Friday, 2015-10-09

« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »
*** gangil1 has joined #openstack-neutron-ovn00:08
*** gangil has quit IRC00:09
*** armax has quit IRC00:11
*** shettyg has quit IRC00:39
*** chandrav has quit IRC00:49
*** gangil1 has quit IRC01:02
*** chandrav has joined #openstack-neutron-ovn01:09
switchcaderussellb: yeah, so it looks like the ingress/egress sides weren't really mirrored01:25
switchcadewell, it's a bit more subtle than that01:25
russellbswitchcade: sorted out what was going on?01:26
switchcadeI believe so. We hit some minor snags trying to patch OVN to do the right thing in the interim01:27
switchcadebut basically if stateful rules were enabled anywhere, then they were enabled everywhere.01:27
switchcadeso, for the VM port, you had rules to handle the traffic correctly01:27
switchcadebut for the logical port, conntrack would occur at ingress for the initial packet... then when the response comes, on egress towards local port, it would go through conntrack and be marked as "invalid"01:28
switchcadeit seems if a SYN packet is sent through conntrack for a new connection, it will report back "+trk+new"01:28
switchcadeif a response packet comes back through conntrack, but the connection cannot be found, it will report back "+trk+inv"01:29
switchcadein this case, we didn't commit ingress from in_port=201:29
switchcadeso, reply in egress to port=2 would come back invalid01:29
switchcadebasic solution is probably to massage the rules to have explicit rules handling both ports01:30
switchcadebetter solution is to improve flow generation in OVN so that conntrack doesn't occur on a port if there is no stateful firewall there01:31
switchcadeJustin said he'll look a bit more tonight.01:32
russellbcool thanks a bunch for diving in!01:32
switchcadenp:)01:33
*** azbiswas has joined #openstack-neutron-ovn01:46
*** yamamoto has joined #openstack-neutron-ovn01:47
*** azbiswas has quit IRC01:52
*** azbiswas has joined #openstack-neutron-ovn01:52
*** chandrav has quit IRC02:14
*** yamamoto has quit IRC02:42
*** chandrav has joined #openstack-neutron-ovn03:08
*** yamamoto has joined #openstack-neutron-ovn03:19
*** chandrav has quit IRC03:35
*** armax has joined #openstack-neutron-ovn03:38
*** chandrav has joined #openstack-neutron-ovn03:57
*** azbiswas has quit IRC04:18
*** shettyg1 has quit IRC04:18
*** azbiswas has joined #openstack-neutron-ovn05:14
*** azbiswas has quit IRC05:15
*** azbiswas has joined #openstack-neutron-ovn05:38
*** armax has quit IRC05:40
switchcaderussellb: so the changes Justin put together got it working on that server. I also noticed an unrelated bug which I believe affects OVS-2.4 and hasn't been otherwise noticed :-)05:54
switchcadeI just ran the neutron commands to clear the rules, then re-instated the defaults and I can ping/ssh through05:54
*** azbiswas has quit IRC06:36
*** azbiswas has joined #openstack-neutron-ovn06:45
*** subscope has quit IRC07:29
ajoswitchcade, you're having real fun08:09
ajo:)08:09
* ajo on envy... ;D08:10
*** fzdarsky has joined #openstack-neutron-ovn08:17
*** ajo has quit IRC08:37
*** ajo has joined #openstack-neutron-ovn08:39
*** subscope has joined #openstack-neutron-ovn08:44
*** azbiswas has quit IRC09:08
*** azbiswas has joined #openstack-neutron-ovn09:08
*** azbiswas has quit IRC09:12
*** subscope has quit IRC09:32
*** subscope has joined #openstack-neutron-ovn09:33
*** subscope has quit IRC09:52
*** subscope has joined #openstack-neutron-ovn10:59
*** subscope has quit IRC11:20
*** subscope has joined #openstack-neutron-ovn11:22
*** subscope has quit IRC11:29
*** subscope has joined #openstack-neutron-ovn11:34
*** subscope has quit IRC11:44
*** subscope has joined #openstack-neutron-ovn11:45
*** azbiswas has joined #openstack-neutron-ovn12:11
*** yamamoto has quit IRC12:12
*** azbiswas has quit IRC12:17
*** subscope has quit IRC12:29
*** subscope has joined #openstack-neutron-ovn12:29
*** subscope has quit IRC12:31
*** subscope has joined #openstack-neutron-ovn12:33
*** regXboi has joined #openstack-neutron-ovn12:51
*** yamamoto has joined #openstack-neutron-ovn12:57
*** flaviof has quit IRC13:30
*** chandrav has quit IRC13:36
*** chandrav has joined #openstack-neutron-ovn13:53
*** azbiswas has joined #openstack-neutron-ovn14:17
*** shettyg has joined #openstack-neutron-ovn14:27
*** thumpba has joined #openstack-neutron-ovn14:30
*** azbiswas has quit IRC14:30
*** chandrav has quit IRC14:37
*** flaviof has joined #openstack-neutron-ovn14:42
*** azbiswas has joined #openstack-neutron-ovn14:44
*** azbiswas has quit IRC14:48
*** yamamoto has quit IRC14:51
*** yamamoto has joined #openstack-neutron-ovn14:59
*** azbiswas has joined #openstack-neutron-ovn15:26
*** subscope has quit IRC15:28
*** thumpba has quit IRC15:36
*** azbiswas has quit IRC15:41
*** azbiswas has joined #openstack-neutron-ovn15:42
*** yamamoto has quit IRC15:46
*** thumpba has joined #openstack-neutron-ovn15:47
*** armax has joined #openstack-neutron-ovn16:01
*** yamamoto has joined #openstack-neutron-ovn16:08
*** gangil has joined #openstack-neutron-ovn16:10
*** gangil has quit IRC16:10
*** gangil has joined #openstack-neutron-ovn16:10
*** thumpba has quit IRC16:12
*** chandrav has joined #openstack-neutron-ovn16:12
*** thumpba has joined #openstack-neutron-ovn16:19
*** azbiswas_ has joined #openstack-neutron-ovn16:38
*** azbiswas has quit IRC16:40
*** yamamoto has quit IRC16:43
*** salv-orlando has quit IRC16:44
*** thumpba has quit IRC16:50
*** thumpba has joined #openstack-neutron-ovn16:53
*** chandrav has quit IRC16:56
*** azbiswas_ has quit IRC16:58
*** azbiswas has joined #openstack-neutron-ovn16:58
mesteryrussellb: Have you ever seen this error when trying to run devstack with OVN? http://paste.openstack.org/show/475905/17:11
mesteryLooks like it's trying to use tox to generate the config17:12
mesteryand tox isn't installed17:12
* mestery is in devstack nomans land lately17:12
* russellb looks17:12
russellbmestery: in other envs we must be installing tox as a side effect elsewhere17:22
russellbmestery: in my configs tempest is usually enabled, so that would get it installed if nothing else17:23
mesteryrussellb: Exactly, I'm tracking that down now.17:23
mesteryInto the rabbit hole I go! :)17:23
russellbso probably just need to add tox explicitly in our plugin17:23
russellbor just enable tempest in your local.conf17:23
mesteryOoooooo17:26
mesteryI bet that's it!17:26
mesteryBut17:26
mesteryThis is with my kuryr setup, so minimal set of things17:26
mesteryI think it makes sense to enable it in the plugin itself17:26
* russellb nods17:26
russellbyes17:26
mesteryI'll keep testing17:26
mesteryand submit a patch once I get it working17:26
russellbadding tempest is just a hack without having to update our plugin17:27
russellbsweet sounds good17:27
* mestery nods17:27
mesterycoolio17:27
mesterySounds like a plan17:27
russellbgo go go17:27
*** azbiswas has quit IRC17:29
*** azbiswas has joined #openstack-neutron-ovn17:30
switchcaderussellb: o/17:33
* russellb hides17:33
russellbjk :)17:33
russellbswitchcade: what's up?17:33
switchcade:) I'm getting "ssh_exchange_identification: read: Connection reset by peer" connecting to that host now17:33
russellblovely17:33
russellbi'm basically the worst sys admin17:33
switchcadehehe17:33
russellbworks for me :/17:34
switchcadehmm, could be something on my end.17:34
russellbtry ssh -v?17:34
switchcadeestablishes connection, loads dsa key, enables compatibility mode for protocol 2.0...17:36
switchcadeprints local version string, then connection reset message as above17:36
russellbwelp.17:36
switchcadeubuntu user, right?17:37
russellbyes17:37
*** thumpba has quit IRC17:40
*** thumpba has joined #openstack-neutron-ovn17:40
switchcadefigured it out:)17:41
russellboh ok17:41
russellbon your end or mine?17:41
switchcademyine17:41
russellbk17:41
switchcadeurgh, mine.17:41
switchcadeI use the corporate wired network + wireless and was routing over the wrong one17:42
russellbdamn networking17:42
switchcadecorporate network drops SSH connections, wireless is free-for-all17:42
russellbah17:42
russellbthat sounds quite overly restrictive17:42
russellbguess they don't want people creating tunnels back into their network?17:42
switchcadewell, they do also provide tunnel endpoints, I just don't use 'em ;)17:43
switchcadessh gateways17:43
russellbgotcha17:43
russellbwell anyway, hack away :)17:43
russellbit's a throwaway test vm17:43
openstackgerritKyle Mestery proposed openstack/networking-ovn: Explicitly install tox  https://review.openstack.org/23319517:44
mesteryrussellb: ^^^17:44
mesteryThat's the fix, works with that!17:44
mesteryYay!17:44
mesteryNow to actually test Kuryr with OVN :)17:44
russellb+2+117:44
*** salv-orlando has joined #openstack-neutron-ovn17:44
mesteryyay!17:45
russellbmestery: that sounds like a good #success17:45
mesteryDoes that work in this channel? I think so, right?17:45
russellbhmm17:45
russellbguess not17:45
russellbit's openstackstatus17:45
russellband that bot isn't in here17:45
mesteryAh, right17:46
* mestery moves to #openstack-neutron17:46
*** salv-orlando has quit IRC17:48
*** chandrav has joined #openstack-neutron-ovn17:49
*** salv-orlando has joined #openstack-neutron-ovn17:49
*** yamamoto has joined #openstack-neutron-ovn17:50
*** gangil has quit IRC17:51
*** gangil has joined #openstack-neutron-ovn17:52
*** gangil has quit IRC17:52
*** gangil has joined #openstack-neutron-ovn17:52
switchcaderussellb: don't suppose you know off-hand where core dumps would end up if I deliberately crashed OVS? ;-)17:54
russellbummmmmmm17:55
russellbno.17:55
russellbi don't know how this ubuntu thing works!17:55
russellb:-p17:55
switchcade:P17:55
*** yamamoto has quit IRC17:55
*** azbiswas has quit IRC18:00
*** azbiswas has joined #openstack-neutron-ovn18:05
* mestery weeps18:06
mesteryAfter getting OVN up, now my "docker" CLI has lost the "service" command :(18:06
* mestery grumbles and goes into the rabbit hole18:06
russellb:/18:06
russellbshave that yak18:07
mesteryIt's nuts18:07
mesteryIt was there yesterday18:07
mesteryNow it's gone18:07
* mestery thinks docker removed it18:07
russellbprobably18:07
russellbdamn hipsters18:07
mesteryI know, right!18:07
*** cascardo` has joined #openstack-neutron-ovn18:11
*** cascardo has quit IRC18:14
*** njohnston has joined #openstack-neutron-ovn18:25
switchcade<3 watch -d "ovs-ofctl dump-flows | grep foo..."18:29
switchcadeget this beautiful blinking of packets flowing through the pipeline18:29
russellbswitchcade: ooh, that's clever18:39
switchcadeif you "tmux attach" on that server you'll see it:)18:40
switchcadethe trick on a larger flow table is to get the filters down right18:40
switchcadeopenflow cookies could help with this, to some degree18:41
switchcadeif we had one cookie for all the default rules, then one cookie per firewall rule, you could look for a fairly specific needle in the haystack18:41
switchcadeit's not so bad at the moment with just ~70 flows, but this would help if you spin up lots of VMs18:42
switchcadeand complex policies18:42
*** salv-orlando has quit IRC18:44
*** salv-orlando has joined #openstack-neutron-ovn19:41
*** salv-orlando has quit IRC19:47
*** salv-orlando has joined #openstack-neutron-ovn19:49
openstackgerritMerged openstack/networking-ovn: Explicitly install tox  https://review.openstack.org/23319519:51
*** salv-orlando has quit IRC20:35
*** njohnston is now known as nate_gone20:46
*** salv-orlando has joined #openstack-neutron-ovn21:34
*** azbiswas has quit IRC21:35
*** azbiswas has joined #openstack-neutron-ovn21:35
*** chandrav has quit IRC21:40
*** chandrav has joined #openstack-neutron-ovn21:40
*** chandrav has quit IRC21:40
*** azbiswas has quit IRC21:45
*** azbiswas_ has joined #openstack-neutron-ovn21:45
*** shettyg has quit IRC21:46
*** thumpba has quit IRC22:02
switchcaderussellb: btw, I'm done with your setup now, feel free to reclaim it22:05
*** thumpba has joined #openstack-neutron-ovn22:14
*** thumpba has quit IRC22:17
*** thumpba has joined #openstack-neutron-ovn22:17
*** thumpba has quit IRC22:19
*** thumpba has joined #openstack-neutron-ovn22:19
*** thumpba has quit IRC22:20
*** thumpba has joined #openstack-neutron-ovn22:22
*** salv-orlando has quit IRC22:31
*** thumpba has quit IRC22:45
russellbswitchcade: cool, glad it helped22:51
*** azbiswas_ has quit IRC23:03
*** regXboi has quit IRC23:10
*** salv-orlando has joined #openstack-neutron-ovn23:53
« Thursday, 2015-10-08 Index Saturday, 2015-10-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!