Sunday, 2020-03-08

« Saturday, 2020-03-07 Index Monday, 2020-03-09 »
dawzonOh, wow.  I just realized I don't even have the octavia-tempest-plugin repo .  Can I just clone the repo directly or do I have to install it with stack.sh?00:04
dawzonNevermind, resolved00:08
*** rcernin has joined #openstack-lbaas00:38
*** dulek has quit IRC00:54
*** yamamoto has joined #openstack-lbaas00:54
*** dulek has joined #openstack-lbaas01:06
*** yamamoto has quit IRC01:26
*** yamamoto has joined #openstack-lbaas06:35
*** abaindur has joined #openstack-lbaas07:17
*** abaindur has quit IRC07:19
*** abaindur has joined #openstack-lbaas07:19
*** abaindur has quit IRC07:30
*** gcheresh has joined #openstack-lbaas07:36
*** yamamoto has quit IRC07:56
*** yamamoto has joined #openstack-lbaas07:57
*** sapd1 has quit IRC08:29
*** sapd1 has joined #openstack-lbaas08:44
*** yamamoto has quit IRC09:24
*** yamamoto has joined #openstack-lbaas09:54
*** yamamoto has quit IRC10:43
*** yamamoto has joined #openstack-lbaas11:14
rm_worknmickus: well, there's some good docs around on recommendations, like https://wiki.mozilla.org/Security/Server_Side_TLS11:15
rm_workAs a starting point, I might take their Intermediate recommendations11:15
rm_workhttps://ssl-config.mozilla.org/guidelines/5.3.json11:16
rm_workI thought we used a whitelist? Therefore "blacklist" would be "not whitelist"?11:17
rm_workCould be totally wrong though, haven't kept up with this feature spec11:17
*** yamamoto has quit IRC11:49
*** yamamoto has joined #openstack-lbaas11:51
*** yamamoto has quit IRC12:23
*** yamamoto has joined #openstack-lbaas12:32
*** yamamoto has quit IRC12:44
*** yamamoto has joined #openstack-lbaas13:15
openstackgerritMerged openstack/octavia stable/queens: Fix uncaught DB exception when trying to get a spare amphora  https://review.opendev.org/70956913:29
*** gcheresh has quit IRC13:35
*** gcheresh has joined #openstack-lbaas13:36
openstackgerritMerged openstack/octavia stable/stein: Fix multi-listener LB with missing certificate  https://review.opendev.org/69859714:09
*** yamamoto has quit IRC14:19
*** gcheresh has quit IRC14:59
johnsomrm_work: The black list is for operators to flag those in that should never be used.  I would probably leave it empty or see what owasp/nsa/nist says16:06
rm_workAh, not default blacklist for each new listener16:08
rm_workDefault blacklist for the whole system so people can't even whitelist certain stuff for new listeners16:09
rm_workGot it16:09
*** yamamoto has joined #openstack-lbaas16:53
*** yamamoto has quit IRC16:58
*** sapd1 has quit IRC17:35
*** armax has quit IRC17:50
*** erdosip has joined #openstack-lbaas18:07
erdosiphy! could somebody help me please with amphora diskimage-builder? We're at rocky based on 18.04 ubuntu. I've created a bionic based amphora image, but when it's booting up, the interface renamer do some wierd stuff (multile renames, and finally i only got one if)18:09
erdosipI've tried with centos 7 and 8, but then I got 500, because the amphora-agent searches `haproxy18` package, which does not installed (haproxy however yes, 1.5 in centos 7, 1.8 in centos 8)18:10
erdosipI've tried with centos 7 and 8, but then I got 500, because the amphora-agent searches `haproxy18` package, which does not installed (haproxy however yes, 1.5 in centos 7, 1.8 in centos 8)18:10
erdosipI've tried with centos 7 and 8, but then I got 500, because the amphora-agent searches `haproxy18` package, which does not installed (haproxy however yes, 1.5 in centos 7, 1.8 in centos 8 )18:10
erdosipoops, sorry! dont wanted to send 3 times.. :(18:10
erdosipso as last resort I've tried to build it with fedora, which also not working, because the diskimage-builder.sh only support 27/28 fedora, but it's not in the mirror anymore, they are on 3118:11
erdosipare there any tips, how to build a working image? where should i change the generated grub conf in ubuntu for example? (to disable interface renames, and stick with ethX)18:13
erdosipor how to correct the haproxy18 package name (or please help understand, why it's haproxy18 and how it suppose to work? )18:14
*** gcheresh has joined #openstack-lbaas18:49
*** armax has joined #openstack-lbaas18:57
*** erdosip has quit IRC18:58
*** erdosip has joined #openstack-lbaas18:58
*** armax has quit IRC19:05
*** gcheresh has quit IRC19:14
*** armax has joined #openstack-lbaas19:20
*** gcheresh has joined #openstack-lbaas19:21
*** gcheresh has quit IRC19:37
*** gcheresh has joined #openstack-lbaas21:18
*** erdosip has quit IRC21:30
*** rcernin has quit IRC21:30
*** gcheresh has quit IRC21:36
johnsomerdosip We use Ubuntu 18.04 for all of our OpenStack gate tests. It should work fine. The amphora image does manage the interface naming and locations automatically. This assumes you are using our script https://github.com/openstack/octavia/blob/master/diskimage-create/diskimage-create.sh22:16
johnsomTo build an Ubuntu image, just run that script. The defaults will automatically build you a fully functional Ubuntu Bionic image.22:16
johnsomAh, they left, well, they probably didn't know there is a network namespace for security22:17
johnsomah well22:17
johnsomMaybe they found and read the image building guide: https://docs.openstack.org/octavia/latest/admin/amphora-image-build.html22:18
*** tkajinam has joined #openstack-lbaas22:50
*** yamamoto has joined #openstack-lbaas22:56
*** yamamoto has quit IRC23:00
*** rcernin has joined #openstack-lbaas23:27
openstackgerritNoah Mickus proposed openstack/octavia master: WIP: Adding The abllity to set a cipher blacklist  https://review.opendev.org/71186323:33
*** yamamoto has joined #openstack-lbaas23:36
« Saturday, 2020-03-07 Index Monday, 2020-03-09 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!