| *** xarlos has quit IRC | 00:07 | |
| *** terdei has joined #openstack-lbaas | 00:18 | |
| *** ccamposr has quit IRC | 01:03 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Add support for Keystone default roles https://review.opendev.org/c/openstack/octavia/+/775957 | 02:15 |
|---|---|---|
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Add support for scoped tokens and default roles https://review.opendev.org/c/openstack/octavia/+/775957 | 02:16 |
| johnsom | Octavia community, I would like some feedback and thorough review on that scoped token patch. It will be the basis for the other RBAC update patches. | 02:20 |
| *** rcernin has quit IRC | 02:27 | |
| openstackgerrit | Michael Johnson proposed openstack/octavia master: Add support for scoped tokens and default roles https://review.opendev.org/c/openstack/octavia/+/775957 | 02:33 |
| johnsom | Blah, needed to bump the lower constraint farther than Lance did.... | 02:34 |
| *** rcernin has joined #openstack-lbaas | 03:07 | |
| *** psachin has joined #openstack-lbaas | 03:41 | |
| *** xgerman has quit IRC | 03:48 | |
| *** yamamoto has quit IRC | 04:02 | |
| *** yamamoto has joined #openstack-lbaas | 04:23 | |
| *** vishalmanchanda has joined #openstack-lbaas | 04:36 | |
| *** gcheresh has joined #openstack-lbaas | 06:26 | |
| *** mnaser has quit IRC | 06:32 | |
| *** mnaser has joined #openstack-lbaas | 06:34 | |
| *** ccamposr has joined #openstack-lbaas | 07:06 | |
| *** rcernin has quit IRC | 07:47 | |
| *** luksky has joined #openstack-lbaas | 07:57 | |
| *** rpittau|afk is now known as rpittau | 08:12 | |
| *** rcernin has joined #openstack-lbaas | 08:12 | |
| *** rcernin has quit IRC | 08:19 | |
| openstackgerrit | Merged openstack/octavia master: Fix pools going into ERROR when updating the pool https://review.opendev.org/c/openstack/octavia/+/760461 | 08:26 |
| *** rcernin has joined #openstack-lbaas | 08:26 | |
| *** rcernin has quit IRC | 08:31 | |
| *** rcernin has joined #openstack-lbaas | 08:37 | |
| *** xarlos has joined #openstack-lbaas | 08:43 | |
| *** rcernin has quit IRC | 08:51 | |
| *** rcernin has joined #openstack-lbaas | 08:56 | |
| *** rcernin has quit IRC | 09:02 | |
| *** yamamoto has quit IRC | 09:04 | |
| *** yamamoto has joined #openstack-lbaas | 09:05 | |
| *** yamamoto has quit IRC | 09:05 | |
| *** yamamoto has joined #openstack-lbaas | 09:07 | |
| *** yamamoto has quit IRC | 09:07 | |
| *** yamamoto has joined #openstack-lbaas | 09:08 | |
| *** yamamoto has quit IRC | 09:08 | |
| *** yamamoto has joined #openstack-lbaas | 09:08 | |
| cgoncalves | ataraday, good morning! thanks for reviewing the stable/train amp image build fix! | 09:22 |
| cgoncalves | ataraday, could you please review https://review.opendev.org/c/openstack/octavia/+/774426 (stable/stein) too? | 09:22 |
| cgoncalves | it's the remaining patch to unblock the gate in octavia-tempest-plugin | 09:22 |
| *** rcernin has joined #openstack-lbaas | 09:28 | |
| *** rcernin has quit IRC | 09:35 | |
| *** yamamoto has quit IRC | 09:37 | |
| *** rcernin has joined #openstack-lbaas | 09:59 | |
| *** yamamoto has joined #openstack-lbaas | 10:07 | |
| *** rcernin has quit IRC | 10:31 | |
| *** yamamoto has quit IRC | 10:40 | |
| *** yamamoto has joined #openstack-lbaas | 11:02 | |
| *** yamamoto has quit IRC | 11:02 | |
| *** yamamoto has joined #openstack-lbaas | 11:04 | |
| *** yamamoto has quit IRC | 11:09 | |
| *** yamamoto has joined #openstack-lbaas | 11:10 | |
| *** yamamoto has quit IRC | 11:15 | |
| *** yamamoto has joined #openstack-lbaas | 11:21 | |
| *** yamamoto has quit IRC | 11:22 | |
| *** yamamoto has joined #openstack-lbaas | 11:23 | |
| *** yamamoto has quit IRC | 11:23 | |
| *** yamamoto has joined #openstack-lbaas | 11:23 | |
| *** yamamoto has quit IRC | 11:28 | |
| *** yamamoto has joined #openstack-lbaas | 11:35 | |
| *** yamamoto has quit IRC | 11:35 | |
| *** yamamoto has joined #openstack-lbaas | 11:35 | |
| *** ccamposr has quit IRC | 12:03 | |
| *** yamamoto has quit IRC | 12:39 | |
| *** rcernin has joined #openstack-lbaas | 12:58 | |
| *** rcernin has quit IRC | 13:02 | |
| *** yamamoto has joined #openstack-lbaas | 13:15 | |
| *** sapd1 has joined #openstack-lbaas | 13:20 | |
| *** yamamoto has quit IRC | 13:28 | |
| *** xarlos has quit IRC | 14:10 | |
| *** psachin has quit IRC | 14:18 | |
| *** zzzeek has quit IRC | 14:49 | |
| *** ccamposr has joined #openstack-lbaas | 14:50 | |
| *** zzzeek has joined #openstack-lbaas | 14:50 | |
| *** yamamoto has joined #openstack-lbaas | 15:25 | |
| *** yamamoto has quit IRC | 15:36 | |
| rm_work | You can ping me for reviews too cgoncalves, I'm back to being around kinda | 15:58 |
| johnsom | rm_work Meeting? | 16:02 |
| johnsom | #startmeeting Octavia | 16:03 |
| openstack | Meeting started Wed Feb 17 16:03:21 2021 UTC and is due to finish in 60 minutes. The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot. | 16:03 |
| openstack | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 16:03 |
| *** openstack changes topic to " (Meeting topic: Octavia)" | 16:03 | |
| openstack | The meeting name has been set to 'octavia' | 16:03 |
| johnsom | #chair rm_work | 16:03 |
| openstack | Current chairs: johnsom rm_work | 16:03 |
| rm_work | Ah, yes | 16:03 |
| gthiemonge | o/ | 16:03 |
| rm_work | Lol I was literally just here and got distracted with email | 16:04 |
| rm_work | o/ | 16:04 |
| johnsom | That is why I was giving you the opportunity to run the meeting. grin | 16:04 |
| cgoncalves | hi | 16:05 |
| johnsom | o/ | 16:06 |
| rm_work | Not on my actual computer yet, too early, sec | 16:06 |
| johnsom | It *is* too early, but sadly I have already been on an hour of meetings | 16:06 |
| johnsom | #topic Announcements | 16:07 |
| *** openstack changes topic to "Announcements (Meeting topic: Octavia)" | 16:07 | |
| johnsom | I can get started with the boiler plate stuff | 16:07 |
| johnsom | Final client release is first week in March | 16:08 |
| johnsom | Feature freeze for everything else is the second week in March | 16:08 |
| johnsom | We have a priority bug review list: | 16:08 |
| johnsom | #link https://etherpad.openstack.org/p/octavia-priority-reviews | 16:08 |
| johnsom | Any other announcements this week? | 16:08 |
| johnsom | #topic Brief progress reports / bugs needing review | 16:10 |
| *** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)" | 16:10 | |
| johnsom | I added an RBAC topic later in the agenda, but my focus has been on updating our RBAC policies for the Keystone scoped tokens and default roles. | 16:11 |
| johnsom | I will talk more about that in the later topic | 16:11 |
| gthiemonge | I fixed the two-node job: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/773888 | 16:12 |
| openstackgerrit | Merged openstack/octavia master: Add SCTP support in Amphora https://review.opendev.org/c/openstack/octavia/+/753247 | 16:12 |
| gthiemonge | it will be useful to have it to merge the AZ tests in octavia-tempest-plugin | 16:12 |
| johnsom | Nice | 16:12 |
| gthiemonge | I also worked on the centos-8 job (dirty hack), we're still discussing it with cgoncalves | 16:13 |
| gthiemonge | another interesting octavia-tempest-plugin commit: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/774157 | 16:14 |
| gthiemonge | it fixes an issue with our ipv6 vip tests (ipv6 vip tests are using devstack non-shared/private network) | 16:15 |
| johnsom | Thanks for working on that. | 16:20 |
| johnsom | Any other updates? rm_work? | 16:20 |
| johnsom | #topic RBAC work | 16:22 |
| *** openstack changes topic to "RBAC work (Meeting topic: Octavia)" | 16:22 | |
| johnsom | Ok, I will move on | 16:22 |
| johnsom | So, if you are not aware Keystone has two initiatives (token scopes and default roles). Even though this isn't a community goal, Red Hat is pushing to have these implemented across the services for Wallaby. | 16:23 |
| johnsom | An initial set of patches were pushed | 16:24 |
| johnsom | #link https://review.opendev.org/q/project:openstack/octavia+status:open+owner:lbragstad%2540redhat.com | 16:24 |
| johnsom | however those were "blow it away" patches that removed all of the advanced RBAC Octavia has had. | 16:24 |
| johnsom | I have point on getting these straightened out. The first step in that is: | 16:25 |
| johnsom | #link https://review.opendev.org/c/openstack/octavia/+/775957 | 16:25 |
| johnsom | The intent here is to merge our more strict advanced RBAC with the new default roles and scopes. | 16:26 |
| johnsom | Please take some time and carefully review that patch as it's the basis for the following patches and we don't want to make a mistake in our API Rules Based Access Control (RBAC). | 16:26 |
| johnsom | That would be bad. (tm) | 16:27 |
| rm_work | fortunately I think our testing on the RBAC stuff is pretty good | 16:27 |
| johnsom | Yeah, it's going to need to be updated as well. It's on my list | 16:28 |
| johnsom | Unfortunately this new stuff complicates the RBAC. So I also spent some time updating the docs to help with that. Let me know if we need more | 16:28 |
| johnsom | I ran into an issue where Tempest was giving every credential the new "member" role, which .... means you can't test with non-member or reader roles via Tempest. A patch is pending to fix that. | 16:29 |
| johnsom | #link https://review.opendev.org/c/openstack/devstack/+/774524 | 16:30 |
| johnsom | Ok, that is all I had. Please give it a good look over so we don't end up with some CVE or something. grin | 16:30 |
| johnsom | Or non-backward compatible. | 16:31 |
| gthiemonge | ack, I will take a look | 16:31 |
| johnsom | #topic Open Discussion | 16:31 |
| *** openstack changes topic to "Open Discussion (Meeting topic: Octavia)" | 16:31 | |
| johnsom | Anything else today? | 16:31 |
| rm_work | not much here | 16:33 |
| johnsom | I still need to take a look at the bug about failover with subnets out of IPs causing VIP issues. It's top on my list. | 16:34 |
| johnsom | Well, if there isn't anything else we can get on with reviews! | 16:36 |
| johnsom | #endmeeting | 16:37 |
| *** openstack changes topic to "Discussions for OpenStack Octavia | Priority bug review list: https://etherpad.openstack.org/p/octavia-priority-reviews" | 16:37 | |
| openstack | Meeting ended Wed Feb 17 16:37:00 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:37 |
| openstack | Minutes: http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-02-17-16.03.html | 16:37 |
| openstack | Minutes (text): http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-02-17-16.03.txt | 16:37 |
| openstack | Log: http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-02-17-16.03.log.html | 16:37 |
| openstackgerrit | Ghanshyam proposed openstack/octavia master: [goal] Deprecate the JSON formatted policy file https://review.opendev.org/c/openstack/octavia/+/764578 | 16:50 |
| mchlumsky | johnsom Sorry, I missed this meeting because of another meeting but I was going to ask about "bug about failover with subnets out of IPs causing VIP issues" but it's cool it's on top of your list. Let me know if you need more logs or other info I can supply. | 16:58 |
| *** rcernin has joined #openstack-lbaas | 16:58 | |
| johnsom | Yep, sorry it's taking a bit of time to get to | 16:58 |
| *** rcernin has quit IRC | 17:02 | |
| mchlumsky | No worries. Seems everyone's busy with final release is around the corner. | 17:04 |
| rm_work | this may be relevant to us as we're dealing with IP shortages in VIP nets :/ | 17:12 |
| johnsom | The issue appears to be that if a failover triggers, and there is an IP shortage, if the VIP port is owned by Octavia it might get deallocated on the revert flow. | 17:18 |
| *** yamamoto has joined #openstack-lbaas | 17:32 | |
| rm_work | yeah eugh | 17:35 |
| rm_work | that's bad | 17:36 |
| johnsom | Yep | 17:36 |
| *** yamamoto has quit IRC | 17:37 | |
| *** rpittau is now known as rpittau|afk | 17:41 | |
| *** sapd1 has quit IRC | 18:21 | |
| openstackgerrit | Merged openstack/octavia master: Configure rsyslog on Octavia service nodes in devstack https://review.opendev.org/c/openstack/octavia/+/774596 | 18:45 |
| *** yamamoto has joined #openstack-lbaas | 19:33 | |
| *** yamamoto has quit IRC | 19:38 | |
| *** luksky has quit IRC | 19:51 | |
| *** luksky has joined #openstack-lbaas | 19:52 | |
| *** ccamposr has quit IRC | 20:15 | |
| *** ccamposr has joined #openstack-lbaas | 20:17 | |
| *** rcernin has joined #openstack-lbaas | 20:58 | |
| openstackgerrit | Gregory Thiemonge proposed openstack/octavia-tempest-plugin master: WIP Fix two-node job configuration https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/773888 | 21:02 |
| *** rcernin has quit IRC | 21:03 | |
| *** gcheresh has quit IRC | 21:04 | |
| *** rcernin has joined #openstack-lbaas | 21:22 | |
| *** ccamposr has quit IRC | 21:25 | |
| *** yamamoto has joined #openstack-lbaas | 21:34 | |
| *** vishalmanchanda has quit IRC | 21:37 | |
| *** yamamoto has quit IRC | 21:39 | |
| *** eandersson has quit IRC | 21:40 | |
| *** gmann is now known as gmann_afk | 21:51 | |
| *** rcernin has quit IRC | 21:53 | |
| *** rcernin has joined #openstack-lbaas | 22:00 | |
| *** yamamoto has joined #openstack-lbaas | 22:15 | |
| *** gmann_afk is now known as gmann | 23:22 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!