Thursday, 2020-07-23

*** ccamposr__ has joined #openstack-lbaas00:19
*** wuchunyang has joined #openstack-lbaas00:22
*** ccamposr has quit IRC00:22
*** wuchunyang has quit IRC00:26
*** spatel has joined #openstack-lbaas01:57
*** sapd1 has joined #openstack-lbaas02:31
*** sapd1 has quit IRC02:40
*** dulek has quit IRC02:42
*** dulek has joined #openstack-lbaas03:09
*** rcernin has quit IRC03:28
*** rcernin has joined #openstack-lbaas03:43
*** spatel has quit IRC03:46
*** rcernin has quit IRC03:47
*** rcernin has joined #openstack-lbaas03:49
*** sapd1 has joined #openstack-lbaas04:19
*** sapd1_x has joined #openstack-lbaas04:24
*** gcheresh has joined #openstack-lbaas05:11
*** eandersson has quit IRC05:11
*** eandersson has joined #openstack-lbaas05:12
*** vishalmanchanda has joined #openstack-lbaas05:38
*** maciejjozefczyk has joined #openstack-lbaas07:16
*** wuchunyang has joined #openstack-lbaas07:20
*** ccamposr has joined #openstack-lbaas07:21
*** ccamposr__ has quit IRC07:23
*** wuchunyang has quit IRC07:29
*** also_stingrayza is now known as stingrayza07:44
openstackgerritGregory Thiemonge proposed openstack/octavia master: Fix memory consumption issues with default connection_limit
*** wuchunyang has joined #openstack-lbaas07:59
*** wuchunya_ has joined #openstack-lbaas08:01
*** wuchunyang has quit IRC08:01
*** wuchunya_ has quit IRC08:02
*** wuchunyang has joined #openstack-lbaas08:04
*** wuchunyang has quit IRC08:05
*** born2bake has joined #openstack-lbaas08:53
*** rcernin has quit IRC08:56
*** vishalmanchanda has quit IRC09:10
*** gthiemonge has quit IRC09:20
*** bonguardo has joined #openstack-lbaas09:21
*** bonguardo has quit IRC09:29
*** vishalmanchanda has joined #openstack-lbaas11:09
*** laerling has joined #openstack-lbaas12:33
openstackgerritCarlos Goncalves proposed openstack/octavia master: Introduce an image driver interface
openstackgerritCarlos Goncalves proposed openstack/octavia master: Add amphora image tag capability to Octavia flavors
laerlingHi. Is there any way to expose a new Octavia API endpoint (for additional provider driver functionality) without changing the upstream code? I don't see any, but I want to be sure.12:38
*** sapd1 has quit IRC13:08
johnsomlaerling I'm not sure I fully understand the question, but provider drivers can be added without code changes. They are simply installed via pip or similar and then enabled in the configuration file via "enabled_provider_drivers".13:13
*** TrevorV has joined #openstack-lbaas13:22
*** gthiemonge has joined #openstack-lbaas13:33
*** also_stingrayza has joined #openstack-lbaas13:38
*** stingrayza has quit IRC13:38
*** also_stingrayza is now known as stingrayza13:39
openstackgerritGregory Thiemonge proposed openstack/octavia master: Add some details on enable_anti_affinity option
*** sapd1 has joined #openstack-lbaas14:05
*** sapd1 has quit IRC14:53
*** gcheresh has quit IRC14:57
*** mchlumsky7 has joined #openstack-lbaas15:01
*** mchlumsky has quit IRC15:03
*** mchlumsky7 is now known as mchlumsky15:03
*** sapd1 has joined #openstack-lbaas15:06
*** maciejjozefczyk has quit IRC15:33
johnsomcgoncalves FYI, I have incorporated your anti-affinity fix and unit tests in the v2 failover patch. The next post will include it16:45
cgoncalvescool, thank you16:50
*** sapd1 has quit IRC17:06
*** vishalmanchanda has quit IRC17:28
*** ccamposr has quit IRC17:30
openstackgerritAnushka Singh proposed openstack/octavia-tempest-plugin master: Update statistics tests for response time metric
*** numans_ is now known as numans17:45
openstackgerritAnushka Singh proposed openstack/octavia master: Added new metric - response time
openstackgerritAnushka Singh proposed openstack/octavia master: Refactoring amphora stats driver interface
*** gcheresh has joined #openstack-lbaas18:04
laerlingjohnsom: Yes, I know. I was asking whether a driver can alter the API exposed by Octavia by any means. I mean the API that e. g. the Openstack CLI talks to.18:15
johnsomlaerling No, OpenStack APIs are defined APIs and features would need to be added by code. That said, drivers can expose proprietary features via the flavors feature.18:17
aannuusshhkkaahey johnsom, can you please review soon?18:20
aannuusshhkkaaThank you!18:22
*** maciejjozefczyk has joined #openstack-lbaas18:38
*** maciejjozefczyk has quit IRC18:44
*** shtepanie has joined #openstack-lbaas18:53
openstackgerritBrian Haley proposed openstack/octavia-tempest-plugin master: Always pass subnet ID to member_create()
openstackgerritBrian Haley proposed openstack/octavia-tempest-plugin master: Always pass subnet ID to member_create()
*** mchlumsky has quit IRC19:35
*** mchlumsky has joined #openstack-lbaas19:41
*** redrobot has joined #openstack-lbaas19:52
redrobotHi Octavia friends!20:01
johnsomHi neighbor!20:01
redrobotI had a quick question about Octavia->Barbican context.  Someone was asking me about Horizon errors when using the Octavia UI.  Seems like a policy error where Barbican is denying access to a secret.20:05
redrobotWhat context does octavia_dashboard pass to barbican?20:05
redrobotis it the user's context?20:05
redrobotor octavia-service-user's context?20:05
rm_workNo, we use our admin context20:05
rm_workand Barbican ACLs20:05
johnsomredrobot They are OSA users I suspect.20:07
rm_work* octavia-service-user's context?20:07
rm_work^^ that20:07
johnsomOSA had a bug where it was installing mis-matched versions of octavia dashboard and openstacksdk.20:08
rm_workcgoncalves: remove your -W on and
redrobotcool beans, thanks rm_work johnsom!20:09
redrobotI'm sure I'll be back with more questions eventually :)20:09
rm_workWe still really need to clean up our Barbican story20:09
rm_workthere's a couple things left20:09
rm_workfixing secrets to use Certificate type and then filter on those20:09
redrobotrm_work, let me know if you need any help with that20:10
rm_work(in horizon)20:10
rm_worksince Secrets can be set to that type, right? which is totally informational20:10
redrobotah yes, I still have that RFE to add sorting by secret type20:10
rm_workbut we may want to standardize on that20:10
rm_workdidn't know that was still waiting on barbican change :D20:10
redrobotthe ask was to do something like GET /v1/secrets?type=certificate righ?20:11
redrobotcool, yeah should be fairly straight-forward to do.20:13
redrobotrm_work, maybe I'm not reading this right, but it looks like it's using the request's token?
rm_workto create ACLs20:17
redrobotooooooh, OK20:17
rm_workbut when the backend actually gets the cert, we use the octavia-service-tenant20:18
johnsomrm_work That is dashboard20:18
johnsomIt's using the user's token to get the list of available certs20:18
rm_workRIGHT sorry20:18
rm_workyeah in dashboard because it is an active user context, we use that20:18
rm_worki am talking about the octavia api / worker T_T20:18
redrobotno worries20:18
redrobotI appreciate the help, y'all!20:19
* redrobot is trying to squash a policy bug20:19
johnsomredrobot We had this issue:
johnsomBut that was a long time ago20:19
johnsomNot sure what version you are running20:20
johnsomBut I don't think that would present as a policy error20:20
redrobotIt's a bug report for Queens.  Stacktrace is for barbicanclient denying access, so maybe not related to that bug.20:21
johnsomYeah, ok20:21
*** TMM has quit IRC20:22
*** TMM has joined #openstack-lbaas20:23
johnsomIf you would like a second set of eyes, send the BZ or story link20:23
redrobotjohnsom, bug 1853507 in openstack-barbican "Elevate project level users access to complete tasks in Horizon causing issues for other users" [Unspecified,New] - Assigned to alee20:26
redrobotI _think_ what's going on is that the new role they added is for a project that is different than the project that owns the lb20:27
*** gcheresh has quit IRC20:28
johnsomredrobot Oye, I see a bunch of issues with that BZ. For one, tripleo disables the "advanced RBAC", so load-balancer_observer shouldn't exist.20:29
johnsomMaybe they are trying to turn it on?20:30
redrobotjohnsom, I think they're trying to add a new role "project_load-balancer_admin", and adding the default roles as to not break anything20:31
redrobotbut they're also missing "load-balancer_admin"20:31
johnsomYeah, so first read through, they are only adding Octavia roles, there is no role for barbican there20:32
redrobotYeah, that's the main issue, I think.  I just wanted to make sure octavia was using the user's context, to recommend that the users get barbican roles assigned to them.20:33
johnsomYeah. Reading the customer case now to see if there is more detail there20:34
johnsomredrobot Yeah, pretty sure the user doesn't have a barbican role.20:42
*** ccamposr has joined #openstack-lbaas20:43
*** TrevorV has quit IRC20:49
cgoncalvesrm_work, removed -W. thank you20:49
*** ccamposr has quit IRC21:20
*** JayF has quit IRC21:44
*** JayF has joined #openstack-lbaas21:45
*** born2bake has quit IRC23:28
*** shtepanie has quit IRC23:32
*** ccamposr has joined #openstack-lbaas23:40

Generated by 2.17.2 by Marius Gedminas - find it at!