Wednesday, 2020-12-02

oneswig#startmeeting scientific-sig11:01
openstackMeeting started Wed Dec  2 11:01:16 2020 UTC and is due to finish in 60 minutes.  The chair is oneswig. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.11:01
*** openstack changes topic to " (Meeting topic: scientific-sig)"11:01
openstackThe meeting name has been set to 'scientific_sig'11:01
oneswigHello verdurin, morning.11:03
*** dsariel has joined #openstack-meeting11:04
oneswigI'm in another overrunning call currently.11:06
oneswigWhat's new11:06
verdurinThere was a meeting of UK private cloud people a couple of weeks ago, and looks like it may recur quarterly.11:09
oneswigI've been looking today at improving our integrations with CloudKitty and Monasca.11:11
oneswigI've heard there's some interest on IRC from people wanting this.11:12
verdurinOne site said they are using Gnocchi - is that more alive than I thought?11:12
oneswigI haven't heard anything about that.11:13
oneswigIt would be good I think to reanimate Gnocchi as I think it was popular among those using it.11:17
verdurinI wanted to raise its status and what they thought about it, but the conversation moved on.11:18
oneswigverdurin: was this the UKRI group?11:19
oneswigI regret with all the activity going on, I haven't put any thought into agenda items for today11:20
oneswigI propose unless there's any other business then this week we use the time productively elsewhere :-)11:21
verdurinYes, I don't have anything else spectacular or new to report.11:26
oneswigOK, thanks verdurin, until next time11:29
*** openstack changes topic to "OpenStack Meetings ||"11:29
openstackMeeting ended Wed Dec  2 11:29:02 2020 UTC.  Information about MeetBot at . (v 0.1.4)11:29
openstackMinutes (text):
liuyulong#startmeeting neutron_l314:01
openstackMeeting started Wed Dec  2 14:01:15 2020 UTC and is due to finish in 60 minutes.  The chair is liuyulong. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: neutron_l3)"14:01
openstackThe meeting name has been set to 'neutron_l3'14:01
liuyulonglong time no see14:01
liuyulongSeems this will be another one persone meeting...14:03
liuyulongNo announcement from me today, let's scan the bug list.14:04
liuyulong#topic Bugs14:04
*** openstack changes topic to "Bugs (Meeting topic: neutron_l3)"14:04
liuyulongFirst one:14:05
openstackLaunchpad bug 1903433 in neutron "The duplicate route in l3 router namespace results in North-South traffic breaking" [Medium,In progress] - Assigned to yangjianfeng (yangjianfeng)14:05
liuyulongThe patch is done here:14:06
liuyulongJust start another recheck for it.14:07
liuyulongThe input CIDR overlapping status will be checked between external subnet and user internal subnet. The unit test cases are really good to verify this.14:09
openstackLaunchpad bug 1904564 in neutron "GRE tunnels over IPv6 are created in wrong way" [High,In progress] - Assigned to Slawek Kaplonski (slaweq)14:11
liuyulongI've not used gre for tunnels in our local cloud, but this is a valid bug.14:12
liuyulongMore like a ovs-agent mis-configuration, it's worthy to fix IMO.14:14
openstackLaunchpad bug 1904436 in neutron ""gateway" option is not honored when creating a subnet with subnet pool" [Wishlist,New]14:15
liuyulongOur IPv6 subnets are created from a subnet pool, but we have not see such issue. I will check this in my local deployment.14:16
liuyulongBut I wonder which IP the router internal gateway will set finally.14:17
liuyulongI will keep an eye on that.14:17
liuyulongNext one14:18
openstackLaunchpad bug 1905295 in neutron "[RFE] Allow multiple external gateways on a router" [Wishlist,New] - Assigned to Bence Romsics (bence-romsics)14:19
*** raildo has quit IRC14:19
rubasovhi liuyulong14:20
liuyulongThis is a quite big proposal.14:20
rubasovI saw you mentioned this14:20
liuyulongI saw the comments in the LP bug.14:21
rubasovI'm also bit a afraid this could be big, that's why I would like to limit the scope as much as possible14:21
liuyulongOK, so maybe we need some details on how to accomplish the traffic from VM to outside world, and vice versa.14:22
rubasovby the way, does the use case make sense to you?14:23
liuyulongI'm not sure. I think we need some details about the "multiple external gateways".14:24
liuyulongWhat will this multiple external gateways use for?14:24
rubasovbasically I'd like to model a bgp+ecmp router14:25
liuyulongThe multiple external gateways are independent of each other? Or it will work together to do north-south traffic?14:25
rubasovtheir faults are independent, but traffic is balanced by ecmp14:26
liuyulongSo, the router has multiple external gateways connected to multiple physical router in one single host?14:28
rubasovyes, it does14:29
liuyulongOr the router will be scheduled to multiple hosts, each scheduled instance has different external gateway to different physical router?14:29
rubasovI was trying to draw it in the RFE, but launchpad ate my ascii art14:29
rubasovbut this etherpad has a better drawing14:30
rubasov(I just used this to prepare the RFE, nothing new there, but the drawing is better)14:30
rubasovlines 28-4814:32
liuyulongAlright, if it is the first topology. Why not add all NICs to one bond to achive the high availibility?14:32
liuyulongAnd beyond that, the fault scope is still in one single host no matter how many external gateways.14:33
rubasovI believe the people who came up with this design in my company don't like LACP recovery times in some situations14:34
liuyulongThat means if the host is done, the entire traffic will go done (if you have HA, the failover will happen).14:34
rubasovand some cases I believe they want ECMP not just between the 4 routers, but down to the compute host14:35
*** lajoskatona has joined #openstack-meeting14:37
liuyulongIn such situation, I will suggest user to enable the DVR : )14:37
liuyulongIn shanghai PTG, I'd raised a ACTIVE-ACTIVE mode for router in a DNAT nodes.14:38
liuyulongThat proposal will also use ECMP for the floating IPs routes.14:39
rubasovregarding dvr, in telco we so far did not have much success selling that, the people in my company very much prefer dedicated hw networking equipment14:40
liuyulonglajoskatona, hi14:40
liuyulongrubasov, yes that could be true, the users sometimes require some dedicated hosts for netwoking because of some security concern.14:41
lajoskatonaliuyulong: Hi14:42
rubasovand they'd like to model that design in neutron api14:42
liuyulongAllow me to elaborate the ACTIVE-ACTIVE DNAT topology,.14:43
liuyulongWhen the user try to access one floating IP, the upstream physical router will have multiple next hop IP which direct to some scheduled Router namespace.14:43
liuyulongAnd in each router namespace, the iptables rules, route rules will work as centriliazed routers do.14:44
rubasovokay, so southbound traffic is over ecmp14:45
liuyulongAnd in the compute node, when the packet is back to the outside world14:46
liuyulongthe ovs-agent will add some port group which is also something like ecmp to send the return packet back to the router namespace.14:46
liuyulongDue to all these traffic we take care are L3 only,14:46
liuyulongrubasov, yes14:47
rubasovso northbound traffic is over LAG, maybe MLAG14:47
rubasovI believe my people favor ECMP over MLAG for some reason14:48
rubasovbut I will need to go back to them to better understand their reasons for this14:48
liuyulongHmmm, actually we do not care about the underlay topoloy.14:49
liuyulongIn neutron's view, we can only assume there are some neutron virtual Routers and one Upstream physical router.14:50
liuyulongThe upstream physical router has multiple path to a single distination.14:50
liuyulongWe do not care about how many fabric the hosts are connected to the upstream router.14:51
rubasovbut don't I have to represent the links in my previous picture in lines 31-35 as neutron nets (used as external gw-s)?14:53
rubasovI don't see how could I represent that as 1 neutron network14:54
liuyulongSo this ACTIVE-ACTIVE DNAT topology is what you want?14:55
liuyulongIf so, in the picture, you can just remove R4, and link R2 to R1, R1', R1'' etc.14:56
liuyulongIn the picture, you can just remove R4 and R2, and link R3 to R1, R1', R1'' etc.14:57
liuyulongThe R1, R1', R1'' mean one single neutron router has multiple scheduled instance in different host.14:57
liuyulongAll these R1 instances are ACTIVE.14:58
rubasovI'm far from sure I fully understand the active-active, I will try to better understand your slides14:58
liuyulongThey work together to surve the north-south traffice.14:58
rubasovbut thank you for the questions, it helps to better formulate the use case (and see if it's valid)15:00
liuyulongIgnore all the IPs/protocls/words in this picture.15:00
liuyulongSomething like that.15:01
liuyulongok, time is up15:02
*** openstack changes topic to "OpenStack Meetings ||"15:02
openstackMeeting ended Wed Dec  2 15:02:17 2020 UTC.  Information about MeetBot at . (v 0.1.4)15:02
openstackMinutes (text):
rubasovthank you15:02
rubasovI'll also need to drop into another meeting15:02
liuyulongThank you15:02
rubasovsee you later15:02
liuyulongsee you15:02
*** ociuhandu has joined #openstack-meeting15:59
timburke#startmeeting swift21:01
openstackMeeting started Wed Dec  2 21:01:22 2020 UTC and is due to finish in 60 minutes.  The chair is timburke. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:01
*** openstack changes topic to " (Meeting topic: swift)"21:01
openstackThe meeting name has been set to 'swift'21:01
timburkewho's here for the swift meeting?21:01
seongsoochoo/ hi!21:01
timburkeagenda's at
timburkesorry, i'm still catching up from the week off, so i haven't updated it21:03
timburke#topic audit watchers21:04
*** openstack changes topic to "audit watchers (Meeting topic: swift)"21:04
timburkemattoliverau, i saw you did some reviews! thanks!21:04
zaitcevyeah, well...21:05
zaitcevI'm looking at Matt's comments.21:05
zaitcevHonestly I'm tempted to ask for a follow-up patch for the biggest of them, where he wants to reorganize the tests.21:05
mattoliverauSorry, but I think it's great and am almost ready to +221:06
zaitcevI wish we could just sic acoles on it. That man is a genius at refactoring our tests that are sometimes convoluted.21:07
timburkeout of curiosity, what sort of test watchers did you make, mattoliverau?21:07
mattoliverauYeah, if we want that in a follow up, seeing as it's just test reorg.21:07
timburkei've been meaning to try some SLO-validator-type watchers...21:08
mattoliverauNothing amazing, just wrote one that logged things so I could get an idea of how it all worked, passed in some params via the calendar config.21:08
mattoliverauBased it off the commit message code skel, which is why I found it wrong21:09
timburkecool. i'll still try to get a fresh review in soon, too. sorry it's taking me so long, zaitcev21:09
mattoliverauShould do something more interesting. But didn't want to take too long.21:10
zaitcevI'm sure you will do the right thing. I kind of doubt myself because I want it "over", so my judgement may be off. But of course if I promise the follow-up, I'll do it.21:10
zaitcevtimburke: Anyway, I think we can move on.21:12
timburkei agree that test re-org can and should be a follow-up, and i don't even know that having it proposed should be a blocker on landing what we've got. sounds like we all mostly know what we need to do next, yeah?21:13
timburke(sorry for the delay, plumber finally came)21:13
zaitcevthe reality of life21:13
zaitcevMy biggest fear is that you'll find a cool application of watchers that requires them to be stateful21:14
timburke#topic s3api, +segments, and ACLs21:14
*** openstack changes topic to "s3api, +segments, and ACLs (Meeting topic: swift)"21:14
claygi thought we merged something that address that21:14
timburkeclayg, i saw you +2'ed, any reason not to +A?21:14
timburke(beyond general gate breakage, i suppose...)21:15
zaitcevYou're sure you're not thinking about PUT+POST where we proposed changes just to keep the state? Didn't merge though, it's sitting hibernating in that revew.21:15
claygnope, looks like a win to me21:16
timburkezaitcev, i'm not opposed to proposing things that aren't necessarily going to land (hi, !). i do feel bad that we haven't done more with PUT+POST though, sorry :-(21:17
timburkei just mean to say that we can take on the test re-org later, and having the follow-up written should not be a blocker21:18
timburke#topic gate breakage21:18
*** openstack changes topic to "gate breakage (Meeting topic: swift)"21:18
timburke*hopefully* this will all be resolved shortly, but i figure i ought to keep everyone informed21:18
zaitcevI see Clay landed 763106 just now21:19
claygyeah that one looked straightforward to me - we're trying to get it running in prod currently21:19
claygbut packaging software sucks21:19
claygbut packaging^W software sucks21:20
*** rfolco has quit IRC21:20
timburkerecently, some of the integrated jobs broke because of some changes to the pip resolver -- details aren't so important (i think), but they should be fixed by
timburkebut we've also got *another* constantly-failing job with lower-constraints, where it'd try to install a py3-only version of keystoneclient on py221:23
timburkethat one seems to be fixed by, though it needs a recheck21:23
timburke*hopefully* then we can finally start merging real patches again21:24
timburkelike i said, ideally you all won't need to think about it too much21:25
timburkeone last impromptu topic21:25
timburke#topic part power increase21:25
*** openstack changes topic to "part power increase (Meeting topic: swift)"21:25
timburkeclayg, acoles and i have been realizing we need to actually use this great feature cschwede wrote!21:26
timburkeand i thought i'd see if anyone else has used it much, and if so what tips they might have about it21:26
zaitcevSo, what's the issue? It worked in my tests.21:26
zaitcevno, not "much", sorry21:27
mattoliverauit is pretty great, but I'm only used in the dev.21:27
rledisezwe did it in production, multiple times. it worked. we have a doc with useful things to do before/after (to check everything went fine, etc…). Can paste that somewhere21:27
zaitcevIn our case it gets excercised because Director makes rings with just 9 bits21:27
mattoliverauI always thought we'd use it and think of ways to make it more automatic rather then stopping replication engine.. also expend it to work with account and containers.21:27
mattoliverauBecause they sometimes need an increase too.21:28
timburkecool, thanks rledisez! and thanks for :-)21:28
timburkeyeah, it's the "stopping replication engine" that has me the most worried. hard to do when you're *also* constantly expanding21:29
rledisezFrom experience, with I/O limitation to not impact performance too much, it take about 24h/48h to do a relink21:29
claygrledisez: good info!  how did you ratelimit the relinker?21:30
timburkenice! yeah, we were thinking about adding a ratelimiting option...21:30
timburkei'm also debating about trying to enable moving 2 or 3 steps at a time -- we weren't paying enough attention and have some catching up to do :-(21:30
rledisezwe start one relinker per device, each is put in a cgroup with io limitation. we have a script for that. I can share it too, there is no secret sauce in it :)21:30
timburkeoh yeah, and i guess i did a while back... might want to merge that, too...21:32
timburkeall right, that's all i've got21:32
timburke#topic open discussion21:32
*** openstack changes topic to "open discussion (Meeting topic: swift)"21:32
timburkeanything else we ought to discuss this week?21:33
timburkeheads up on another py3 bug:
openstackLaunchpad bug 1906289 in OpenStack Object Storage (swift) "Uploading a large object (SLO) in foreign language characters using S3 browser results in 400 BadRequest - Error in completing multipart upload" [High,Confirmed]21:34
timburkehave a fix already at
timburkei'll plan on backporting as far back as train21:35
*** acoles has joined #openstack-meeting21:36
mattoliverauahh more wsgi str fun :P21:37
zaitcevI'm still stuck with "secure" and "consistent" RBAC, basically tinkering with authorize().21:37
acoleshi sorry I'm late21:37
zaitcevThat code is scary, too much baggage.21:37
timburkeyeah, auth is thorny and we've (too) often neglected it21:38
timburkereminds me that i ought to revisit and those RBAC tests we've got...21:39
zaitcevYeah, the curse of RBAC and how it made Ho-san quit21:40
timburkeall right, i think that's about it then21:42
timburkethank you all for coming, and thank you for working on swift!21:42
*** openstack changes topic to "OpenStack Meetings ||"21:42
openstackMeeting ended Wed Dec  2 21:42:41 2020 UTC.  Information about MeetBot at . (v 0.1.4)21:42
openstackMinutes (text):
