| *** ccamposr__ has joined #openstack-lbaas | 00:19 | |
| *** wuchunyang has joined #openstack-lbaas | 00:22 | |
| *** ccamposr has quit IRC | 00:22 | |
| *** wuchunyang has quit IRC | 00:26 | |
| *** spatel has joined #openstack-lbaas | 01:57 | |
| *** sapd1 has joined #openstack-lbaas | 02:31 | |
| *** sapd1 has quit IRC | 02:40 | |
| *** dulek has quit IRC | 02:42 | |
| *** dulek has joined #openstack-lbaas | 03:09 | |
| *** rcernin has quit IRC | 03:28 | |
| *** rcernin has joined #openstack-lbaas | 03:43 | |
| *** spatel has quit IRC | 03:46 | |
| *** rcernin has quit IRC | 03:47 | |
| *** rcernin has joined #openstack-lbaas | 03:49 | |
| *** sapd1 has joined #openstack-lbaas | 04:19 | |
| *** sapd1_x has joined #openstack-lbaas | 04:24 | |
| *** gcheresh has joined #openstack-lbaas | 05:11 | |
| *** eandersson has quit IRC | 05:11 | |
| *** eandersson has joined #openstack-lbaas | 05:12 | |
| *** vishalmanchanda has joined #openstack-lbaas | 05:38 | |
| *** maciejjozefczyk has joined #openstack-lbaas | 07:16 | |
| *** wuchunyang has joined #openstack-lbaas | 07:20 | |
| *** ccamposr has joined #openstack-lbaas | 07:21 | |
| *** ccamposr__ has quit IRC | 07:23 | |
| *** wuchunyang has quit IRC | 07:29 | |
| *** also_stingrayza is now known as stingrayza | 07:44 | |
| openstackgerrit | Gregory Thiemonge proposed openstack/octavia master: Fix memory consumption issues with default connection_limit https://review.opendev.org/735126 | 07:59 |
|---|---|---|
| *** wuchunyang has joined #openstack-lbaas | 07:59 | |
| *** wuchunya_ has joined #openstack-lbaas | 08:01 | |
| *** wuchunyang has quit IRC | 08:01 | |
| *** wuchunya_ has quit IRC | 08:02 | |
| *** wuchunyang has joined #openstack-lbaas | 08:04 | |
| *** wuchunyang has quit IRC | 08:05 | |
| *** born2bake has joined #openstack-lbaas | 08:53 | |
| *** rcernin has quit IRC | 08:56 | |
| *** vishalmanchanda has quit IRC | 09:10 | |
| *** gthiemonge has quit IRC | 09:20 | |
| *** bonguardo has joined #openstack-lbaas | 09:21 | |
| *** bonguardo has quit IRC | 09:29 | |
| *** vishalmanchanda has joined #openstack-lbaas | 11:09 | |
| *** laerling has joined #openstack-lbaas | 12:33 | |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia master: Introduce an image driver interface https://review.opendev.org/738017 | 12:38 |
| openstackgerrit | Carlos Goncalves proposed openstack/octavia master: Add amphora image tag capability to Octavia flavors https://review.opendev.org/737528 | 12:38 |
| laerling | Hi. Is there any way to expose a new Octavia API endpoint (for additional provider driver functionality) without changing the upstream code? I don't see any, but I want to be sure. | 12:38 |
| *** sapd1 has quit IRC | 13:08 | |
| johnsom | laerling I'm not sure I fully understand the question, but provider drivers can be added without code changes. They are simply installed via pip or similar and then enabled in the configuration file via "enabled_provider_drivers". | 13:13 |
| *** TrevorV has joined #openstack-lbaas | 13:22 | |
| *** gthiemonge has joined #openstack-lbaas | 13:33 | |
| *** also_stingrayza has joined #openstack-lbaas | 13:38 | |
| *** stingrayza has quit IRC | 13:38 | |
| *** also_stingrayza is now known as stingrayza | 13:39 | |
| openstackgerrit | Gregory Thiemonge proposed openstack/octavia master: Add some details on enable_anti_affinity option https://review.opendev.org/742670 | 13:40 |
| *** sapd1 has joined #openstack-lbaas | 14:05 | |
| *** sapd1 has quit IRC | 14:53 | |
| *** gcheresh has quit IRC | 14:57 | |
| *** mchlumsky7 has joined #openstack-lbaas | 15:01 | |
| *** mchlumsky has quit IRC | 15:03 | |
| *** mchlumsky7 is now known as mchlumsky | 15:03 | |
| *** sapd1 has joined #openstack-lbaas | 15:06 | |
| *** maciejjozefczyk has quit IRC | 15:33 | |
| johnsom | cgoncalves FYI, I have incorporated your anti-affinity fix and unit tests in the v2 failover patch. The next post will include it | 16:45 |
| cgoncalves | cool, thank you | 16:50 |
| *** sapd1 has quit IRC | 17:06 | |
| *** vishalmanchanda has quit IRC | 17:28 | |
| *** ccamposr has quit IRC | 17:30 | |
| openstackgerrit | Anushka Singh proposed openstack/octavia-tempest-plugin master: Update statistics tests for response time metric https://review.opendev.org/742716 | 17:42 |
| *** numans_ is now known as numans | 17:45 | |
| openstackgerrit | Anushka Singh proposed openstack/octavia master: Added new metric - response time https://review.opendev.org/742294 | 17:45 |
| openstackgerrit | Anushka Singh proposed openstack/octavia master: Refactoring amphora stats driver interface https://review.opendev.org/737111 | 17:51 |
| *** gcheresh has joined #openstack-lbaas | 18:04 | |
| laerling | johnsom: Yes, I know. I was asking whether a driver can alter the API exposed by Octavia by any means. I mean the API that e. g. the Openstack CLI talks to. | 18:15 |
| johnsom | laerling No, OpenStack APIs are defined APIs and features would need to be added by code. That said, drivers can expose proprietary features via the flavors feature. | 18:17 |
| aannuusshhkkaa | hey johnsom, can you please review https://review.opendev.org/#/c/740815/ soon? | 18:20 |
| johnsom | Yeah | 18:21 |
| aannuusshhkkaa | Thank you! | 18:22 |
| *** maciejjozefczyk has joined #openstack-lbaas | 18:38 | |
| *** maciejjozefczyk has quit IRC | 18:44 | |
| *** shtepanie has joined #openstack-lbaas | 18:53 | |
| openstackgerrit | Brian Haley proposed openstack/octavia-tempest-plugin master: Always pass subnet ID to member_create() https://review.opendev.org/742728 | 19:32 |
| openstackgerrit | Brian Haley proposed openstack/octavia-tempest-plugin master: Always pass subnet ID to member_create() https://review.opendev.org/742728 | 19:32 |
| *** mchlumsky has quit IRC | 19:35 | |
| *** mchlumsky has joined #openstack-lbaas | 19:41 | |
| *** redrobot has joined #openstack-lbaas | 19:52 | |
| redrobot | Hi Octavia friends! | 20:01 |
| johnsom | Hi neighbor! | 20:01 |
| redrobot | :D | 20:02 |
| redrobot | I had a quick question about Octavia->Barbican context. Someone was asking me about Horizon errors when using the Octavia UI. Seems like a policy error where Barbican is denying access to a secret. | 20:05 |
| redrobot | What context does octavia_dashboard pass to barbican? | 20:05 |
| redrobot | is it the user's context? | 20:05 |
| redrobot | or octavia-service-user's context? | 20:05 |
| rm_work | No, we use our admin context | 20:05 |
| rm_work | and Barbican ACLs | 20:05 |
| johnsom | redrobot They are OSA users I suspect. | 20:07 |
| rm_work | * octavia-service-user's context? | 20:07 |
| rm_work | ^^ that | 20:07 |
| johnsom | OSA had a bug where it was installing mis-matched versions of octavia dashboard and openstacksdk. | 20:08 |
| rm_work | cgoncalves: remove your -W on https://review.opendev.org/#/c/742401/ and https://review.opendev.org/#/c/742402/ | 20:08 |
| redrobot | cool beans, thanks rm_work johnsom! | 20:09 |
| redrobot | I'm sure I'll be back with more questions eventually :) | 20:09 |
| rm_work | We still really need to clean up our Barbican story | 20:09 |
| rm_work | there's a couple things left | 20:09 |
| rm_work | fixing secrets to use Certificate type and then filter on those | 20:09 |
| redrobot | rm_work, let me know if you need any help with that | 20:10 |
| rm_work | (in horizon) | 20:10 |
| rm_work | since Secrets can be set to that type, right? which is totally informational | 20:10 |
| redrobot | ah yes, I still have that RFE to add sorting by secret type | 20:10 |
| rm_work | but we may want to standardize on that | 20:10 |
| rm_work | filter? | 20:10 |
| redrobot | s/sorting/retrieving/ | 20:10 |
| rm_work | k | 20:10 |
| redrobot | s/sorting/filtering/ | 20:10 |
| rm_work | didn't know that was still waiting on barbican change :D | 20:10 |
| redrobot | the ask was to do something like GET /v1/secrets?type=certificate righ? | 20:11 |
| rm_work | yeah | 20:11 |
| redrobot | cool, yeah should be fairly straight-forward to do. | 20:13 |
| redrobot | rm_work, maybe I'm not reading this right, but it looks like it's using the request's token? https://opendev.org/openstack/octavia-dashboard/src/branch/master/octavia_dashboard/api/rest/barbican.py#L37 | 20:17 |
| rm_work | to create ACLs | 20:17 |
| redrobot | ooooooh, OK | 20:17 |
| rm_work | but when the backend actually gets the cert, we use the octavia-service-tenant | 20:18 |
| johnsom | rm_work That is dashboard | 20:18 |
| rm_work | oh | 20:18 |
| johnsom | It's using the user's token to get the list of available certs | 20:18 |
| rm_work | RIGHT sorry | 20:18 |
| rm_work | yeah in dashboard because it is an active user context, we use that | 20:18 |
| redrobot | Gotcha | 20:18 |
| rm_work | i am talking about the octavia api / worker T_T | 20:18 |
| rm_work | whoops | 20:18 |
| redrobot | hehe | 20:18 |
| redrobot | no worries | 20:18 |
| redrobot | I appreciate the help, y'all! | 20:19 |
| * redrobot is trying to squash a policy bug | 20:19 | |
| johnsom | redrobot We had this issue: https://github.com/openstack/octavia-dashboard/commit/9fc4b035cf34445c5a3079b4d183b9bce5a8c741#diff-a61dbd6fd2b877a73202baaf035d9988 | 20:19 |
| johnsom | But that was a long time ago | 20:19 |
| johnsom | Not sure what version you are running | 20:20 |
| johnsom | But I don't think that would present as a policy error | 20:20 |
| redrobot | It's a bug report for Queens. Stacktrace is for barbicanclient denying access, so maybe not related to that bug. | 20:21 |
| johnsom | Yeah, ok | 20:21 |
| *** TMM has quit IRC | 20:22 | |
| *** TMM has joined #openstack-lbaas | 20:23 | |
| johnsom | If you would like a second set of eyes, send the BZ or story link | 20:23 |
| redrobot | johnsom, https://bugzilla.redhat.com/show_bug.cgi?id=1853507 | 20:26 |
| openstack | bugzilla.redhat.com bug 1853507 in openstack-barbican "Elevate project level users access to complete tasks in Horizon causing issues for other users" [Unspecified,New] - Assigned to alee | 20:26 |
| redrobot | I _think_ what's going on is that the new role they added is for a project that is different than the project that owns the lb | 20:27 |
| *** gcheresh has quit IRC | 20:28 | |
| johnsom | redrobot Oye, I see a bunch of issues with that BZ. For one, tripleo disables the "advanced RBAC", so load-balancer_observer shouldn't exist. | 20:29 |
| johnsom | Maybe they are trying to turn it on? | 20:30 |
| redrobot | johnsom, I think they're trying to add a new role "project_load-balancer_admin", and adding the default roles as to not break anything | 20:31 |
| redrobot | but they're also missing "load-balancer_admin" | 20:31 |
| johnsom | Yeah, so first read through, they are only adding Octavia roles, there is no role for barbican there | 20:32 |
| redrobot | Yeah, that's the main issue, I think. I just wanted to make sure octavia was using the user's context, to recommend that the users get barbican roles assigned to them. | 20:33 |
| johnsom | Yeah. Reading the customer case now to see if there is more detail there | 20:34 |
| johnsom | redrobot Yeah, pretty sure the user doesn't have a barbican role. | 20:42 |
| *** ccamposr has joined #openstack-lbaas | 20:43 | |
| *** TrevorV has quit IRC | 20:49 | |
| cgoncalves | rm_work, removed -W. thank you | 20:49 |
| *** ccamposr has quit IRC | 21:20 | |
| *** JayF has quit IRC | 21:44 | |
| *** JayF has joined #openstack-lbaas | 21:45 | |
| *** born2bake has quit IRC | 23:28 | |
| *** shtepanie has quit IRC | 23:32 | |
| *** ccamposr has joined #openstack-lbaas | 23:40 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!