Tuesday, 2020-04-07

« Monday, 2020-04-06 Index Wednesday, 2020-04-08 »
openstackgerritMichael Johnson proposed openstack/octavia master: Don't register cli opts on import  https://review.opendev.org/71644000:00
openstackgerritMichael Johnson proposed openstack/octavia master: Add ability to set TLS cipher list for listeners  https://review.opendev.org/71137600:06
openstackgerritMichael Johnson proposed openstack/octavia master: Don't register cli opts on import  https://review.opendev.org/71644000:06
johnsomforgot to bump the requirements minimum version for octavia-lib00:07
openstackgerritClark Boylan proposed openstack/octavia master: Do not merge testing  https://review.opendev.org/71788500:30
*** yamamoto has joined #openstack-lbaas00:31
*** happyhemant has quit IRC01:08
*** yamamoto has quit IRC01:33
*** yamamoto has joined #openstack-lbaas02:29
*** dayou has quit IRC02:50
*** dayou has joined #openstack-lbaas02:52
*** psachin has joined #openstack-lbaas03:18
*** spatel has joined #openstack-lbaas03:24
*** spatel has quit IRC03:25
*** gthiemonge has quit IRC05:46
*** gthiemonge has joined #openstack-lbaas05:47
*** armax_ has joined #openstack-lbaas06:05
*** armax has quit IRC06:06
*** armax_ is now known as armax06:06
*** gcheresh has joined #openstack-lbaas06:17
*** rpittau|afk is now known as rpittau06:56
*** ataraday_ has joined #openstack-lbaas07:03
*** ccamposr__ has joined #openstack-lbaas07:06
*** ccamposr has quit IRC07:09
openstackgerritMerged openstack/octavia-lib stable/ussuri: Update .gitreview for stable/ussuri  https://review.opendev.org/71693507:17
openstackgerritMerged openstack/octavia-lib stable/ussuri: Update TOX/UPPER_CONSTRAINTS_FILE for stable/ussuri  https://review.opendev.org/71693607:17
openstackgerritMerged openstack/octavia-lib master: Update master for stable/ussuri  https://review.opendev.org/71693707:18
*** gcheresh has quit IRC07:28
*** yamamoto has quit IRC07:36
*** laerlingsap has joined #openstack-lbaas07:40
*** yamamoto has joined #openstack-lbaas07:59
*** born2bake has joined #openstack-lbaas08:02
*** laerlingsap has left #openstack-lbaas08:08
*** gcheresh has joined #openstack-lbaas08:13
*** tkajinam has quit IRC08:17
*** laerling has joined #openstack-lbaas08:33
*** gcheresh has quit IRC08:34
*** isakgicu has joined #openstack-lbaas08:34
isakgicuHi there08:35
isakgicuI'm wondering if it is possible to implement in future releases:08:35
isakgicuhttps://github.com/jetstack/cert-manager/issues/466#issuecomment-54268659308:35
*** gcheresh has joined #openstack-lbaas08:40
isakgicuI'm using openstack octavia loadbalancer(with proxy protocol enabled) in front of a nginx-ingress controller in a kubernetes cluster08:42
isakgicuas described in issue above, there is a problem that octavia LoadBalancer does not add proxy headers when proxy protocol is enabled08:42
*** gcheresh has quit IRC09:34
*** JayLiu has joined #openstack-lbaas09:37
JayLiuhello everyone! I am a fresh man~09:41
JayLiuI have been studied the octavia code for weeks. My company has a active/active framwork for loadbalancer, my leader and I want to transplant it into the octavia project, but at first we want know the community plan for future development :)09:45
*** ccamposr has joined #openstack-lbaas09:47
JayLiuSo how can I participate into the development? Can I do some help at the beginning?09:48
*** ccamposr__ has quit IRC09:50
cgoncalvesJayLiu, hi. active-active load balancing is an important feature the community has been interested for a long time. it would be great having you joining and contributing to active-active in Octavia! I am not aware of anyone working right now on active-active support, so your contributions would be most welcome09:51
JayLiuGreat! We don't want to conflict with the current community development!09:54
cgoncalvesJayLiu, there are a few specs about active-active. there is some code merged but it is mostly early code and has not been touched in years.09:55
cgoncalvesJayLiu, have you check the published specs? how do they compare to your implementation?09:56
JayLiuYeah, I know it from the octavia code, so I have to be careful09:57
cgoncalvesJayLiu, if you think the proposed architecture or existing code is not ideal, the community would certainly be open to receive your feedback and discuss09:58
JayLiuActually it is quite different from our implementation...So I am thinking how to Submit a proposal and discuss with other developer officially10:00
cgoncalvesjohnsom and rm_work have contributed to active-active support or at least exposed to it way more than I have. they would be better contact points at this time. they are located in the US so offline right now.10:00
JayLiuabout the active/active feature10:01
JayLiuok, thank you! It is really useful~10:02
JayLiuMaybe I should10:02
JayLiucontact10:02
cgoncalvesJayLiu, I see. I would maybe suggest sharing a document (text, slides or spec file) with your implementation on a high level. it would help in the discussions10:02
JayLiujohnsom and rm_work?10:02
cgoncalvesyes. they should be online in 5-6 hours10:03
JayLiuthx!10:03
*** rpittau is now known as rpittau|bbl10:25
*** JayLiu has quit IRC10:27
*** vishalmanchanda has joined #openstack-lbaas10:40
*** yamamoto has quit IRC11:02
*** yamamoto has joined #openstack-lbaas11:04
*** gcheresh has joined #openstack-lbaas11:07
*** yamamoto has quit IRC11:23
*** yamamoto has joined #openstack-lbaas11:35
*** yamamoto has quit IRC11:40
*** rpittau|bbl is now known as rpittau12:06
*** tkajinam has joined #openstack-lbaas12:08
*** gcheresh has quit IRC12:19
ataraday_cgoncalves, Hi! I've got functional job still failing on jobboard change :( Do you know what can be done? I see +1 from zuul on other changes12:20
cgoncalvesataraday_, hi. this is the patch that should fix the functional jobs: https://review.opendev.org/#/c/711376/12:22
ataraday_cgoncalves, oh, a bit weird, OK :)12:24
ataraday_thanks!12:25
*** gcheresh has joined #openstack-lbaas13:41
*** gcheresh has quit IRC13:53
*** tkajinam has quit IRC14:03
*** tkajinam has joined #openstack-lbaas14:03
*** gcheresh has joined #openstack-lbaas14:14
*** TrevorV has joined #openstack-lbaas14:16
*** dayou has quit IRC14:20
*** dayou has joined #openstack-lbaas14:21
*** ataraday_ has quit IRC14:21
*** yamamoto has joined #openstack-lbaas14:38
*** tkajinam has quit IRC14:42
*** rcernin has quit IRC15:13
*** yamamoto has quit IRC15:20
johnsomisakgicu Hi, I am trying to read and understand the problem. We currently support PROXY v1 in the load balancers. When configured for the PROXY protocol.15:30
*** gcheresh has quit IRC15:31
johnsomWe don't have any open bugs around PROXY protocol, just an RFE to add PROXY v215:32
isakgicuI understand, to open an issue for this bug there is a need to dig deep into this to find the problem15:42
johnsomisakgicu Yeah, I am not sure what is wrong reading that page. If you can provide steps to reproduce, or the issue, please open a story for us: https://storyboard.openstack.org/#!/project/openstack/octavia15:43
johnsomWe will look into it.15:43
isakgicuok, thank you ! :)15:44
*** rpittau is now known as rpittau|afk16:08
openstackgerritMichael Johnson proposed openstack/octavia master: Add ability to specify TLS cipher list for pools  https://review.opendev.org/71715416:11
johnsomdawzon FYI, I rebased the pools ciphers for you. I see there is some test work to finish there. Are you able to do that today?16:12
dawzonYeah.  Although I was also having some weird amphora issues with that patch, so hopefully that doesn't get in the way16:14
johnsomdawzon Awesome. Let me know if I can help!16:14
johnsomI'm reviewing now16:14
openstackgerritMerged openstack/octavia master: Add ability to set TLS cipher list for listeners  https://review.opendev.org/71137616:45
johnsomdawzon ^^^ Wahoo!16:48
dawzonAwesome!16:49
*** psachin has quit IRC16:55
openstackgerritCarlos Goncalves proposed openstack/octavia master: Fix listener update with SNI certificates  https://review.opendev.org/71279016:57
openstackgerritCarlos Goncalves proposed openstack/octavia master: Add noop certificate manager  https://review.opendev.org/71761916:58
openstackgerritMerged openstack/octavia master: Don't register cli opts on import  https://review.opendev.org/71644017:14
openstackgerritMichael Johnson proposed openstack/octavia master: Jobboard based controller  https://review.opendev.org/64740617:24
*** vishalmanchanda has quit IRC17:47
*** gcheresh has joined #openstack-lbaas18:09
*** zasherif has joined #openstack-lbaas18:16
*** zasherif has quit IRC18:20
*** zasherif has joined #openstack-lbaas18:29
*** zasherif has quit IRC18:32
*** maciejjozefczyk has quit IRC18:39
*** gcheresh has quit IRC18:51
openstackgerritBrian Haley proposed openstack/octavia master: Remove Neutron SDN-specific code  https://review.opendev.org/71819219:12
johnsomhaleyb I put a comment on the neutron patch, but I have no idea which one is right  Q_AGENT or NEUTRON_AGENT....19:35
haleybi don't know if it's either or both myself19:36
johnsomlol19:37
johnsomprobably NETWORK_AGENT19:37
johnsomgrin19:37
haleybdepends on if lib/neutron of lib/neutron-legacy is used, which depends on what the user specified - think if you use Q_ in local.conf you get that version19:38
haleybi'm not going to mess with it19:38
johnsomWorks for me19:38
johnsomWell, not messing with it.19:38
haleybright, until we clean up that neutron mess...19:39
*** zasherif has joined #openstack-lbaas20:01
*** zasherif has quit IRC20:03
*** TrevorV has quit IRC20:55
*** zasherif has joined #openstack-lbaas20:59
openstackgerritMichael Johnson proposed openstack/octavia master: Refactor the failover flows  https://review.opendev.org/70531721:00
*** zasherif has quit IRC21:01
*** born2bake has quit IRC21:36
openstackgerritMikhail Ushanov proposed openstack/octavia master: fix(elements): fix nf_conntrack sysctl param names  https://review.opendev.org/70667421:38
*** zasherif has joined #openstack-lbaas21:44
*** zasherif has quit IRC21:50
rm_workcgoncalves: noop cert manager? :D21:51
johnsomrm_work He lives21:52
johnsomrm_work Hey, I have a question for you when you have a minute21:52
rm_workYeah sorry I've been pretty dead, kinda sick for a week or so, sleeping a lot. Not lower respiratory fortunately21:53
rm_workWhat's up?21:53
johnsomOh good21:53
xgerman+121:53
johnsomSo, failover patch. Greg noticed that it actually fails over amphora now, where before failover just deleted the amp if it wasn't assigned to an LB.21:53
johnsomMy thought on this is, it should fail it over and not just delete it.21:54
johnsomI'm working on adding an amphora delete to replace that functionality (i.e. you turn off spares pool for some reason).21:54
johnsomThoughs?21:54
xgermanfilling the spares pool has been our lowest priority (if we run with noiva quotas)21:56
xgermanalso you might get race cinditions sith whoever fills that pool21:56
* xgerman disappears in the bush21:56
johnsomThis case is, spare enable, you have 2 spare amps. Disable spares pool.21:57
johnsomNow you want to delete those spares (instead of just letting them be consumed)21:57
*** rcernin has joined #openstack-lbaas22:11
rm_workhmm yes22:23
rm_worki did sometimes rely on amphora-failover to deal with random extra amps22:24
rm_workbut, if there is a delete, that's fine22:24
rm_worki'm trying to remember the exact case i run into, but we don't even use a spares pool here22:24
johnsomOk, yeah, I think failover should failover. We can add an admin amphora delete22:25
rm_workand we would end up with random unowned amps... i think from errors somewhere in the boot process? though traditionally those would be deleted in revert...22:25
rm_workmight be resolved by jobboard too22:25
rm_workOR those might have been relics of failed failovers before22:25
dawzonjohnsom So when I actually try to test the pool ciphers patch, I'm having troubles with the .pem files for the member not actually showing up on the amphora.  They're just... not there, no directory is even created in /var/lib/octavia/certs.22:48
johnsomdawzon No hints in the amphora/syslog?22:49
dawzonhttps://www.irccloud.com/pastebin/mjymFuYD/22:54
dawzonNot that I can see.  There's a couple 404s but they all seem to be followed up by retries that return 20022:54
dawzonNot that I really know how to interpret this log22:55
dawzon, though22:55
johnsomThat log shows that it accepted the pem files.22:56
*** tkajinam has joined #openstack-lbaas22:56
dawzonThe one for the frontend shows up just fine, but not the other one.  I feel like it's gotta be something stupid but I haven't been able to quite nail it down22:57
dawzonOnly when I add the member does it fail22:58
johnsomDo you want to screen share?22:58
dawzonSure22:58
johnsomJoin the regular hangout room22:59
*** isakgicu has quit IRC23:18
johnsomBlah, ok, there is probably a bug in the pool CA cert jinja where the file path is getting written out wrong.23:23
*** zasherif has joined #openstack-lbaas23:37
*** zasherif has quit IRC23:41
openstackgerritMerged openstack/python-octaviaclient master: Add amphora stats show API and CLI  https://review.opendev.org/69946623:51
nmickusjohnsom  for updating the unit tests in the cli is all thats needed is to add `--tls_ciphers,  self._listener.tls_ciphers` to the agrlist and verifylist in the test?23:54
johnsomYeah, I think that is all23:54
johnsomJust so it puts some data in and checks it comes out on the back23:54
johnsomDon't forget to update the create and the set/update tests23:54
« Monday, 2020-04-06 Index Wednesday, 2020-04-08 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!