Monday, 2019-11-11

« Sunday, 2019-11-10 Index Tuesday, 2019-11-12 »
*** armax has joined #openstack-lbaas00:21
*** eandersson has quit IRC00:44
*** armax has quit IRC00:48
*** yamamoto has joined #openstack-lbaas01:31
*** yamamoto has quit IRC02:02
*** goldyfruit___ has quit IRC02:02
*** eandersson has joined #openstack-lbaas03:03
*** psachin has joined #openstack-lbaas03:28
*** yamamoto has joined #openstack-lbaas03:35
*** eandersson has quit IRC03:56
*** eandersson has joined #openstack-lbaas03:57
*** eandersson has quit IRC03:57
*** eandersson has joined #openstack-lbaas03:57
*** yamamoto has quit IRC04:11
*** yamamoto has joined #openstack-lbaas04:11
*** yamamoto_ has joined #openstack-lbaas04:41
*** yamamoto has quit IRC04:44
*** ricolin has joined #openstack-lbaas04:54
*** psachin has quit IRC05:10
*** ramishra has joined #openstack-lbaas06:15
*** langyal has joined #openstack-lbaas06:53
*** yamamoto_ has quit IRC07:01
*** yamamoto has joined #openstack-lbaas07:02
*** yamamoto has quit IRC07:05
*** yamamoto_ has joined #openstack-lbaas07:05
*** rcernin has quit IRC07:08
*** gcheresh_ has joined #openstack-lbaas07:43
*** ccamposr__ has quit IRC07:59
*** AlexStaf has joined #openstack-lbaas08:01
*** yamamoto has joined #openstack-lbaas08:03
*** maciejjozefczyk has joined #openstack-lbaas08:03
*** yamamoto_ has quit IRC08:06
*** ccamposr has joined #openstack-lbaas08:09
*** tkajinam has quit IRC08:19
*** ramishra has quit IRC08:27
*** yamamoto has quit IRC08:28
*** yamamoto has joined #openstack-lbaas08:32
*** yamamoto_ has joined #openstack-lbaas08:43
*** trident has quit IRC08:45
*** yamamoto has quit IRC08:46
*** yamamoto_ has quit IRC08:51
*** yamamoto has joined #openstack-lbaas08:56
*** yamamoto has quit IRC08:58
*** yamamoto has joined #openstack-lbaas08:59
*** trident has joined #openstack-lbaas08:59
*** yamamoto has quit IRC09:01
*** rcernin has joined #openstack-lbaas09:03
*** maciejjozefczyk has quit IRC09:10
*** maciejjozefczyk has joined #openstack-lbaas09:10
*** trident has quit IRC09:16
*** ivve has joined #openstack-lbaas09:17
*** maciejjozefczyk has quit IRC09:17
*** ramishra has joined #openstack-lbaas09:20
*** trident has joined #openstack-lbaas09:24
*** yamamoto has joined #openstack-lbaas09:33
*** yamamoto has quit IRC09:39
*** maciejjozefczyk has joined #openstack-lbaas09:44
*** maciejjozefczyk has quit IRC09:49
*** rcernin has quit IRC09:56
*** yamamoto has joined #openstack-lbaas10:02
*** yamamoto has quit IRC10:07
*** luksky has joined #openstack-lbaas10:09
*** yamamoto has joined #openstack-lbaas10:10
*** yamamoto has quit IRC10:10
*** rcernin has joined #openstack-lbaas10:12
openstackgerritAnn Taraday proposed openstack/octavia master: Add option to set default ssl ciphers in haproxy  https://review.opendev.org/68533710:20
*** rcernin has quit IRC10:49
*** yamamoto has joined #openstack-lbaas11:44
*** pcaruana has joined #openstack-lbaas11:47
*** yamamoto has quit IRC11:48
*** langyal has quit IRC11:53
*** pcaruana has quit IRC12:09
*** rcernin has joined #openstack-lbaas12:16
*** numans has joined #openstack-lbaas12:24
*** yamamoto has joined #openstack-lbaas12:24
*** yamamoto has quit IRC12:28
*** yamamoto has joined #openstack-lbaas12:28
*** yamamoto_ has joined #openstack-lbaas12:29
*** yamamoto has quit IRC12:33
brtknrjohnsom: are these folks online today?12:38
*** yamamoto_ has quit IRC12:42
*** goldyfruit___ has joined #openstack-lbaas12:44
*** rcernin has quit IRC12:44
*** goldyfruit___ has quit IRC12:49
CobHeadHi johnsom: Just so I understand correctly: This patch is to fix an issue with listeners being undeletable when the container reference is deleted: https://review.opendev.org/#/c/690984/ whereas this patch is to make it possible to update the actual reference: https://review.opendev.org/#/c/691987/13:08
*** yamamoto has joined #openstack-lbaas13:18
*** yamamoto has quit IRC13:26
*** goldyfruit has joined #openstack-lbaas13:51
*** maciejjozefczyk has joined #openstack-lbaas14:32
ataraday_Hello everyone! I pushed small improvement to octaviaclient change some time ago https://review.opendev.org/#/c/693144/  may be someone have time for a quick look14:40
*** luksky has quit IRC14:41
ataraday_johnsom, I posted comment on default cipher change  https://review.opendev.org/685337 - if you have time let me know what you think about it.14:42
rm_workataraday_: yeah, that always bothered me too -- though I am not sure, what if someone uses a uuid as a name <_<14:52
rm_workCobHead: that's correct15:01
CobHeadAllright. I will give a +1 on the Rocky backport for the first one, as I just tested it on a large cluster. As for the other one, I might have to cherry-pick it and pull it in order to try it out.15:04
CobHeadThanks, rm_work :)15:05
rm_workok so my plan for today is to go through the PTG notes and make a summary email for the ML15:22
johnsomrm_work: brtknr has Kolla Ansible questions.15:28
rm_workhmm k15:29
rm_workI can give it my best shot, it's been a while15:29
ataraday_rm_work, on our internal cloud when people check some loadbalancer's state - they use id. We got a lot of loadbalacers, so this improvement make show working really faster :)15:29
rm_workyeah, i don't disagree :D15:29
johnsomI have seen a few folks struggling with Kolla Ansible recently. I guess it doesn’t wire up the networks15:29
rm_workyeah, it doesn't really... know how, I think15:29
rm_workto be fair, neither do I :D15:30
rm_workand I think it depends on a lot of factors15:30
johnsomI think kong also uses it15:30
johnsomataraday_: yeah, that puzzled me about OSC as well. I will review today.15:31
*** TrevorV has joined #openstack-lbaas15:31
brtknrrm_work: it feels quite complicated to deploy octavia via kolla ansible atm, seems to require quite a few manual steps, including creation of network which could def be automated and cert generation, which i am okay with being manual but also would nice to have it automated15:32
johnsomI am done with the cert patches, I just need to do some rebases to stack them all up so the new tempest tests pass15:32
brtknrbut i dont understand octavia well enough to kolla-ansiblise the various steps15:33
brtknrat the moment, kolla-ansible only seems to support  the single certificate scenario for client and server, not the dual certificate recommened for production use, which even the octavia devstack plugin deploys afaict15:36
brtknrhappy to do the leg work for this if someone out there is available to help me out a bit navigate the octavia-land15:37
johnsombrtknr: we are happy to help on the Octavia side. I am just not familiar with Kolla15:38
brtknrnot sure how openstack-ansible handle this but probably something that we can adapt from there15:38
johnsomOSA also lags a bit last time I looked at it. But it is at least functional out of the box. Lol15:39
brtknrjohnsom: so kolla already builds containers for all the octavia services... its the default configuration parts where the details are a bit fuzzy15:39
brtknrwould be nice to incorporate the octavia best practices as the default in kolla-ansible15:40
johnsomIf you want, we can setup an etherpad for questions. Just mention it here and someone from Octavia can answer15:40
brtknrjohnsom: sounds good to me15:40
johnsomYeah, I have done some of that recently for tripleo15:41
*** ccamposr has quit IRC15:42
johnsombrtknr https://etherpad.openstack.org/p/kolla-ansible-octavia15:42
*** ccamposr has joined #openstack-lbaas15:43
johnsombrtknr: don’t be shy bugging us in this channel for answers either.15:45
rm_workbrtknr: I think johnsom would be the go-to on the cert stuff :D15:47
rm_workbut for networks... i don't really know how we would be able to do that sanely15:48
johnsomYeah. I wrote a guide for the certs15:48
brtknrOk cool, I will put in some silly questions on the ether pad15:48
rm_worka lot of that stuff is dependent on what can actually reach various HVs and such15:48
rm_workhow your physical net is set up15:48
rm_workand we prefer provider style networks for the management layer which is kinda outside of neutron usually15:49
brtknrAny idea what the network creation defaults are for OSA?15:51
johnsomThey setup a provider network as I remember15:52
johnsomAt one point OSA was a bit complicated with all of the bridges they added, but I think someone cleaned that up15:52
*** gcheresh_ has quit IRC15:54
*** yamamoto has joined #openstack-lbaas16:00
*** yamamoto has quit IRC16:06
brtknrjohnsom: okay so i see that in devstack, octavia creates a vxlan for the lb-mgmt-net16:12
brtknris that for convenience?16:12
johnsomYes. The lb-mgmt-net is simply a neutron network.  The tricky part is how you give the controller processes (containers in your case) access to that neutron network.16:13
CobHeadOSA relies on a bridge that needs to be setup manually before deploying Octavia, FYI.16:13
johnsomAs long as neutron can see the network and attach it to VMs, it is fine for Octavia use.16:13
*** gcheresh_ has joined #openstack-lbaas16:16
brtknrSo for a default configuration, we could create a vxlan based neutron network and provide this network ID to octavia config correct?16:17
johnsomYes, then you need to make sure the worker, health manager, and housekeeping processes have access to that network.16:18
brtknrjohnsom: ah that explains why a vlan approach is easier16:21
*** maciejjozefczyk has quit IRC16:22
*** armax has joined #openstack-lbaas16:30
*** servagem has joined #openstack-lbaas16:31
openstackgerritMichael Johnson proposed openstack/octavia master: Fix update API when barbican secret is missing  https://review.opendev.org/69198716:31
*** ivve has quit IRC16:32
*** ricolin has quit IRC16:34
*** devfaz has quit IRC16:38
*** devfaz has joined #openstack-lbaas16:38
*** maciejjozefczyk has joined #openstack-lbaas16:43
*** pcaruana has joined #openstack-lbaas16:45
openstackgerritMichael Johnson proposed openstack/octavia master: Fix multi-listener LB with missing certificate  https://review.opendev.org/69220816:46
openstackgerritMerged openstack/octavia stable/train: Fix issues with unavailable secrets  https://review.opendev.org/69098416:47
openstackgerritMerged openstack/octavia stable/stein: Fix issues with unavailable secrets  https://review.opendev.org/69169316:47
*** maciejjozefczyk has quit IRC17:25
openstackgerritMerged openstack/octavia master: Fix typo in doc agent.py->agent  https://review.opendev.org/69088417:43
*** goldyfruit has quit IRC17:52
*** goldyfruit has joined #openstack-lbaas17:53
*** gcheresh_ has quit IRC17:55
*** AlexStaf has quit IRC17:56
*** maciejjozefczyk has joined #openstack-lbaas18:26
colin-thanks for the summary on the ML, rm_work18:46
colin-a whole ptg came and went without containers or active/active coming up?!18:47
rm_workah, so, uhh18:47
rm_workactive-active came up18:47
rm_workand we were like18:47
rm_workyeah ... do that, sounds good18:47
colin-haha, great we have consensus!18:47
rm_workso it didn't really warrant being in the summary lol18:47
*** ivve has joined #openstack-lbaas18:55
*** pcaruana has quit IRC18:57
*** pcaruana has joined #openstack-lbaas18:58
*** maciejjozefczyk has quit IRC19:02
*** gcheresh_ has joined #openstack-lbaas19:08
*** ataraday_ has quit IRC19:10
*** henriqueof has joined #openstack-lbaas19:35
xgermanYeah, active-active is a mirage… I don;t think we will ever have it :-)19:50
*** yamamoto has joined #openstack-lbaas20:03
*** yamamoto has quit IRC20:08
rm_worki'm supposed to be working on it this cycle <_<20:38
rm_workwe'll see if i ever actually get the time20:39
rm_workother things keep being "higher priority" :D20:39
xgermanLol - yeah, I worked on that as well once and so did johnsom...20:40
xgermanand IBM and...20:40
*** gcheresh_ has quit IRC20:42
johnsomOs-ken is ready now, so probably a good time to start it up again20:46
openstackgerritMichael Johnson proposed openstack/octavia master: Fix multi-listener LB client auth/re-encryption  https://review.opendev.org/69358621:28
*** pcaruana has quit IRC21:42
openstackgerritMichael Johnson proposed openstack/octavia master: Fix a potential race condition with certs-ramfs  https://review.opendev.org/69359121:45
*** AlexStaf has joined #openstack-lbaas22:07
openstackgerritMichael Johnson proposed openstack/octavia master: Update flavor guide to be cut/paste friendly  https://review.opendev.org/69375122:07
openstackgerritMichael Johnson proposed openstack/octavia master: Stop allowing the deletion of an in-use flavor  https://review.opendev.org/69242722:25
*** yamamoto has joined #openstack-lbaas22:31
johnsomrm_work Did we never get API filtering working????22:51
johnsomHmm, ok, so maybe it's just some of the APIs that aren't working....22:53
*** rcernin has joined #openstack-lbaas22:58
*** tkajinam has joined #openstack-lbaas23:01
*** TrevorV has quit IRC23:02
*** ccamposr has quit IRC23:15
*** ccamposr__ has joined #openstack-lbaas23:15
*** goldyfruit has quit IRC23:22
*** ivve has quit IRC23:32
*** yamamoto has quit IRC23:33
*** maciejjozefczyk has joined #openstack-lbaas23:38
« Sunday, 2019-11-10 Index Tuesday, 2019-11-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!