Wednesday, 2024-08-07

« Tuesday, 2024-08-06 Index Thursday, 2024-08-08 »
gmannjohnsom: this is passing now https://review.opendev.org/c/openstack/octavia/+/92553203:49
johnsomgmann There is no depends-on for that patch. It passes unit tests, but not functional. I have been working to track down the functional test issues, but still WIP03:51
johnsomIt doesn't seem to be the scope, but some issue with the new defaults and the layering of roles.03:52
gmannjohnsom: ohk, I see now. this is why this is failing - https://review.opendev.org/c/openstack/octavia/+/92562503:53
johnsomIf you need it merged for UC, we can merge this and work to fix the functionals in. a follow on.03:53
johnsomYeah, I have been working on it03:53
gmannI think I will avoid merging the u-c if we have know failure. let's wait03:53
gmannjohnsom: thanks, let's wait03:54
johnsomOk, feel free to ping me if we are holding things up.03:54
gmannsure03:54
opendevreviewGregory Thiemonge proposed openstack/octavia master: Add spec for custom SGs on VIP ports  https://review.opendev.org/c/openstack/octavia/+/91511409:59
*** tkajinam is now known as Guest241512:52
*** tkajinam is now known as Guest241613:00
noonedeadpunkhey folks. I was looking through some small bugs in ovn_octavia_provider and spotted that thing in octavia code: https://opendev.org/openstack/octavia/src/branch/master/octavia/common/clients.py#L8214:52
noonedeadpunkHow that does not break right away, given there's no such option registered for the group?14:53
noonedeadpunkhttps://opendev.org/openstack/octavia/src/branch/master/octavia/common/config.py#L759-L78114:53
noonedeadpunkwhat am I missing?14:53
gthiemongenoonedeadpunk: hey15:01
gthiemongenoonedeadpunk: I think this stuff https://opendev.org/openstack/octavia/src/branch/master/octavia/common/config.py#L922-L93015:01
gthiemongenoonedeadpunk: adds more options for the neutron group (options defined by keystone auth)15:01
noonedeadpunkah15:01
noonedeadpunkI overlooked it15:02
noonedeadpunkjust saw that glance/nova/etc still have these options and got slightly confused15:02
noonedeadpunkthanks!15:02
gthiemongehttps://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/adapter.py#L18715:02
gthiemongewe recently removed them from config.py to use the dynamic registration from keystonauth15:03
gthiemongerecently == ~2 cycles ago15:04
noonedeadpunkso basically now neutron group might be empty and it will just use opts from [service_auth], right?15:09
noonedeadpunkor well... it will rather propogate options to the neutron group?15:11
gthiemongeyes, this is the idea, the default are in [service_auth], but you can override them in [neutron]15:12
gthiemonge#startmeeting Octavia16:00
opendevmeetMeeting started Wed Aug  7 16:00:17 2024 UTC and is due to finish in 60 minutes.  The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
opendevmeetThe meeting name has been set to 'octavia'16:00
gthiemongeo/16:00
tweiningo/16:00
johnsomo/16:00
gthiemonge#topic Announcements16:01
gthiemonge* 2024.2 Dalmatian Release Schedule16:01
gthiemongejust a heads-up16:01
gthiemongeDalmatian-3 milestone is in 3 weeks (feature freeze)16:01
gthiemongewe made good progress, the LB resize spec was merged16:01
gthiemongelet's continue ;-) https://etherpad.opendev.org/p/octavia-priority-reviews16:02
tweiningwell, a little progress I'd say16:02
tweiningsomething that slows progress really down if people don't follow up after updates IMO16:04
gthiemongeyou mean when you comment a review or when you update your reviews?16:06
tweiningI mean when someone updates the change after you commented you should review again soon16:06
johnsomOur review backlog is pretty big, so I know it takes me a bit to come back around for re-reviews16:07
tweiningI don't want to sound like a broken record as I complained about it before, but I think it's also a good idea to keep an eye on changes that have a single CR+216:08
johnsomLooking at the review list, that isn't many....16:09
tweiningit's not many, but they are open for a long time.16:10
tweiningthere are more annoncements, right?16:11
gthiemongeI'll take a look at those patches16:12
gthiemongeno tha'ts it16:12
gthiemonge#topic New oslo.policy version16:12
gthiemongejohnsom: ^16:13
tweiningI've read something about the upcoming election season on the ml16:13
gthiemongeyeah I think it starts next week16:13
johnsomSo oslo.policy 4.4.0 is proposed for addition to upper-constraints.16:13
tweiningprobably not relevant since Octavia has a BDFL already ;)16:13
johnsomThis version sets "new defaults" and "scope" to True by default.16:14
johnsomThe catch is "scope" to True will now cause any use of a system scoped token to be an Error16:14
johnsomThis is requiring some adjustments in unit and functional tests. With the latest patch posted, the unit tests are fixed, but functional tests are failing with 4.416:15
johnsomI'm not 100% sure why yet as it doesn't seem to be a scope problem.16:15
johnsomFor example, getting the quota defaults now fails with loadbalancer_member role, but passes with loadbalancer_admin.16:16
johnsomI am working to track that down.16:16
johnsom#link https://review.opendev.org/c/openstack/octavia/+/92553216:16
johnsomThis is the patch that resolves the unit tests (enough to unblock the UC merge)16:17
johnsomThis patch shows the functional issues: https://review.opendev.org/c/openstack/octavia/+/92562516:17
johnsomThat is the summary of the new SRBAC breakage/changes16:18
tweiningthat doesn't sound like fun16:19
johnsomI am just burned out dealing with this stuff frankly16:19
gthiemongejohnsom: do you need help for these functional tests?16:19
johnsomNot yet, let me keep poking at it16:19
gthiemongeit's already late for me today, but I can take a look tomorrow morning16:19
johnsomMy current theory is this is causing the problems: https://github.com/openstack/octavia/blob/master/octavia/policies/base.py#L2516:20
johnsomI.e. interactions with our Advanced RBAC and the "new defaults" changes16:20
johnsomWell, those two "deprecated" rules16:21
gthiemongecan we remove them?16:21
gthiemongedeprecated since W16:21
johnsomI think that 4.4 is essentially removing them and causing the failures16:21
gthiemongejohnsom: please update me when you're done today, I may continue tomorrow16:24
johnsomAck16:24
gthiemongethanks for the update on this topic16:24
gthiemongeI'm going to skip CI status: no update16:25
gthiemonge#topic Brief progress reports / bugs needing review16:25
johnsomWell, one item there is CentOS 9 Stream is broken with devstack due to missing rabbitmq RPMs16:25
gthiemongeoh right16:26
gthiemongeit's on devstack, right?16:27
johnsomYeah, devstack blows up16:27
gthiemongeI'm wondering if it impacts rockylinux jobs16:29
johnsomI don't know. I doubt it16:30
gthiemongehttps://zuul.opendev.org/t/openstack/builds?job_name=octavia-v2-dsvm-scenario-centos-9-stream&project=openstack/octavia16:32
gthiemongeinteresting, the package was succesfully installed 2 days ago16:33
gthiemongeI'll try to follow up16:34
johnsomYeah, odd16:34
gthiemongeFYI I proposed a fix for a bug in octavia-dashboard when using multi-region (with some multiple keystone instances)16:35
gthiemongehttps://review.opendev.org/c/openstack/octavia-dashboard/+/92567216:35
gthiemongeI also proposed the new etcd jobboard plugin for Octavia16:36
gthiemongeit includes a jobboard_etcd job in the experimental jobs16:36
gthiemongehttps://review.opendev.org/c/openstack/octavia/+/91583416:36
opendevreviewMerged openstack/octavia-dashboard master: Remove old excludes  https://review.opendev.org/c/openstack/octavia-dashboard/+/91760016:36
tweiningthere is an indirect relation in the patch chain, so I guess the others in the chain need to be rebased16:38
opendevreviewMerged openstack/octavia-dashboard master: Bump hacking  https://review.opendev.org/c/openstack/octavia-dashboard/+/91760116:38
opendevreviewGregory Thiemonge proposed openstack/octavia master: Update amphorav2/jobboard doc  https://review.opendev.org/c/openstack/octavia/+/92376316:39
gthiemongedone16:39
gthiemongehttps://review.opendev.org/c/openstack/devstack/+/925400 was merged this morning, maybe it fixes the rabbitmq issue (devstack-platform-centos-9-stream passed)16:42
gthiemonge#topic Open Discussion16:42
tweininghttps://review.opendev.org/c/openstack/octavia/+/923318 should we talk about the rate limiting spec proposal?16:42
gthiemongeyes16:43
gthiemongea few thoughts:16:43
gthiemongethe octavia resources are usually created by passing the ID of their parents (a pool is attached to a listner, a listenr to LB, a l7policy to a listener, etc..)16:44
gthiemongein this spec, it's a bit different, the resource is created, then we need to call the listener api to add the resource to the listener16:45
gthiemongeI'm wondering we should be more consistent and do something similar (create with parent)16:45
gthiemongenote: pools can be created with or without parent, and associated with a listener later16:46
johnsomYeah, resources have to be tied to *something* for the correct project_id relationship, etc. That is why if a shared L7 policy is created unbound to the listener, it must be bound to the LB16:46
tweiningI don't have a strong opinion about that other than that it would be mainly a consistency issue it seems.16:46
tweiningthat is a very good point then, because that is not the case with the proposal. the rules can be created independent from everything else16:48
gthiemongehttps://github.com/openstack/octavia/blob/master/octavia/api/v2/controllers/l7policy.py#L12916:50
johnsomI guess I meant shared pools, not l716:50
gthiemongeyeah project_ids are inherited from the LB16:51
johnsomThe ID of the listener for the pool. Either listener_id or loadbalancer_id must be specified. 16:51
johnsomFrom the API ref16:51
johnsomYeah, l7 policy requires an listener ID16:52
tweiningwell, the project_id is an attribute of the rule ATM. So I should change that to listener_id then I guess16:52
tweiningnot sure if we should allow multiple listener_ids16:53
johnsomTypically we want a project ID on all objects. It simplifies the RBAC and database queries16:53
gthiemongeyou can keep project_id, it's always included in user defined resources16:53
johnsomYeah, adding the listener ID the policy/rule is bound to is what I would expect to se16:54
johnsomsee16:54
tweiningdoes it make sense to you to share a rule with multiple listeners?16:55
johnsomI don't see a reply to my last comment and I think there was a revision that dropped having split action and rule, is that correct? So you can't do "AND" rule logic anylonger?16:55
tweiningyeah, previously the action was part of a policy, which no longer exist. action is now part of the rule16:56
johnsomWhy would we limit the ability to do AND with multiple rules on a policy?16:57
tweiningif you have multiple rules they will still be ANDed AFAICT16:58
johnsomThat would be an OR right?16:59
* johnsom maybe I need to get my second cup of coffee this morning17:00
tweiningah, you AND in the sense that all rules need to be violated to it to rate limit17:00
tweining*you mean17:00
tweiningmmh, honestly I never thought of it that way17:00
johnsomRight, one policy "DROP" when BYTES AND REQUESTS exceed x17:01
johnsomor x and y respectfully17:01
johnsomThat is how the l7 policies are setup I think17:01
tweiningok, understood. I am not sure if such AND behavior can be done with HAProxy. I think it does OR normally17:02
gthiemongemaybe we can describe some use cases in the review, and re-think about it17:03
tweining+1 good idea17:04
johnsom+117:04
johnsomuse cases == tests. good stuff17:05
gthiemongeok, let's do that17:05
gthiemongeanything else for today?17:05
tweiningnot from me17:05
johnsomhttps://docs.haproxy.org/dev/configuration.html#7.217:06
johnsomNothing else from me this week17:06
tweiningthanks17:06
gthiemongeok! thank you guys!17:07
gthiemonge#endmeeting17:07
opendevmeetMeeting ended Wed Aug  7 17:07:04 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:07
opendevmeetMinutes:        https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-08-07-16.00.html17:07
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-08-07-16.00.txt17:07
opendevmeetLog:            https://meetings.opendev.org/meetings/octavia/2024/octavia.2024-08-07-16.00.log.html17:07
opendevreviewMichael Johnson proposed openstack/octavia master: Fix tests for oslo.policy new defaults enable by default  https://review.opendev.org/c/openstack/octavia/+/92553221:29
johnsomgthiemonge https://review.opendev.org/c/openstack/octavia/+/925532 fixes the functional test issues. our test roles didn't include "member"21:30
« Tuesday, 2024-08-06 Index Thursday, 2024-08-08 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!