** goldyfruit has quit IRC23:29
rm_workdon't know if that actually requires another signoff since I made it23:30
rm_workprobably not?23:30
rm_workjohnsom: yep, failover works (again, at least in my local devstack)23:35
rm_workfor both addresses23:35
rm_worknot sure if that changes if there's more layers of switches/etc in the picture23:35
johnsomNope, PTL can release with no additional approvals23:35
rm_workor i'm off a single host23:35
johnsomThat is fine. If the eth1:2 going down triggers the failover, I'm good with it23:35
johnsomNo need for the multi-instance and sync stuff23:36
johnsomPlus it saves some bits on the wire23:36
johnsomLog offloading, powered by Kygo23:44

Generated by 2.15.3 by Marius Gedminas - find it at!