Wednesday, 2021-03-31

« Tuesday, 2021-03-30 Index Thursday, 2021-04-01 »
*** jamesdenton has quit IRC01:04
*** jamesden_ has joined #openstack-lbaas01:05
*** osmanlicilegi has joined #openstack-lbaas01:20
*** sapd1 has joined #openstack-lbaas01:22
*** sapd1 has quit IRC01:28
*** rcernin has quit IRC02:31
*** rcernin has joined #openstack-lbaas02:38
openstackgerritMerged openstack/octavia master: Fix pool ALPN compatibility with older amphora  https://review.opendev.org/c/openstack/octavia/+/78357602:44
openstackgerritMerged openstack/octavia stable/wallaby: Fix pool ALPN compatibility with older amphora  https://review.opendev.org/c/openstack/octavia/+/78391602:44
openstackgerritMerged openstack/octavia stable/train: Fix incorrect ERROR status with IPv6 UDP members  https://review.opendev.org/c/openstack/octavia/+/78148602:45
johnsomWahoo.02:51
johnsomOk, I think all of the critical patches for Wallaby are in. We should release RC2 tomorrow to get those in the release.02:52
johnsomIf you think there is another patch that is critical, now is the time to speak up. grin02:53
*** armax has quit IRC02:55
*** armax has joined #openstack-lbaas02:59
*** rcernin has quit IRC03:07
*** rcernin has joined #openstack-lbaas03:07
*** rcernin has quit IRC03:07
*** rcernin has joined #openstack-lbaas03:09
*** dulek has quit IRC03:09
*** rcernin has quit IRC03:11
*** rcernin has joined #openstack-lbaas03:12
*** rcernin has quit IRC03:14
*** rcernin has joined #openstack-lbaas03:14
*** rcernin has quit IRC03:16
*** rcernin has joined #openstack-lbaas03:16
*** rcernin has quit IRC03:18
*** rcernin has joined #openstack-lbaas03:19
*** dulek has joined #openstack-lbaas03:19
*** sapd1 has joined #openstack-lbaas03:36
*** psachin has joined #openstack-lbaas03:41
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Adds a pool re-encryption scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/76046503:47
*** tamas_erdei has joined #openstack-lbaas03:49
*** terdei has quit IRC03:53
*** armax has quit IRC03:57
*** vishalmanchanda has joined #openstack-lbaas04:30
*** sapd1 has quit IRC04:42
*** sapd1 has joined #openstack-lbaas04:43
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Adds a pool re-encryption scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/76046505:19
openstackgerritPiotr Mossakowski proposed openstack/octavia stable/victoria: Add docs for centos8 installation  https://review.opendev.org/c/openstack/octavia/+/78400406:20
*** luksky has joined #openstack-lbaas06:42
*** jamesden_ has quit IRC07:08
*** jamesdenton has joined #openstack-lbaas07:10
*** rcernin has quit IRC07:25
*** sapd1 has quit IRC07:30
*** tamas_erdei is now known as terdei07:32
openstackgerritPiotr Mossakowski proposed openstack/octavia master: Add docs for centos8 installation  https://review.opendev.org/c/openstack/octavia/+/78402208:01
*** psachin has quit IRC08:30
*** vishalmanchanda has quit IRC08:39
*** vishalmanchanda has joined #openstack-lbaas09:11
*** yamamoto has quit IRC10:00
*** rcernin has joined #openstack-lbaas10:06
*** rcernin has quit IRC10:08
*** rcernin has joined #openstack-lbaas10:08
*** jamesdenton has quit IRC10:20
*** jamesden_ has joined #openstack-lbaas10:21
*** yamamoto has joined #openstack-lbaas10:33
*** yamamoto has quit IRC10:46
*** mugsie__ is now known as mugsie11:01
*** oklhost_ has joined #openstack-lbaas12:18
*** oklhost_ is now known as oklhost12:18
*** yamamoto has joined #openstack-lbaas12:30
*** rcernin has quit IRC12:31
openstackgerritGregory Thiemonge proposed openstack/octavia master: Fix devstack cleanup when using amphorav2  https://review.opendev.org/c/openstack/octavia/+/78293812:34
*** yamamoto has quit IRC12:39
*** yamamoto has joined #openstack-lbaas13:10
*** yamamoto has quit IRC13:15
*** yamamoto has joined #openstack-lbaas13:15
*** yamamoto has quit IRC13:55
*** rcernin has joined #openstack-lbaas14:12
*** rcernin has quit IRC14:17
*** armax has joined #openstack-lbaas14:18
*** jamesden_ has quit IRC14:24
*** gcheresh has quit IRC14:24
*** jamesdenton has joined #openstack-lbaas14:24
*** rcernin has joined #openstack-lbaas14:31
*** rcernin has quit IRC14:35
*** yamamoto has joined #openstack-lbaas14:35
*** yamamoto has quit IRC14:42
*** __ministry1 has joined #openstack-lbaas15:10
*** sapd1 has joined #openstack-lbaas15:20
*** rcernin has joined #openstack-lbaas15:26
*** rcernin has quit IRC15:31
zigoHi there !15:35
zigoWhat do you guys think about this bug I just filled ?15:35
zigohttps://storyboard.openstack.org/#!/story/200879015:35
zigojohnsom: ^15:35
johnsomzigo It sounds like you have HTTPS enabled on barbican, but forgot to add the CA cert in octavia.conf [certificates] ca_certificates_file = <path to ca cert>15:41
zigojohnsom: We do have a real certificate, so no need to have a CA.15:42
johnsomIt is a guess as I didn't see a link to logs15:42
johnsomhmm, does keystoneauth pick up the system bundle?15:43
johnsomI think I have always had to force keystoneauth to use a ca cert15:43
zigoI'll try tomorrow.15:44
zigoTime for me to go back home.15:44
zigojohnsom: Thanks for your input.15:44
johnsomOk, attach some logs if not15:44
zigoWill do.15:44
*** sapd1 has quit IRC16:01
*** __ministry1 has quit IRC16:01
johnsom#startmeeting Octavia16:02
openstackMeeting started Wed Mar 31 16:02:17 2021 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.16:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:02
*** openstack changes topic to " (Meeting topic: Octavia)"16:02
openstackThe meeting name has been set to 'octavia'16:02
haleybshould have run when i had the chance16:02
johnsomHi everyone16:02
gthiemon1ehi16:02
johnsomYeah, got distracted commenting on a story16:02
*** gthiemon1e is now known as gthiemonge16:02
johnsom#topic Announcements16:03
*** openstack changes topic to "Announcements (Meeting topic: Octavia)"16:03
johnsomRC2 release today - Should be the final release for Wallaby16:03
johnsomAny comments on the RC2 release?16:03
johnsomI will post it right after the meeting16:03
gthiemonge+116:03
haleyblgtm16:03
johnsomPTG (virtual and free) registration is open16:04
johnsom#link https://www.openstack.org/ptg/16:04
johnsomgthiemonge set up the PTG etherpad16:04
johnsom#link https://etherpad.opendev.org/p/xena-ptg-octavia16:04
johnsomPlease note if you plan to join and add any topics you think we should discuss16:04
johnsomAny other announcements this week?16:05
johnsom#topic Brief progress reports / bugs needing review16:05
*** openstack changes topic to "Brief progress reports / bugs needing review (Meeting topic: Octavia)"16:06
johnsomI have been mostly focused on getting the patches merged for RC2.16:06
johnsomI fixed the bug with older amphora and the new pools ALPN feature. This will be included in RC216:06
johnsomCurrently I am looking into why the tempest tests for pool re-encryption are failing now. It looks like the floating IP (test created) is not passing traffic for some reason. Not sure if that is a known neutron issue or not16:07
gthiemongeI've been working on some updates in the Octavia integration in tripleo16:07
gthiemongeand I'm still looking at the ipv6+tcp+least_connection+allowed_cidrs scenario test that fails randomly16:09
haleyband i've been working on the ovn-provider and some downstream gate issues16:09
johnsomThanks, that is annoying16:09
johnsom#topic Open Discussion16:10
*** openstack changes topic to "Open Discussion (Meeting topic: Octavia)"16:10
johnsomAny other topics today?16:10
gthiemongeyep16:11
gthiemongeone question16:11
johnsomJust in time, lol16:11
gthiemongea user reported on the ML that not configuring "heartbeat_key" breaks the heartbeat message encryption16:11
gthiemongewhen not setting heartbeat_key, the default is None16:12
gthiemongein the amp we encrypt using "str(heartbeat_key)" while in the hm we decrypt using "heartbeat_key"16:12
gthiemongeso in the case of None, str(None) != None16:13
haleybi'm assuming this review was from that, https://review.opendev.org/c/openstack/octavia/+/78402216:13
johnsomhmmm, I would have expected that to be marked "required" in config.py as well..16:13
gthiemongemy question is: should we fix it? or should we set another default value for heartbeat_key16:13
cgoncalvesah, reminds me of https://review.opendev.org/c/openstack/octavia/+/595578/1/octavia/common/config.py@19616:14
johnsomcgoncalves Yeah, good point16:14
gthiemongehttps://opendev.org/openstack/octavia/src/branch/master/octavia/certificates/common/local.py#L32-L3316:15
gthiemonge^ we already have insecure defaults for some other config settings16:15
johnsomWell, that is different. That key is only used for internal to the controller content, not stuff that goes over the wire.16:16
johnsomIt's a poorly named setting IMO16:16
johnsomHmm, yeah, the heartbeat key is an interesting one. There is no harm in setting it even if the amphora drivers are not used.16:18
johnsomIt is bad to have that content unprotected by allowing None16:18
johnsomBut we also shouldn't fail like it is16:18
gthiemongeit's encrypted, but the key is None ;-)16:18
johnsomIt's actually not encrypted, but it's signed16:19
gthiemongethe heartbeat_key was missing in the install-ubuntu doc, and there's a patch to add it16:19
gthiemongebut I think we also need to have a working default value16:20
johnsomOr require it be set to something16:20
gthiemongeyeah that could be a good fix16:21
gthiemongewith the fix in the doc16:21
gthiemongeI'll propose a patch16:22
johnsomOk. It is a bit cheesy to require it even for providers that don't use it, but that might just be simpler16:23
*** jamesdenton has quit IRC16:24
*** jamesdenton has joined #openstack-lbaas16:25
johnsomOk, anything else today?16:26
johnsomOk, thanks everyone16:27
johnsom#endmeeting16:27
*** openstack changes topic to "Discussions for OpenStack Octavia | Priority bug review list: https://etherpad.openstack.org/p/octavia-priority-reviews"16:27
openstackMeeting ended Wed Mar 31 16:27:24 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)16:27
openstackMinutes:        http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-03-31-16.02.html16:27
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-03-31-16.02.txt16:27
openstackLog:            http://eavesdrop.openstack.org/meetings/octavia/2021/octavia.2021-03-31-16.02.log.html16:27
gthiemongethanks johnsom16:27
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Adds a pool re-encryption scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/76046516:48
mnaserthis looks like the case, but it looks like octavia does not issue any notifications, correct?16:52
mnaserthings like when a load balancer has been successfully created, .exists, deleted16:52
mnaserother than pycadf which doesnt necessarily reflect the completion of the async operation16:52
johnsomMaybe there was a netsplit, I only saw "this looks like the case" and two more lines16:53
johnsomBut to answer your question, status update notifications have not yet been implemented. It stalled at needing a specification detailed out as we were getting widely different use cases that was confusing the need.16:55
johnsomYes, there is API auditing, which can be configured for notifications, but no other notifications.16:55
mnaserjohnsom: ah i see, i was just hoping for some basic notifications similar to all the other projects :(17:00
johnsomJust the audit information.17:01
johnsomIt needs a sponsor really17:01
johnsomFYI, I have posted the RC2 release for Octavia: https://review.opendev.org/c/openstack/releases/+/784139/1/deliverables/wallaby/octavia.yaml17:23
*** rcernin has joined #openstack-lbaas17:27
*** rcernin has quit IRC17:35
*** vishalmanchanda has quit IRC17:51
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Adds a pool re-encryption scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/76046518:17
johnsomSorry for the noise around that patch. I can't reproduce this locally, so have to debug in zuul. Ignore that patch for a few days18:18
* johnsom notes it's been up for review since October, so probably not a problem to ignore18:18
*** gcheresh has joined #openstack-lbaas18:30
openstackgerritMerged openstack/octavia stable/victoria: Fix incorrect ERROR status with IPv6 UDP members  https://review.opendev.org/c/openstack/octavia/+/78148318:31
johnsomFYI, I guess there is some zuul debugging going on (hopefully to help with the painful last two weeks), so it is running super slow. My patch has sat for over fifteen minutes and still not entered the check pipeline.18:38
openstackgerritMerged openstack/octavia stable/ussuri: Fix incorrect ERROR status with IPv6 UDP members  https://review.opendev.org/c/openstack/octavia/+/78148518:42
*** yamamoto has joined #openstack-lbaas18:50
*** yamamoto has quit IRC18:54
*** jamesdenton has quit IRC18:56
*** jamesden_ has joined #openstack-lbaas18:57
*** rcernin has joined #openstack-lbaas19:31
*** rcernin has quit IRC19:36
*** gcheresh has quit IRC19:38
openstackgerritMichael Johnson proposed openstack/octavia-tempest-plugin master: Adds a pool re-encryption scenario test  https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/76046520:16
*** rcernin has joined #openstack-lbaas20:30
*** jamesden_ has quit IRC20:38
*** jamesdenton has joined #openstack-lbaas20:39
*** mloza has joined #openstack-lbaas20:54
*** rcernin has quit IRC21:05
*** rcernin has joined #openstack-lbaas21:05
mlozahello, is it possible to restrict access to an certain IP to an LB ?21:11
cgoncalvesmloza, hi. yes, you can per listener. see https://docs.openstack.org/octavia/latest/user/guides/basic-cookbook.html#deploy-a-load-balancer-with-access-control-list21:12
mlozacgoncalves: This is what I'm looking for. Thanks a bunch21:19
*** rcernin has quit IRC21:30
*** rcernin has joined #openstack-lbaas21:55
*** rcernin has quit IRC22:00
*** rcernin has joined #openstack-lbaas22:13
*** rcernin has quit IRC22:18
*** yamamoto has joined #openstack-lbaas22:30
*** luksky has quit IRC22:30
*** rcernin has joined #openstack-lbaas22:32
*** rcernin has quit IRC22:32
*** rcernin has joined #openstack-lbaas22:33
*** jamesdenton has quit IRC22:57
*** jamesden_ has joined #openstack-lbaas22:57
*** yamamoto has quit IRC23:34
« Tuesday, 2021-03-30 Index Thursday, 2021-04-01 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!