Wednesday, 2020-07-08

*** born2bake has quit IRC00:21
*** armax has joined #openstack-lbaas00:33
*** yamamoto has joined #openstack-lbaas00:39
*** rcernin has quit IRC00:42
*** rcernin has joined #openstack-lbaas00:46
roukjohnsom: ever heard of people having issues using terminated_https with application credentials? cant retrieve cert, but only with appcreds, is there something in the barbican ACL flow that breaks if not a regular user?00:52
*** rcernin has quit IRC02:13
*** rcernin has joined #openstack-lbaas02:15
*** rcernin has quit IRC02:33
*** rcernin has joined #openstack-lbaas02:55
*** armax has quit IRC03:34
*** wuchunyang has joined #openstack-lbaas04:33
*** gcheresh has joined #openstack-lbaas05:34
*** wuchunyang has quit IRC05:35
*** wuchunyang has joined #openstack-lbaas05:36
*** wuchunyang has quit IRC06:21
*** trident has quit IRC06:39
*** wuchunyang has joined #openstack-lbaas06:39
*** trident has joined #openstack-lbaas06:42
*** rpittau has joined #openstack-lbaas06:50
*** rcernin has quit IRC06:59
*** luksky has joined #openstack-lbaas07:00
*** wuchunyang has quit IRC07:05
*** rcernin has joined #openstack-lbaas07:06
*** maciejjozefczyk has joined #openstack-lbaas07:09
*** wuchunyang has joined #openstack-lbaas07:17
*** rpittau has quit IRC07:23
*** rpittau has joined #openstack-lbaas07:25
*** rpittau has quit IRC07:31
openstackgerritAnn Taraday proposed openstack/octavia master: Add requirements for jobboard drivers
*** also_stingrayza is now known as stingrayza07:35
*** rcernin has quit IRC07:41
*** rpittau has joined #openstack-lbaas07:42
*** tkajinam has quit IRC08:23
*** spatel has joined #openstack-lbaas08:36
*** spatel has quit IRC08:41
*** wuchunyang has quit IRC08:56
*** luksky has quit IRC09:03
*** wuchunyang has joined #openstack-lbaas09:05
*** born2bake has joined #openstack-lbaas09:13
*** wuchunyang has quit IRC09:16
*** luksky has joined #openstack-lbaas09:16
*** rcernin has joined #openstack-lbaas09:26
*** yamamoto has quit IRC09:39
*** rcernin has quit IRC09:41
*** yamamoto has joined #openstack-lbaas09:42
*** ataraday_ has joined #openstack-lbaas09:52
*** yamamoto has quit IRC10:00
*** yamamoto has joined #openstack-lbaas10:02
*** yamamoto has quit IRC10:18
openstackgerritMerged openstack/octavia master: Remove translation sections from setup.cfg
*** wuchunyang has joined #openstack-lbaas10:42
*** wuchunyang has quit IRC10:47
*** armax has joined #openstack-lbaas10:48
*** yamamoto has joined #openstack-lbaas10:51
*** yamamoto has quit IRC10:56
openstackgerritwu.chunyang proposed openstack/octavia master: [doc] add missing but required package
openstackgerritAnn Taraday proposed openstack/octavia master: Avoid trying to run jobboard conductor on error
*** rcernin has joined #openstack-lbaas12:08
openstackgerritGregory Thiemonge proposed openstack/octavia-tempest-plugin master: WIP SCTP traffic scenario tests
*** rcernin has quit IRC12:16
*** ramishra has quit IRC12:31
*** luksky has quit IRC12:36
*** squarebracket has quit IRC12:43
*** squarebracket has joined #openstack-lbaas12:44
*** rpittau has quit IRC12:57
*** rpittau has joined #openstack-lbaas13:00
*** ramishra has joined #openstack-lbaas13:02
*** TrevorV has joined #openstack-lbaas13:28
*** johnsom has joined #openstack-lbaas13:42
johnsomWeee, another 14+ hour outage for irccloud. If you private messaged me, I didn't get it.13:44
johnsomrouk Hi, so you have a listener that has client certificate authentication enabled and you are having trouble connecting?13:46
rouknope, trouble making the listener, if youre using an application credential regardless of the perms the cred has, including admin, octavia will respond with 400 cant retrieve cert, presumably the barbican acl set breaks?13:48
roukattempt to make terminated_https listener with appcred, fails with a 400, likely an error in the backend too, but its easy to reproduce if you wanna try13:49
johnsomOh, so it's a special type of token? Like a scoped token?13:49
roukyeah, application credentials,
johnsomYeah, if you have reproducer steps, let's open a story in storyboard for it. I have an idea I know what the problem is. I think it is similar to an issue we just fixed on the neutron subnet lookup.13:50
roukthey should behave the same as a user with the same creds.13:50
roukyeah the steps are create appcred, use it to auth, then use it to try and make a terminated_https listener, i guess i can paste the 3 commands in a story :p13:51
johnsomrouk Stories are good for tracking and making sure we don't forget something, etc. Plus required for backports.13:52
johnsomrouk Thanks. What version of Octavia are you running?13:52
rouk5.0.2.dev43 (stable/train as of the last time we spoke, cause of those cert bugs)13:55
*** rpittau_ has joined #openstack-lbaas13:56
*** rpittau has quit IRC13:58
ataraday_cgoncalves, Hi! I need your expert thoughts on!/story/2007892 If you have time, please add a comment about what I'm missing...14:09
*** rm_you has joined #openstack-lbaas14:31
*** dmsimard has quit IRC14:41
*** dmsimard has joined #openstack-lbaas14:41
*** gcheresh has quit IRC15:08
cgoncalvesataraday_, hey. sure, let me have a quick look.15:12
cgoncalvesataraday_, the lib dependency with redis in stable/ussuri is missing15:19
cgoncalveso-cw did not even start ussuri/pre-upgrade cloud:
*** armax has quit IRC15:25
*** gcheresh has joined #openstack-lbaas15:50
ataraday_so, we need to backport requirements changes sto stable/ussuri...15:56
ataraday_cgoncalves, is this possible?15:56
cgoncalvesataraday_, sometimes there are exceptions, yes15:57
cgoncalvesataraday_, but I'm not sure we want to test upgrade from ussuri + amphorav2 to victoria/master + amphorav215:57
cgoncalvessince v2 was/is still experimental15:57
cgoncalvesit would be nice to test upgrade from ussuri + amphora v1 to master + amphorav215:58
*** armax has joined #openstack-lbaas15:58
cgoncalveswhich could be a no-nop if we alias "amphora" to "amphorav2"15:58
ataraday_hm... OK, so I'll need to change experimental job then15:58
ataraday_so grenade job would be meaningful15:59
ataraday_cgoncalves, thanks a lot for help!16:00
johnsom#startmeeting Octavia16:00
openstackMeeting started Wed Jul  8 16:00:10 2020 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
*** openstack changes topic to " (Meeting topic: Octavia)"16:00
openstackThe meeting name has been set to 'octavia'16:00
johnsomHi everyone!16:00
johnsomI am having a slow start to the morning with irccloud down and chrome blowing up on me this morning.16:00
johnsomNothing like having four desktops worth of chrome windows all pile on the main desktop. lol16:01
johnsom#topic Announcements16:01
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"16:01
johnsomHAProxy 2.2 LTS released yesterday.16:01
johnsomThose are the high level details.16:02
johnsomMostly bug fixes, performance stuff. There are some nice certificate update enhancements we could pull in once we have a path to 2.216:02
johnsomJust another reminder, the MS2 milestone is at the end of this month.16:03
*** aannuusshhkkaa has joined #openstack-lbaas16:05
johnsomThe summit program committee is looking for people to review summit presentations:16:05
johnsomIt's nice that this is being announced this round, but I don't think I can do it this time.16:06
johnsomAny other announcements this weekk?16:06
cgoncalvesSummit as in the Berlin Summit later this year?16:06
johnsomAs far as I am aware, yes16:06
rm_youI was pretty sure that wasn't gonna happen?16:06
rm_youespecially since the US is a shitshow right now with no signs of looking up until after early November <_<16:07
johnsomI know they were talking about delaying it, but that was a while ago. I haven't heard anything new.16:07
johnsomYeah, I think travel is going to be an issue16:08
johnsomProbably not for cgoncalves though.... lol16:08
cgoncalvesit would still a 5h30 journey :)16:08
johnsomOk, anything else?16:10
johnsom#topic Brief progress reports / bugs needing review16:10
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"16:10
ataraday_I created a section with some fixes for amphorav2 in
johnsomReviews, various little bug fixes, and progress on failover for amphorav2. The tasks should all be converted now, I just need to work on the flows.16:11
johnsomGot the first green test run last night (though stuff is still broken)16:12
johnsomAh, yeah, that has been on my todo list. I need to update the priority review list for Victoria. Thanks for the start!16:12
cgoncalvesI proposed backport of the failover refactor to ussuri and train. ussuri is ready, train fixing py2 issues.  worked on a path in the amphorav2 provider to not use jobboard and so not require extra infrastructure like redis/zookeeper and additional mysql database16:13
*** aannuusshhkkaa has quit IRC16:13
*** aannuusshhkkaa39 has joined #openstack-lbaas16:14
johnsomSomeone almost deleted the priority review list... (there is a history so it can be recovered)16:14
gthiemongeI proposed patches for SCTP support in the Amphora16:14
gthiemongejohnsom: ahem16:14
johnsomYeah, cool16:14
cgoncalvesI have a handful of patches to add to the priority review list...16:15
johnsomPlease do. I will try to go through it sometime this week.16:16
cgoncalvesataraday_, thanks for reviewing be assured we want jobboard enabled by default16:17
rm_youWe are working on refactoring the statistics collection driver layer -- per johnsom's comments on the patch, it looks like we're going to have to do a ton more work, and actually move it up a level, outside of the amphora driver and as a top level interface (since it will be usable be all providers, not just amphora -- and already is being used that way actually)16:18
johnsomYeah, I just want to make sure we include/consider the non-amphora drivers in that effort.16:19
cgoncalvesrm_you, it came to my attention you -2 Backport-Candidate the failover refactor patch. why do you think it is not backport material?16:21
johnsomOh, I also found the issue with our IPv6 only gate job, so that is back to passing once the patch merges.16:22
rm_youit's a complete rewrite of our failover flows and is a major and very complex change16:22
cgoncalvesthe commit title may be misleading but it fixes a ton of issues we've been seeing people getting into due to nova issues16:22
rm_youI in no way would have expected it to be backport material16:22
rm_youwhich is why i said i was surprised to see you backporting it16:22
johnsomI went to some lengths to make sure there are no "non-backportable" changes, but it is a large change.16:23
rm_youI'm not ... strictly opposed to VERY careful work backporting it....16:23
rm_youbut GREAT CARE must be taken16:23
johnsomThat said, it does fix some nasty issues we have seen people run into. Most notably the nova bugs16:23
rm_youI am hesitant to actually merge a change of that magnitude in such a critical path, as a backport16:23
cgoncalvesyeah, for sure it's a massive patch16:23
rm_youand we definitely haven't had much time-testing on this yet16:24
rm_youI am ... *relatively* confident it works, but ...16:24
cgoncalveswe've lately seen outages in different clouds due to these nova bugs, causing us to spend time go fix it manually16:25
johnsomFor personal reasons, I would really like to see it make it to train16:25
rm_youI understand it's a balance between trying not to backport things that could upset the stability of *stable* releases, and also fixing things in stable releases that aren't so "stable:16:25
johnsom#topic Open Discussion16:26
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"16:26
rm_youso if you are willing to take the responsibility for making sure it's all working... and you are VERY confident that it's going to be an improvement and not cause any other issues... I won't stand in your way16:26
rm_youI would much rather encourage people to UPGRADE to get it16:26
rm_yourather than backport it into existing people's deployments as a minor version increment16:27
johnsomWhat do others think?16:28
cgoncalvesit's not that trivial to upgrade on commercial offerings :)16:28
rm_youcan't just change the VERSION flag to "master"? :D16:29
cgoncalvesit is also not even yet released in victoria16:29
rm_youI thought it actually merged in time for our ussuri release?16:29
rm_youdid it not16:29
ataraday_I'm for backporting this as it not to get customer upgraded to latest version16:29
cgoncalvesI proposed the backport to ussuri so...16:29
rm_youdid I very much lose track of time16:29
rm_youI've been running it since mid-ussuri lol16:30
johnsomNo, it sat and didn't get into Ussuri16:30
ataraday_*not so easy16:30
rm_youya'll go for it :D16:30
rm_youI wish you the best of luck16:30
rm_youand i suppose I can slap a +A on there if you've very confident in it, though my ability to test on older versions is limited16:31
cgoncalvesrm_you, the fact you run it in production gives us an extra boost of convidence that it is stable and worth backporting :)16:31
johnsomLet's move forward with the backports, but maybe put extra testing cycles into those patches16:31
rm_youyes, I imagine my environment is like 95% of the testing it has so far, lol16:31
rm_you*real world testing, at least16:31
rm_youpossibly 100% <_<16:31
cgoncalvesataraday_, you're also supportive of the backport? cool, that makes at least 2 vendors interested16:32
cgoncalvesrm_you, FWIW I'm not going to propose backports to stein or older releases16:34
johnsomWe should all commit to doing some extra testing on the backports.16:35
ataraday_cgoncalves, yep, I'm for backports16:35
rm_youi'll test the frontports ;)16:35
cgoncalvesI reviewed the master patch line-by-line and proposed the backports. internally we will be testing this on Python 2 and 3 and on Queens and Train clouds16:36
cgoncalvesrm_you, lol16:36
johnsomOk, any other topics for today?  Good discussion, it's an important patch.16:37
cgoncalvesthank you for all your hard work on the patch, johnsom!16:37
johnsomThat was a doozy, thanks!16:38
cgoncalvesthe single haproxy patch was also something :) and it was backported!16:39
johnsomI don't think I have any other topics today.16:41
johnsomThere was a discussion this morning that the barbican ACL call may need to be updated for some of these alternate keystone token types. I expect similar to what we did with the neutron subnet call.16:41
johnsomIf someone has some cycles there should be a story open for it16:42
johnsomOk, if there aren't any more topics I will call the meeting for the week.16:43
johnsomThank you all for your work!16:43
*** aannuusshhkkaa39 has quit IRC16:43
*** openstack changes topic to "Discussions for OpenStack Octavia | Priority bug review list:"16:44
openstackMeeting ended Wed Jul  8 16:44:37 2020 UTC.  Information about MeetBot at . (v 0.1.4)16:44
openstackMinutes (text):
*** gcheresh has quit IRC17:09
*** ataraday_ has quit IRC18:18
*** also_stingrayza has joined #openstack-lbaas18:19
*** stingrayza has quit IRC18:21
*** maciejjozefczyk has quit IRC18:56
*** rpittau_ has quit IRC19:01
*** gmann_ has joined #openstack-lbaas19:17
*** gmann_ is now known as gmann19:18
openstackgerritBrian Haley proposed openstack/octavia master: Remove blacklist terminology in the Octavia tree
*** aannuusshhkkaa has joined #openstack-lbaas19:32
*** mnaser has joined #openstack-lbaas19:32
*** dougwig has joined #openstack-lbaas19:33
*** hemanth_n has joined #openstack-lbaas19:34
*** kklimonda has joined #openstack-lbaas19:36
*** rpittau has joined #openstack-lbaas19:40
*** jamespage has joined #openstack-lbaas19:40
*** beisner has joined #openstack-lbaas19:42
*** jrosser has joined #openstack-lbaas19:48
*** nicolasbock has joined #openstack-lbaas19:50
*** stevenglasford has joined #openstack-lbaas19:53
*** rm_work has joined #openstack-lbaas19:53
*** vishalmanchanda has joined #openstack-lbaas19:53
*** fyx has joined #openstack-lbaas19:55
*** headphoneJames has joined #openstack-lbaas19:58
*** johnsom_ has joined #openstack-lbaas20:10
*** coreycb has joined #openstack-lbaas20:13
*** emccormick has joined #openstack-lbaas20:14
*** andrein has joined #openstack-lbaas20:21
*** xgerman has joined #openstack-lbaas20:27
*** NobodyCam has joined #openstack-lbaas20:36
*** mnaser is now known as mnaser|ic20:52
*** mnaser|ic has quit IRC21:08
*** mnaser|ic has joined #openstack-lbaas21:08
*** mnaser|ic has quit IRC21:08
*** mnaser|ic has joined #openstack-lbaas21:08
*** mnaser|ic is now known as vexxhost21:08
*** vexxhost is now known as mnaser21:14
*** mnaser is now known as mnaser|ic21:14
*** johnsom has quit IRC21:19
*** johnsom_ is now known as johnsom21:19
*** johnsom has joined #openstack-lbaas21:19
johnsomOk, I think my IRC client is now back up and functional.21:20
*** TrevorV has quit IRC21:53
*** servagem has quit IRC21:59
*** vishalmanchanda has quit IRC22:03
*** armax has quit IRC22:23
*** armax has joined #openstack-lbaas22:56
*** tkajinam has joined #openstack-lbaas22:58
*** rcernin has joined #openstack-lbaas23:01
*** mnaser|ic has quit IRC23:38
*** mnaser|ic has joined #openstack-lbaas23:38
*** mnaser|ic has quit IRC23:38
*** mnaser|ic has joined #openstack-lbaas23:38
*** mnaser|ic is now known as mnaser23:38
*** born2bake has quit IRC23:42
*** wuchunyang has joined #openstack-lbaas23:45
*** wuchunyang has quit IRC23:49

Generated by 2.17.2 by Marius Gedminas - find it at!