Thursday, 2014-01-09

*** yamahata has joined #openstack-neutron		00:01
*** mlavalle has quit IRC		00:01
*** WackoRobie has joined #openstack-neutron		00:03
*** WackoRobie has quit IRC		00:08
*** changbl has quit IRC		00:21
*** otherwiseguy has quit IRC		00:26
openstackgerrit	Salvatore Orlando proposed a change to openstack/neutron: Make timeout for ovs-vsctl configurable https://review.openstack.org/61105	00:34
marun	anteaya: ping	00:36
openstackgerrit	Nachi Ueno proposed a change to openstack/neutron: API Extension for SSL-VPN services https://review.openstack.org/58897	00:39
*** otherwiseguy has joined #openstack-neutron		00:40
*** Sukhdev_ has joined #openstack-neutron		00:42
marun	wtf	00:51
marun	anyone from embrane here?	00:51
*** mili__ has quit IRC		00:52
*** networkstatic has quit IRC		00:55
*** mili_ has joined #openstack-neutron		00:56
Sukhdev_	I do not believe so :-)	00:59
*** rwsu has quit IRC		01:00
*** iwamoto has joined #openstack-neutron		01:08
*** jroovers has quit IRC		01:09
*** thuc has quit IRC		01:14
*** thuc has joined #openstack-neutron		01:15
*** thuc has quit IRC		01:19
*** networkstatic has joined #openstack-neutron		01:22
*** jp_at_hp has quit IRC		01:26
openstackgerrit	shihanzhang proposed a change to openstack/python-neutronclient: Empty file shouldn't contain copyright nor license https://review.openstack.org/63986	01:28
*** amotoki has quit IRC		01:31
*** mayu has joined #openstack-neutron		01:34
openstackgerrit	Rajesh Mohan proposed a change to openstack/neutron: Firewall as a Service (FWaaS) Service Insertion https://review.openstack.org/62599	01:36
*** xuhanp has joined #openstack-neutron		01:42
mayu	to run tempest, each vedor need to provide their device for the test to prove that it is working. but how they do	01:43
mayu	anybody who know how does nicira provide their controller device for the tempest test	01:45
Sukhdev_	I do not know how nicira does, I know how Arista does	01:47
markmcclain	arosen, armax: ^^^	01:48
Sukhdev_	I have a question on neutron tempest test test_network_basic_ops - anybody here who can answer a question?	01:49
mayu	how nicira does	01:55
openstackgerrit	Lee Li proposed a change to openstack/neutron: ipt_mgr.ipv6 written in the wrong ipt_mgr.ipv4 https://review.openstack.org/63981	01:57
mayu	i'm new to tempest	01:57
mayu	Sukhdev_, can you tell me how Arista does	01:57
openstackgerrit	Arata Notsu proposed a change to openstack/neutron: Automatic configuration of local_ip in ovs_neutron_plugin.ini https://review.openstack.org/64253	02:06
openstackgerrit	Rajesh Mohan proposed a change to openstack/neutron: Firewall as a Service (FWaaS) Service Insertion https://review.openstack.org/62599	02:14
*** sgran_ has joined #openstack-neutron		02:14
*** dkehn_ has joined #openstack-neutron		02:14
*** dkehn has quit IRC		02:15
*** sgran has quit IRC		02:15
*** tziOm has quit IRC		02:15
*** tziOm has joined #openstack-neutron		02:15
*** thansen has quit IRC		02:15
*** julim has quit IRC		02:15
*** alagalah has joined #openstack-neutron		02:17
*** thansen has joined #openstack-neutron		02:17
*** WackoRobie has joined #openstack-neutron		02:21
*** dkehn_ is now known as dkehn		02:23
*** sc68cal has quit IRC		02:33
*** WackoRobie has quit IRC		02:36
*** sc68cal has joined #openstack-neutron		02:36
mayu	anybody who know how does Arista provide their device for the tempest test	02:39
*** julim has joined #openstack-neutron		02:43
*** mayu has quit IRC		02:44
*** sc68cal has quit IRC		02:45
*** sc68cal has joined #openstack-neutron		02:46
*** sc68cal has quit IRC		02:48
*** nati_ueno has quit IRC		02:50
*** sc68cal_ has joined #openstack-neutron		02:54
*** sc68cal_ has quit IRC		02:54
*** otherwiseguy has quit IRC		02:55
*** sc68cal_ has joined #openstack-neutron		02:56
*** Sukhdev_ has quit IRC		02:57
*** changbl has joined #openstack-neutron		02:58
*** WackoRobie has joined #openstack-neutron		02:58
*** clev has joined #openstack-neutron		03:11
*** gongysh has joined #openstack-neutron		03:13
*** networks_ has joined #openstack-neutron		03:19
*** networkstatic has quit IRC		03:22
*** banix has quit IRC		03:24
*** julim has quit IRC		03:35
*** coolsvap has quit IRC		03:46
*** networks_ has quit IRC		03:50
*** networkstatic has joined #openstack-neutron		03:51
*** afazekas has joined #openstack-neutron		03:56
*** banix has joined #openstack-neutron		03:56
*** clev has quit IRC		04:01
*** amotoki has joined #openstack-neutron		04:07
*** harlowja is now known as harlowja_away		04:07
*** WackoRobie has quit IRC		04:14
*** harlowja_away is now known as harlowja		04:14
*** pcm_ has quit IRC		04:22
*** aymenfrikha has joined #openstack-neutron		04:31
*** tongli has quit IRC		04:36
*** ijw has quit IRC		04:40
*** ijw has joined #openstack-neutron		04:41
*** banix has quit IRC		04:45
*** doude has joined #openstack-neutron		04:46
*** iwamoto_ has joined #openstack-neutron		04:49
*** alagalah_ has joined #openstack-neutron		04:49
*** banix has joined #openstack-neutron		04:50
*** ijw has quit IRC		04:55
*** changbl has quit IRC		04:55
*** alagalah has quit IRC		04:55
*** tziOm has quit IRC		04:55
*** iwamoto has quit IRC		04:55
*** doude_ has quit IRC		04:55
*** notel has quit IRC		04:55
*** notel has joined #openstack-neutron		04:57
*** changbl has joined #openstack-neutron		04:57
*** ijw has joined #openstack-neutron		04:59
*** tziOm has joined #openstack-neutron		05:02
*** ijw has quit IRC		05:03
*** banix has quit IRC		05:06
*** yfried has quit IRC		05:06
*** morganfainberg has quit IRC		05:07
*** carl_baldwin has joined #openstack-neutron		05:11
*** aymenfrikha has quit IRC		05:12
*** WackoRobie has joined #openstack-neutron		05:24
*** chandankumar has joined #openstack-neutron		05:27
*** WackoRobie has quit IRC		05:29
*** ashaikh has joined #openstack-neutron		05:30
*** irenab has joined #openstack-neutron		05:33
*** garyk has quit IRC		05:38
*** chandankumar_ has joined #openstack-neutron		05:39
*** morganfainberg has joined #openstack-neutron		05:42
*** nati_ueno has joined #openstack-neutron		05:43
*** coolsvap has joined #openstack-neutron		05:53
*** carl_baldwin has quit IRC		05:59
*** bashok has joined #openstack-neutron		06:03
*** alagalah_ has quit IRC		06:06
*** Jabadia has joined #openstack-neutron		06:13
*** Jabadia has quit IRC		06:15
*** Jabadia has joined #openstack-neutron		06:17
openstackgerrit	Akihiro Motoki proposed a change to openstack/neutron: Return request-id in API response https://review.openstack.org/58270	06:24
*** chandankumar has quit IRC		06:25
*** harlowja is now known as harlowja_away		06:25
*** akamyshnikova__ has quit IRC		06:28
irenab	Hi, I fail to rebase the patch due to the change with etc/neutron/plugins/nicira. Did anyone had same issie? Need guidance to resolve git rebase issue. Thanks!	06:29
*** akamyshnikova has joined #openstack-neutron		06:31
*** Ilja1 has joined #openstack-neutron		06:36
openstackgerrit	Jenkins proposed a change to openstack/neutron: Imported Translations from Transifex https://review.openstack.org/64786	06:36
openstackgerrit	Berezovsky Irena proposed a change to openstack/neutron: Add update from agent to plugin on device up https://review.openstack.org/53609	06:37
*** Ilja1 has quit IRC		06:44
openstackgerrit	Joe Mills proposed a change to openstack/neutron: Blackhole traffic not destined to Midonet port https://review.openstack.org/58474	06:47
*** garyk has joined #openstack-neutron		06:51
*** sgran_ is now known as sgran		06:53
*** bvandenh has joined #openstack-neutron		06:53
*** morganfainberg has quit IRC		07:00
*** morganfainberg has joined #openstack-neutron		07:01
*** pradipta has joined #openstack-neutron		07:05
*** markwash has quit IRC		07:08
*** markwash has joined #openstack-neutron		07:11
*** morganfainberg has quit IRC		07:13
*** morganfainberg has joined #openstack-neutron		07:14
*** Ilja1 has joined #openstack-neutron		07:15
*** dguitarbite has joined #openstack-neutron		07:23
*** ashaikh has quit IRC		07:30
*** coolsvap has quit IRC		07:33
*** coolsvap has joined #openstack-neutron		07:44
anteaya	marun here	07:46
*** dguitarbite has quit IRC		07:48
*** wangbo has joined #openstack-neutron		07:48
*** dguitarbite has joined #openstack-neutron		07:48
*** dguitarbite has quit IRC		08:10
openstackgerrit	A change was merged to openstack/python-neutronclient: Remove an unused imported module https://review.openstack.org/63003	08:17
openstackgerrit	A change was merged to openstack/python-neutronclient: Misc typo in neutronclient https://review.openstack.org/60324	08:17
*** mayu has joined #openstack-neutron		08:18
*** iwamoto_ has quit IRC		08:23
mayu	anyone who know how to integrate openstack ci with vendor's openstack enviroment	08:23
*** jistr has joined #openstack-neutron		08:24
*** doudouyam has joined #openstack-neutron		08:26
*** doudouyam has left #openstack-neutron		08:27
*** pradipta has quit IRC		08:32
*** jlibosva has joined #openstack-neutron		08:33
openstackgerrit	Armando Migliaccio proposed a change to openstack/neutron: Fix pip install failure due to missing nvp.ini file https://review.openstack.org/65250	08:42
*** ygbo has joined #openstack-neutron		08:43
anteaya	mayu: what kind of integration are you looking for?	08:45
*** nati_ueno has quit IRC		08:47
mayu	third-party CI with openstack jekins CI	08:48
*** rossella_s has joined #openstack-neutron		08:48
mayu	third-party CI with openstack jekins CI	08:48
anteaya	mayu: have you read this? http://ci.openstack.org/running-your-own.html	08:49
mayu	yes	08:49
*** jpich has joined #openstack-neutron		08:49
anteaya	this shows you how to run your own ci	08:49
anteaya	great so what is the part you don't have yet	08:50
anteaya	do you mean listening ot gerrits stream?	08:50
anteaya	to	08:50
*** Ilja1 has quit IRC		08:50
mayu	but how does openstack Ci know address of my Ci	08:50
anteaya	it doesn't	08:50
anteaya	your ci can listen to gerrit's stream	08:50
anteaya	openstack ci knows nothing about your ci	08:51
*** angryjesters_ has quit IRC		08:51
mayu	when run tempest, if fail, how does openstack ci know	08:52
anteaya	mayu: have you read this: http://ci.openstack.org/third_party.html	08:52
anteaya	when who runs tempest?	08:52
*** Ilja1 has joined #openstack-neutron		08:52
mayu	actually , I am new	08:52
mayu	openstack Ci should run tempest	08:53
anteaya	openstack ci does run tempest	08:53
mayu	how openstack ci know tempest result if load vendor's plugin or driver	08:55
anteaya	this is an unsigned cert, but here is openstack ci running tempest: https://jenkins03.openstack.org/job/check-tempest-dsvm-full/183/	08:55
anteaya	mayu: the 3rd party test account posts to the sha of the patch using gerrit review	08:56
*** safchain has joined #openstack-neutron		08:56
anteaya	mayu: have you read this page? http://ci.openstack.org/third_party.html	08:56
mayu	not clear	08:57
anteaya	have you read this page http://ci.openstack.org/third_party.html	08:57
mayu	yes, but not clear	08:57
anteaya	what part is not clear?	08:58
anteaya	do you have an account on gerrit?	08:59
mayu	I don't understand the artiteche of the openstack CI	08:59
anteaya	you don't have to understand the architecture of the openstack ci	09:00
mayu	the relationship between openstack Ci and third-pary CI	09:00
anteaya	do you have an account on gerrit	09:00
mayu	yes	09:00
anteaya	great	09:00
openstackgerrit	Arata Notsu proposed a change to openstack/neutron: Automatic configuration of local_ip in ovs_neutron_plugin.ini https://review.openstack.org/64253	09:00
anteaya	run this command from your shell ssh -p 29418 <gerrit-username>@<host> gerrit stream-events	09:01
anteaya	make sure you are running it from the computer that has your ssh key	09:01
mayu	ok	09:01
anteaya	<host> is review.openstack.org	09:01
anteaya	<gerrit-username> is your gerrit username	09:02
mayu	ok	09:02
anteaya	and your gerrit account has your ssh public key, does it not?	09:02
mayu	yes	09:02
anteaya	tell me when you have something returned from that command	09:03
mayu	soryy, my account invalid	09:05
anteaya	can you paste your output, paste.openstack.org	09:05
mayu	it's first time to login	09:05
anteaya	go to review.openstack.org	09:06
mayu	I will register a new one	09:06
anteaya	no	09:06
anteaya	then we have abandoned accounts around	09:06
anteaya	what is the problem with the one you have?	09:06
anteaya	we need to fix it	09:07
anteaya	what is the problem you are having?	09:07
anteaya	don't just disappear, talk to me	09:08
mayu	i am right review.openstack.org	09:08
anteaya	yes	09:08
mayu	then	09:08
anteaya	have you logged into your account before?	09:08
mayu	sign in ?	09:08
mayu	yes	09:09
anteaya	sign in yes	09:09
anteaya	do you have a username?	09:09
anteaya	if not fill one in	09:09
mayu	mayu	09:09
mayu	next ?	09:10
anteaya	put in your pubic ssh key	09:11
anteaya	under ssh keys	09:11
openstackgerrit	garyk proposed a change to openstack/neutron: Update RPC code from oslo https://review.openstack.org/64419	09:11
mayu	i have no ssh keys	09:12
anteaya	then you need some	09:12
anteaya	please generate some	09:12
mayu	wait	09:12
anteaya	I have no choices	09:13
anteaya	we can't do anything until gerrit has your public ssh key	09:13
mayu	you are so kind	09:15
mayu	like father	09:15
anteaya	thanks	09:15
*** ijw has joined #openstack-neutron		09:16
*** ijw has quit IRC		09:20
*** jroovers has joined #openstack-neutron		09:25
*** mayu_ has joined #openstack-neutron		09:29
mayu	anteaya, there 、	09:30
mayu	i get my key	09:30
anteaya	great	09:30
anteaya	give gerrit your public key	09:31
mayu_	next ?	09:31
mayu_	done	09:31
*** jp_at_hp has joined #openstack-neutron		09:32
anteaya	run ssh -p 29418 mayu@review.openstack.org gerrit stream-events	09:32
mayu_	$ ssh -p 29418 mayu@review.openstack.org gerrit stream-events The authenticity of host '[review.openstack.org]:29418 ([198.101.231.251]:29418) ' can't be established. RSA key fingerprint is ee:2f:ac:1b:f8:25:d0:39:be:55:02:c7:76:5e:39:53. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '[review.openstack.org]:29418,[198.101.231.251]:29418 ' (RSA) to the list of known hosts. Permission d	09:35
anteaya	mayu_: it's time you learned how to use paste	09:36
anteaya	please go to paste.openstack.org	09:36
anteaya	do you see a text box there?	09:37
mayu_	yes	09:38
anteaya	paste text into the text box and press the submit button	09:38
anteaya	the url will change to a unique url	09:38
anteaya	copy the unique url and post the unique url in this channel	09:39
mayu_	http://paste.openstack.org/show/yglmSPdy8miGubktgCUW/	09:39
mayu_	great	09:39
anteaya	thank you	09:40
* anteaya clicks		09:40
anteaya	okay go to your gerrit account	09:40
anteaya	under ssh keys	09:40
mayu_	ok	09:41
anteaya	do you see a key listed?	09:41
mayu_	yes	09:41
mayu_	there are towl	09:41
mayu_	two	09:41
anteaya	two	09:41
anteaya	does one of them correspond to the private key you have on the computer you are working on now?	09:42
mayu_	remove ont	09:42
mayu_	remove one ?	09:42
anteaya	no	09:42
anteaya	you don't need to remove any	09:42
mayu_	ok	09:43
anteaya	you need to ensure that one of them is the public key for the private key you have on your computer	09:43
mayu_	ok , i check	09:43
anteaya	great	09:43
mayu_	http://paste.openstack.org/show/60864/	09:44
anteaya	okay that is half a key pair	09:45
anteaya	I have no way of knowing by looking at it if it is the correct key or not	09:46
*** coolsvap has quit IRC		09:46
mayu_	http://paste.openstack.org/show/60865/	09:46
mayu_	half ?	09:47
anteaya	mayu_: I think if you take some time and read up on ssh keys, you will recognize the value of spending the time doing so	09:48
anteaya	ssh keys come in pairs	09:48
anteaya	the public half of the key is necesarry to confirm the accuracy of the private half	09:49
anteaya	mayu_: in your gerrit settings what is the id for your account?	09:49
anteaya	I'm going to ask someone to check the databaase for your account	09:50
anteaya	to see if the ssh keys are in the db	09:50
mayu_	ok	09:50
anteaya	are you able to shell into gerrit? or do you still get Permission denied (publickey).	09:51
enikanorov	mayu_: ls -la ~/.ssh/	09:52
mayu_	denied	09:52
enikanorov	do you see id_rsa there?	09:52
mayu_	yes	09:52
enikanorov	it may take some time to propagate public key, so you might need to wait some time after you upload the key to gerrit	09:54
mayu_	my id is 9832	09:55
mayu_	ok	09:55
anteaya	mayu_: thanks	09:55
mayu_	tea in your nick name	09:56
*** DynamiteXXL has joined #openstack-neutron		09:56
afazekas	neutron dhcp-agent-list-hosting-net <my-network-with-dhcp-enabled-subnet> (private network created by devstack) , does not show any agent, however the 'neutron l3-agent-list-hosting-router router1' show an agent without an explicit add request. Is it normal ?	09:57
*** nati_ueno has joined #openstack-neutron		09:58
anteaya	mayu_: yes	09:58
anteaya	I love tea	09:58
mayu_	I love tea too	09:58
mayu_	I'm chinese	09:58
mayu_	and u ?	09:58
anteaya	the folks who can check the gerrit db are not available right now, I will let you know when I hear back	09:58
anteaya	nice	09:58
anteaya	Canadian in Australia right now	09:59
anteaya	heading back to Canada next week	09:59
mayu_	good place	09:59
anteaya	thanks	09:59
anteaya	I like it	09:59
anteaya	afazekas: hi, I don't know the answer to your question	10:00
anteaya	perhaps enikanorov or nati_ueno know more than I	10:01
*** nati_ueno has quit IRC		10:02
enikanorov	afazekas:	10:02
mayu_	anteaya: well, can u tell me your email	10:02
anteaya	okay I am offline for a bit	10:03
anteaya	back later	10:03
mayu_	ok	10:03
anteaya	mayu_: I would prefer conducting discussions in tthe open on this channel	10:03
anteaya	it helps others in the same position as you	10:03
mayu_	ok	10:03
anteaya	my email is no secret anteaya at anteaya dot info	10:04
anteaya	but I'll just ask you to discuss your concerns here	10:04
enikanorov	afazekas: does 'neutron agent-list' shows dhcp agent?	10:04
anteaya	thanks	10:04
afazekas	enikanorov: yes, it is up	10:04
mayu_	ok	10:05
enikanorov	that is interesting	10:05
afazekas	With the havana pranch it is ok, but with the master branch I do not see the agent	10:06
*** kruskakli has quit IRC		10:08
*** coolsvap has joined #openstack-neutron		10:10
mayu_	thanks anteaya, i will leave for supper, see you	10:10
*** mayu has quit IRC		10:17
*** yfried has joined #openstack-neutron		10:18
yfried	marun: ping	10:18
*** xuhanp has quit IRC		10:20
openstackgerrit	garyk proposed a change to openstack/neutron: Update RPC code from oslo https://review.openstack.org/64419	10:37
*** gongysh has quit IRC		10:47
*** angryjesters_ has joined #openstack-neutron		10:52
*** sputnik13net has joined #openstack-neutron		11:01
*** wangbo has quit IRC		11:05
*** jprovazn has joined #openstack-neutron		11:11
openstackgerrit	Jianing Yang proposed a change to openstack/neutron: Implement basic functionalities for port forwarding https://review.openstack.org/60512	11:15
*** kruskakli has joined #openstack-neutron		11:17
*** networkstatic is now known as networkstatic_zZ		11:18
*** DynamiteXXL has quit IRC		11:23
*** pcm_ has joined #openstack-neutron		11:30
*** pcm_ has quit IRC		11:30
*** pcm_ has joined #openstack-neutron		11:31
*** AndreyGrebenniko has quit IRC		11:31
*** sputnik13net has quit IRC		11:39
*** sputnik13net has joined #openstack-neutron		11:41
*** yamahata has quit IRC		11:43
openstackgerrit	Ann Kamyshnikova proposed a change to openstack/neutron: Update lockutils and fixture in openstack.common https://review.openstack.org/47557	11:57
*** alagalah has joined #openstack-neutron		11:58
*** gongysh has joined #openstack-neutron		11:58
*** safchain has quit IRC		11:58
openstackgerrit	Ann Kamyshnikova proposed a change to openstack/neutron: Update lockutils and fixture in openstack.common https://review.openstack.org/47557	11:59
*** sputnik13net has quit IRC		12:02
*** coolsvap has quit IRC		12:02
*** rkukura has quit IRC		12:06
*** DynamiteXXL_ has joined #openstack-neutron		12:07
*** dims_ is now known as dims		12:11
openstackgerrit	garyk proposed a change to openstack/neutron: Update RPC code from oslo https://review.openstack.org/64419	12:12
openstackgerrit	enikanorov proposed a change to openstack/neutron: Introduce Loadbalancer instance https://review.openstack.org/60207	12:36
*** alagalah has quit IRC		12:39
*** jroovers has quit IRC		12:43
*** heyongli has joined #openstack-neutron		12:54
*** irenab is now known as irenab_		12:58
*** yfujioka has joined #openstack-neutron		13:02
openstackgerrit	garyk proposed a change to openstack/neutron: Update RPC code from oslo https://review.openstack.org/64419	13:07
*** jroovers has joined #openstack-neutron		13:18
*** jroovers has quit IRC		13:18
*** jroovers has joined #openstack-neutron		13:18
openstackgerrit	enikanorov proposed a change to openstack/neutron: Introduce Loadbalancer instance https://review.openstack.org/60207	13:23
*** alexpilotti has joined #openstack-neutron		13:25
*** safchain has joined #openstack-neutron		13:26
openstackgerrit	Ihar Hrachyshka proposed a change to openstack/python-neutronclient: Mention --fixed-ip subnet_id=<..> in help message https://review.openstack.org/65690	13:29
openstackgerrit	Édouard Thuleau proposed a change to openstack/neutron: OVS lib defer apply doesn't handle concurrency https://review.openstack.org/63917	13:34
*** Ilja1 has quit IRC		13:34
*** xuhanp has joined #openstack-neutron		13:34
openstackgerrit	Sylvain Afchain proposed a change to openstack/neutron: L3 Agent can handle many external networks https://review.openstack.org/59359	13:48
*** yamahata has joined #openstack-neutron		13:49
*** yamahata has quit IRC		13:50
*** yamahata has joined #openstack-neutron		13:51
openstackgerrit	Armando Migliaccio proposed a change to openstack/neutron: VMware NSX: add sanity checks for NSX cluster backend https://review.openstack.org/65692	13:54
*** armax has joined #openstack-neutron		14:03
*** aymenfrikha has joined #openstack-neutron		14:03
*** yfried has quit IRC		14:03
*** amuller has joined #openstack-neutron		14:07
*** thuc has joined #openstack-neutron		14:08
*** amotoki has quit IRC		14:09
*** irenab_ has quit IRC		14:10
*** heyongli has quit IRC		14:11
*** coolsvap has joined #openstack-neutron		14:11
*** julim has joined #openstack-neutron		14:13
openstackgerrit	Sylvain Afchain proposed a change to openstack/neutron: Add parameter and iptables rules to protect dnsmasq ports https://review.openstack.org/61994	14:16
*** peristeri has joined #openstack-neutron		14:19
*** jdev789 has joined #openstack-neutron		14:21
*** jdev has joined #openstack-neutron		14:21
*** jecarey has quit IRC		14:31
*** markmcclain has quit IRC		14:39
openstackgerrit	Sascha Peilicke proposed a change to openstack/neutron: Support passing 'insecure' to quantumclient https://review.openstack.org/65696	14:39
*** ijw has joined #openstack-neutron		14:40
*** ijw has quit IRC		14:40
*** ijw has joined #openstack-neutron		14:41
*** thuc has quit IRC		14:43
*** thuc has joined #openstack-neutron		14:44
*** bashok has quit IRC		14:47
*** jecarey has joined #openstack-neutron		14:48
*** thuc has quit IRC		14:48
*** WackoRobie has joined #openstack-neutron		14:49
*** aveiga has joined #openstack-neutron		14:52
*** banix has joined #openstack-neutron		14:53
marun	anteaya: ping	14:55
*** marun has quit IRC		14:57
*** thuc has joined #openstack-neutron		14:57
*** rkukura has joined #openstack-neutron		15:00
*** carl_baldwin has joined #openstack-neutron		15:00
*** thuc has quit IRC		15:02
*** markmcclain has joined #openstack-neutron		15:02
*** networkstatic_zZ has quit IRC		15:02
*** thuc has joined #openstack-neutron		15:02
*** networkstatic has joined #openstack-neutron		15:03
*** bmeshjason has joined #openstack-neutron		15:03
*** clev has joined #openstack-neutron		15:06
*** thuc has quit IRC		15:07
*** aymenfrikha has quit IRC		15:09
*** aymenfrikha1 has joined #openstack-neutron		15:09
*** marun has joined #openstack-neutron		15:12
aveiga	ijw: sc68cal_: ping	15:17
*** sc68cal_ is now known as sc68cal		15:17
*** sc68cal has joined #openstack-neutron		15:17
sc68cal	pong	15:18
*** aymenfrikha1 has quit IRC		15:18
aveiga	I was hoping ijw would be around, but we've hit a dilemma wrt IPv6 networks, specifically the "router" object	15:19
ijw	Sorry, I'm about	15:19
aveiga	ijw: Re: your RA security bug (link escapes me atm)	15:20
aveiga	in order to setup rules to fix that bug, we'd have to fill out the gateway IP in the "router" object on the network	15:20
aveiga	problem is, RAs use the lla for that	15:20
aveiga	do we allow global IPs on the router? How do we enforce that the gateway ip is the lla, or do we even bother?	15:21
ijw	We have the information to do that, though	15:21
openstackgerrit	Sascha Peilicke proposed a change to openstack/neutron: Support passing 'insecure' to quantumclient https://review.openstack.org/65696	15:21
aveiga	I'm not sure we do, in the case of provider network devices	15:22
aveiga	or non-OpenStack gear on the network, more generally	15:22
ijw	With you in a mo, on the phone, but naturally I have a pat answer ;)	15:22
aveiga	use case: hardware load-balancer attached to a private tenant VLAN	15:22
aveiga	np	15:22
*** rwsu has joined #openstack-neutron		15:23
*** dims has quit IRC		15:23
*** dims has joined #openstack-neutron		15:24
*** mfink has joined #openstack-neutron		15:27
*** aymenfrikha has joined #openstack-neutron		15:28
*** aymenfrikha has quit IRC		15:28
*** alagalah has joined #openstack-neutron		15:29
*** alagalah has joined #openstack-neutron		15:29
*** Jabadia has quit IRC		15:34
*** jorisroovers has joined #openstack-neutron		15:34
*** Jabadia has joined #openstack-neutron		15:34
*** tongli has joined #openstack-neutron		15:37
*** jroovers has quit IRC		15:37
*** mvenesio has joined #openstack-neutron		15:37
*** xuhanp has quit IRC		15:38
*** Jabadia has quit IRC		15:39
*** mfink has quit IRC		15:41
*** jgrimm has joined #openstack-neutron		15:44
ijw	Jesus that guy can talk	15:44
ijw	Hm, HW lb on tenant VLAN - surely the VLAN is at the least a provider network unless you're using a Neutron LB plugin	15:45
*** otherwiseguy has joined #openstack-neutron		15:46
ijw	So anyway, I think what we need is a list of authorised addresses (or perhaps just MACs) from which RAs are permitted into ports.	15:46
*** yfried has joined #openstack-neutron		15:46
ijw	Setting aside the LB a second, I'll come back to that	15:46
ijw	That would be every Neutron router on the network and additionally, for a provider network, every external router we've explicitly configured.	15:47
sc68cal	ijw: I would prefer to just use the subnet's gateway for now	15:47
*** mfink has joined #openstack-neutron		15:47
aveiga	I tend to agree with sc68cal since RAs should only come from "gatwways" anyway, even if that gateway is an LB	15:47
ijw	sc68cal: ok, I'm not sure that makes much difference	15:48
ijw	It's still in the category of 'external router we've explicitly configured', isn't it?	15:48
aveiga	yes	15:48
aveiga	but the explicit config part is at issue	15:48
ijw	I suppose the distinction is in how we configured it	15:48
ijw	Setting the gateway of the subnet explicitly seems like a reasonable way to do that, and also quite nea	15:48
ijw	t	15:48
aveiga	do we enfore the laa be used, do we capture and infer, or do we just let it go?	15:48
aveiga	lla*	15:49
ijw	Much as it sucks I think the current pattern of this stuff says we should be enforcing it	15:49
aveiga	I agree	15:50
sc68cal	I don't think there is any validation for gateway property of subnet, beyond just type checking and maybe format	15:50
*** ramishra has joined #openstack-neutron		15:50
sc68cal	I'd prefer to not muck with that	15:50
*** Ilja has joined #openstack-neutron		15:50
ijw	Bit tricky. For tenant networks it's clear that blocking outgoing RAs and filtering outgoing NDs would be sufficient to get shot of all the crappy problems	15:50
aveiga	so then do we put in validation to restrict gateways explicitly to an fe80?	15:50
ijw	For provider networks you have to be pretty explicit on your rules, though	15:50
sc68cal	aveiga: I'd prefer to not	15:50
aveiga	ijw: don;t be so quick there	15:50
aveiga	what if you ran a service VM in your tenant net	15:51
ijw	Define service VM	15:51
aveiga	VM on both the tenat net and a provider bnet that routes traffic	15:51
ijw	If it's administratively managed by Openstack code then that is infrastructure code and it should play by the rules	15:51
aveiga	maybe an LB as a Vm, maybe an actual router running quagga for a reflector or something	15:51
ijw	If it's run by the tenant then we have a long discussion ahead of ourselves (for v4 and v6 both) on how to make a better port firewall	15:52
aveiga	these aren't necessarily normal datacenter type scenarios, but they're certainly there for service providers	15:52
ijw	(which, to be fair, has work in the Nicira plugin, and they have quite a straightforward approach for some of it that basically says 'turn off firewalling, I'm a grownup and I get to decide who goes on this network anyway' - it's only shared networks that are a problem	15:53
roaet	Hello neutron folks! Any core mind checking out https://review.openstack.org/#/c/57517/ now that infra has blessed it with a bugfree run? Thanks.	15:53
aveiga	I fear that many of these will be tenant run. But if they're only on a non-shared network (tenant-owned) that should be ok?	15:53
ijw	aveiga: Understood. I think they're the cloud equivalent of what you'd want to do as a network admin in a notmal datacentre. Also, they're use cases that are more useful in private cloud than SP cloud, which is why they don't get much time	15:54
aveiga	maybe we only do the RA filtering on shared networks?	15:54
ijw	aveiga: NVP took the approach that you could disable antispoof at your option on a network you own. I think this fits into the same category.	15:54
*** chandankumar_ has quit IRC		15:54
ijw	'Yes I could be spoofed but I would be spoofing myself'	15:55
aveiga	right	15:55
aveiga	so then maybe we only turn anti-spoof on for shared networks	15:55
aveiga	and if you're really that paranoid on a private net, do it yourself in host-based firewalls	15:55
ijw	... I'm not saying that's sufficient, because there are nuances of whether - just because you created a machine - you actually trust it, but my point is that we can get a base level of necessary security in place on the assumption that we're going to revisit this with a few better controls in the future	15:56
aveiga	I like the sound of that	15:56
aveiga	so we agree to filter on shared networks to start, and only allow RAs from configured gateways	15:56
ijw	the v4 rule is 'on until I turn it off' and I think I would follow that pattern. We give the user a nice padded room and the key to the box of knives	15:56
ijw	Yes, I think that's best	15:57
aveiga	but that puts us back to my original questionL: enforce lla gateways or no?	15:57
ijw	Well, why wouldn't you?	15:57
ijw	LLA addresses are predictable	15:57
sc68cal	Because currently there is no enforcement	15:57
*** jhurlbert has quit IRC		15:57
sc68cal	Are we perscribing that the gateway must always be a LLA address, in 100% of cases?	15:57
aveiga	and because you may want to configure a provider net to use a global and do ND spoofing for reduntant router pairs?	15:58
ijw	First, I have o idea how redundancy in routers works for v6 and I also suspect we run into the same problems here for v4, so I'm not going to touch that part of the question for now ;)	15:58
*** alagalah has left #openstack-neutron		15:59
aveiga	well, maybe we just don't enforce and remind people that RAs are normally from an LLA?	15:59
aveiga	update the Ops Guide and the docs	15:59
ijw	But on the other part, why couldn't we accept RAs for the LL and global of a router if it's Neutron, and for whatever address is configured if it's not? I may be missing something here...	15:59
*** markmcclain has quit IRC		16:00
matrohon	gongysh : ping	16:00
aveiga	if neutron is the router, we should just accept whatever is configured and set the RA agent to use the same	16:00
aveiga	if neutron isn't, I think we should just let it go	16:00
ijw	Actually, your poit says you don't even have to do global on a Neutron router, cos we know they're going to be well behaved	16:00
aveiga	right	16:00
aveiga	I think we just don't even bother with enforcement	16:01
sc68cal	I don't think Neutron sets a LLA for a router you create	16:01
ijw	So, whatever address is configured as subnet GW we use without comment, isn't that what we're saying?	16:01
ijw	sc68cal: it can't avoid it	16:01
aveiga	ijw: yes, I think it is	16:01
ijw	And for Neutron that would inevitably be the LLA?	16:01
aveiga	we just need to remind operators that most routers us the LLA. The case where most people put PREFIX::1 as the gateway is what I'm worried about	16:01
sc68cal	ijw: what I mean to say is, I don't think it's saved anywhere	16:02
ijw	For anything else we just keep our mouths shut and let the user screw up	16:02
aveiga	but that seems to be an education problem	16:02
aveiga	yep, +1	16:02
ijw	sc68cal: it's EUID derived - so can't we calculate it from the MAC?	16:02
aveiga	sc68cal: yup, calculate it from the MAC. It will exist no matter what	16:02
sc68cal	yes - I agree it exists	16:03
sc68cal	but currently it probably uses a global ip	16:03
*** bmeshjason has quit IRC		16:03
sc68cal	since the EUID patch has not been merged yet	16:03
ijw	OK - so is there anything in there that we can summarise in a 'we'll get there eventually' BP?	16:03
aveiga	well, nothing is issuing an RA today	16:03
*** bmeshjason has joined #openstack-neutron		16:03
ijw	Yeah - I would like to believe we're close on that, if we can close those attrs today I would actually like to write some code for a change, getting fed up of meetings...	16:04
ijw	I was planning on pulling Seean's patch apart and using it for the bits, actually - it's got a good example of attr addition and validation, so I'll just nick that	16:05
ijw	Once it's in I'm hoping shshang will be happy to stick his stuff on top.	16:06
ijw	From there we can argue the details.	16:06
aveiga	ok, so this afternoon I'll write up the BPs for both the mode names and the response to the security bug	16:07
*** yfujioka has quit IRC		16:07
ijw	OK - you're happy with the values (if not the names) already there?	16:08
aveiga	did you see my reply about the mixed mode?	16:08
aveiga	also, I'm not sure I understand the use case with ra-only, no DHCP	16:09
ijw	I don't really think there is one to be honest, it just falls out in the combinations	16:09
aveiga	ok	16:09
aveiga	another of those "give them enough rope" deals	16:10
aveiga	since the modes are useful in other combinations	16:10
aveiga	I think we're good then	16:10
ijw	Yeah - it annoys me that it comes up but on the other hand I really like having separate RA and DHCPv6 options and making the two co-operate	16:10
*** markmcclain has joined #openstack-neutron		16:10
aveiga	it's fine	16:10
*** ashaikh has joined #openstack-neutron		16:10
aveiga	if you're configuring a network, hopefully you know enough that that's not a valid combination	16:11
ijw	And I'm pretty sure we could configure it if people really want to see their networks screw up	16:11
aveiga	yup	16:11
aveiga	let it be	16:11
aveiga	in fact, I think some implementations may wish to actually no-op that and ignore it	16:11
ijw	I'm thinking default should be slaac/dhcp for a /64 and ra-only/dhcp for anything else	16:11
aveiga	that brings up a good point	16:12
aveiga	PD	16:12
aveiga	I think we can support it, but it would require more work in the address allocation area	16:12
ijw	...scares me.	16:12
aveiga	eh, it has uses	16:12
ijw	Yes, it does, but in a cloud it's a bit more questionable	16:13
aveiga	like giving a prefix to a LB attached also to a private network	16:13
ijw	Yup	16:13
ijw	Again, I think this is not a basic usecase, so for now I would like to set it to one side and scare ourselves with it when we have ipv6 working basically	16:13
aveiga	agreed	16:13
aveiga	leave PD for J	16:14
ijw	The counterargument is whether we have to do anything specifically right now to accommodate it	16:14
aveiga	I don't think so	16:14
ijw	Presumably though we would add an attr to the port specifying a prefix to delegate and then adapt all our firewalling and whatever accordingly, thinking about it. Simples.	16:14
aveiga	eventually there will need to be a flag for PD_ALLOWED and an option for MAX_LENGTH and MIN_LENGTH	16:14
*** markmcclain has quit IRC		16:16
ijw	The only thing on that is whether we can use whatever mechanism for PD to also choose subnet address ranges. v6 is such an arse on this stuff	16:17
*** aymenfrikha has joined #openstack-neutron		16:17
ijw	(not cos it's v6, but because we need subnets to come out of a range because we're routing properly)	16:17
ijw	But that, as well, might have to wait for J.	16:18
*** aymenfrikha has quit IRC		16:20
*** alexpilotti has quit IRC		16:20
aveiga	+1	16:21
openstackgerrit	Avishay Balderman proposed a change to openstack/neutron: LBaaS L7 model (WIP) https://review.openstack.org/61721	16:21
*** peristeri has quit IRC		16:25
*** garyk has quit IRC		16:26
*** peristeri has joined #openstack-neutron		16:26
*** ramishra has quit IRC		16:27
*** ramishra has joined #openstack-neutron		16:28
*** armax has quit IRC		16:28
*** thuc has joined #openstack-neutron		16:28
openstackgerrit	Jon Grimm proposed a change to openstack/neutron: Openvswitch update_port should return updated port info https://review.openstack.org/58847	16:29
*** thuc_ has joined #openstack-neutron		16:30
*** thuc has quit IRC		16:30
ijw	sc68cal: that icmp thing - bet it affects havana when ipv6 support's turned off...	16:37
sc68cal	not sure I follow	16:38
openstackgerrit	Cyril Roelandt proposed a change to openstack/python-neutronclient: Use six.moves.cStringIO rather than cStringIO https://review.openstack.org/62995	16:40
*** Jabadia has joined #openstack-neutron		16:44
*** SumitNaiksatam has quit IRC		16:48
*** mili_ has quit IRC		16:50
*** mili_ has joined #openstack-neutron		16:58
*** jlibosva has quit IRC		17:00
*** jlibosva has joined #openstack-neutron		17:02
*** garyk has joined #openstack-neutron		17:03
*** mlavalle has joined #openstack-neutron		17:05
*** mili_ has quit IRC		17:05
*** SumitNaiksatam has joined #openstack-neutron		17:06
ijw	When ipv6 support is off, then all v6 traffic from tenants is passed without comment	17:08
openstackgerrit	Rossella Sblendido proposed a change to openstack/neutron: Commit to test third party testing system https://review.openstack.org/65726	17:08
*** alexpilotti has joined #openstack-neutron		17:09
ijw	Never routed, but since Linux machines will make themselves an address when they get an RA, you can even persuade bridging interfaces to start terminating traffic, and they even thoughtfully tell you what address they're using with their ND...	17:09
*** jorisroovers has quit IRC		17:10
*** mili_ has joined #openstack-neutron		17:11
*** mili_ has quit IRC		17:12
*** ramishra has quit IRC		17:19
*** markmcclain has joined #openstack-neutron		17:21
salv-orlando	can I chat with somebody who knows a bit of the ovs agent internals?	17:30
*** jistr has quit IRC		17:31
*** bjornar has joined #openstack-neutron		17:36
*** fcoj has quit IRC		17:37
sc68cal	ijw: when you say ipv6 support is off - where is it turned off	17:42
*** nati_ueno has joined #openstack-neutron		17:42
sc68cal	nova has that use_v6 flag	17:43
ijw	Yeah, that	17:43
sc68cal	ahh	17:43
ijw	if it's off then there's no v6 firewalling	17:43
ijw	Policy is currently (and somewhat dubiously) if we know about it we'll put a deny-by-default in place, but if we don't it passes	17:44
sc68cal	are you sure? because before cecd7591533e2c046aedba3b8e5d14a5b2fa7fe9 - nothing was allowed to pass through on v6 - even when you didn't have a v6 subnet in Neutron	17:46
sc68cal	and use_ipv6 was false	17:46
*** safchain has quit IRC		17:49
*** DynamiteXXL_ has quit IRC		17:50
aveiga	+1 to sc68cal, when you don't have IPv6 setup, all ICMP messages fail including RA and ND?NS	17:52
*** SumitNaiksatam_ has joined #openstack-neutron		17:55
*** SumitNaiksatam has quit IRC		17:57
*** SumitNaiksatam_ is now known as SumitNaiksatam		17:57
*** afazekas has quit IRC		18:00
*** jroovers has joined #openstack-neutron		18:01
*** jorisroovers has joined #openstack-neutron		18:01
*** jdev789 has quit IRC		18:03
*** jdev has quit IRC		18:03
*** ygbo has quit IRC		18:04
*** jroovers has quit IRC		18:06
*** jmeridth has quit IRC		18:06
*** harlowja_away is now known as harlowja		18:07
*** jpich has quit IRC		18:08
*** jlibosva has quit IRC		18:08
*** jlibosva has joined #openstack-neutron		18:09
*** thuc_ has quit IRC		18:12
*** dfoster has joined #openstack-neutron		18:12
*** thuc has joined #openstack-neutron		18:13
*** dfoster has quit IRC		18:13
*** otherwiseguy has quit IRC		18:16
*** mili_ has joined #openstack-neutron		18:16
*** thuc has quit IRC		18:17
*** morganfainberg is now known as needscoffee		18:17
sc68cal	ijw: Have you seen https://github.com/openstack/neutron/commit/f14af5dc#diff-19c367b693cb690fa5ceb535afedb37cR217	18:18
sc68cal	might be able to use it, add the gateway IP to the list of allowed IPs to recieve RAs from	18:20
*** thuc has joined #openstack-neutron		18:20
ijw	i'm surprised that's linuxbridge specific...	18:20
sc68cal	ijw: it's not	18:21
*** thuc has quit IRC		18:21
ijw	Yeah, there's an abstract description and an application of the description (which I think that is), right?	18:21
*** thuc has joined #openstack-neutron		18:21
sc68cal	yeah - basically the RPC method builds up a list of allowed IPs for icmpv6 for a port	18:21
sc68cal	then shoots that list to the agent, which uses it to build up the iptables rules	18:22
*** thuc has quit IRC		18:22
*** thuc has joined #openstack-neutron		18:22
sc68cal	ijw: https://github.com/openstack/neutron/blob/master/neutron/db/securitygroups_rpc_base.py#L291	18:23
sc68cal	that call at the very bottom to _apply_provider_rule	18:23
ijw	mmm	18:23
sc68cal	I'm going to poke around a bit more - I'm hoping that this might be a way to do a quick and easy fix	18:24
*** mlavalle has quit IRC		18:27
*** miguitas has joined #openstack-neutron		18:28
*** mili_ has quit IRC		18:28
*** mili_ has joined #openstack-neutron		18:30
*** amuller has quit IRC		18:33
arosen	mayu_: late reply but we just deploy nsx with openstack configured with it and run tempest against it.	18:35
*** aymenfrikha has joined #openstack-neutron		18:36
*** thuc has quit IRC		18:39
*** thuc has joined #openstack-neutron		18:40
*** WackoRobie has quit IRC		18:41
openstackgerrit	garyk proposed a change to openstack/neutron: Update RPC code from oslo https://review.openstack.org/64419	18:41
*** thuc_ has joined #openstack-neutron		18:42
*** thuc_ has quit IRC		18:43
*** thuc_ has joined #openstack-neutron		18:44
*** thuc has quit IRC		18:44
*** Jabadia has quit IRC		18:44
*** thuc_ has quit IRC		18:45
*** Jabadia has joined #openstack-neutron		18:45
*** thuc has joined #openstack-neutron		18:45
*** datamatic has joined #openstack-neutron		18:47
*** sputnik13net has joined #openstack-neutron		18:49
*** zzelle has joined #openstack-neutron		18:50
*** beagles has quit IRC		18:56
roaet	rkukura, other core: would you be willing to give your eyes to https://review.openstack.org/#/c/57517/ now that infra's bugs aren't killing the tests?	19:00
*** b3nt_pin has joined #openstack-neutron		19:01
*** mlavalle has joined #openstack-neutron		19:01
*** b3nt_pin is now known as beagles		19:01
*** WackoRobie has joined #openstack-neutron		19:05
*** alexpilotti has quit IRC		19:06
rkukura	roaet: looking	19:06
*** alexpilotti has joined #openstack-neutron		19:09
*** rossella_s has quit IRC		19:14
*** rossella_s has joined #openstack-neutron		19:15
*** rossella_s has quit IRC		19:15
rkukura	roaet: looks good to me	19:16
roaet	sweet! thanks rkukura. Now I just gotta find one more nice person!	19:16
*** ijw has quit IRC		19:28
*** thuc has quit IRC		19:29
*** thuc has joined #openstack-neutron		19:30
*** thuc has quit IRC		19:34
*** thuc has joined #openstack-neutron		19:35
*** otherwiseguy has joined #openstack-neutron		19:35
markmcclain	roaet: two really minor items to address	19:37
*** vikasd has joined #openstack-neutron		19:39
*** markmcclain has quit IRC		19:42
*** needscoffee is now known as morganfainberg		19:54
*** markmcclain has joined #openstack-neutron		19:56
*** mili_ has quit IRC		19:59
*** miguitas has left #openstack-neutron		20:00
openstackgerrit	Andres Buraschi proposed a change to openstack/python-neutronclient: Adding weight column to Neutron lb member list CLI https://review.openstack.org/65766	20:01
*** jdev789 has joined #openstack-neutron		20:09
*** jdev has joined #openstack-neutron		20:09
*** jdev789 has quit IRC		20:10
*** jdev has quit IRC		20:10
*** alexpilotti has quit IRC		20:11
*** ijw has joined #openstack-neutron		20:13
*** mili_ has joined #openstack-neutron		20:13
*** datamatic has quit IRC		20:15
*** briancli1e is now known as briancline		20:25
*** alexpilotti has joined #openstack-neutron		20:27
*** rkukura has quit IRC		20:32
enikanorov	markmcclain: Hi. Just replied to your email on loadbalancer instance.	20:37
enikanorov	markmcclain: please let me know if you have more questions.	20:37
jaypipes	salv-orlando: "that's pretty much what I do all the time." lol. glad to know I'm not the only one! :)	20:42
*** networkstatic has quit IRC		20:45
*** otherwiseguy has quit IRC		20:46
openstackgerrit	Jakub Libosvar proposed a change to openstack/neutron: Add binding:host_id when creating port for probe https://review.openstack.org/65774	20:48
*** jamespage_ has joined #openstack-neutron		20:48
jlibosva	hello, I pushed patch for review and forgot to set topic. Is there a way how to additionally set topic in gerrit? git review -t do nothing because of no change in the code	20:54
*** larsks has joined #openstack-neutron		20:58
*** jlibosva has quit IRC		20:59
*** JoeJulian has joined #openstack-neutron		21:00
JoeJulian	I'm getting this error in havana while trying to set up a vpn: Timeout while waiting on RPC response - topic: "ipsec_driver", RPC method: "get_vpn_services_on_host" info: "<unknown>"	21:01
JoeJulian	What is supposed to be the rpc consumer of an ipsec_driver message? It looks like nothing ever reads it.	21:01
*** alagalah has joined #openstack-neutron		21:03
*** jamespage_ has quit IRC		21:07
anteaya	roaet: infra has worked hard all week with a staff of one person to spin up two additional jenkins	21:10
anteaya	a feat never attempted or achieved by any other opensource project anywhere	21:10
anteaya	"infra's bugs" are what make your contributions possible	21:11
roaet	anteaya: I am not ungrateful for their work. sorry if it seems that way. I am simply attempting to put some emphasis on trying to get people to look at it quickly.	21:11
roaet	Sorry to have offended you?	21:12
anteaya	you haven't offended me	21:12
ijw	Has anyone ever seen UDP checksum issues in Neutron?	21:13
anteaya	you have just perpetuated the belief this channel has that any test that prevents someone from shoehorning their code into master is infra's fault	21:13
ijw	I've just had to run this to make my DHCP packets valid:	21:13
ijw	$ sudo ip netns exec qdhcp-90bcac39-7d49-4bcb-a212-865c9c55bce6 ethtool --offload ns-2306c732-8c tx off rx off	21:13
anteaya	mayu_: when you copy your public key to paste it into gerrit, you can't have newlines in it	21:14
anteaya	mayu_: please view the public key in a shell to paste it, rather than opening the key file in a gui editor, that may solve the problem	21:15
anteaya	roaet: and congratulations on your patch, and I am glad you are getting eyes on it	21:16
*** jdev789 has joined #openstack-neutron		21:21
*** julim has quit IRC		21:22
*** otherwiseguy has joined #openstack-neutron		21:26
pcm_	JoeJulian: Fo the get_vpn_services_on_host() it goes from the device driver to the service driver.	21:27
JoeJulian	pcm_: That's what I was expecting, but there is no service driver?	21:28
pcm_	would think there has to be, because the service driver sends an RPC (vpnservices_updated) to the device driver, which in turn then RPCs back to get the information on all services and connections.	21:30
*** alagalah has left #openstack-neutron		21:30
pcm_	JoeJulian: Take a look at the q-vpn log for more info on what's going on. May help	21:30
ijw	pcm_: what would the service driver process be called?	21:31
JoeJulian	q-vpn?	21:32
pcm_	JoeJulian: The device driver is in q-vpn logs, so you can check those. I think the service driver is in the q-svc log	21:35
pcm_	JoeJulian: So hopefully you can see the RPC for the vpnservice_uppdated and then processing in the driver and an RPC back.	21:36
pcm_	JoeJulian: Is all this stock code (no changes)?	21:36
JoeJulian	Is a "q-vpn" log specific to devstack installations? Is that the log for the vpn-agent?	21:36
pcm_	JoeJulian: Yeah, I think it has agent and device driver output. It definitely has the logging for the processing done by the driver.	21:37
JoeJulian	I think I must have a service missing...	21:38
pcm_	I think you have to specify that in the neutron.conf file (for devstack, I think there is some magic that sets that up)	21:40
pcm_	JoeJulian: There should be a line:	21:40
pcm_	JoeJulian: service_provider=VPN:openswan:neutron.services.vpn.service_drivers.ipsec.IPsecVPNDriver:default	21:40
JoeJulian	That's the one that I thought should be there!	21:41
JoeJulian	I tried something like that, but I was guessing.	21:41
pcm_	JoeJulian: I can't recall how devstack sets that, you can nose around in files/ dir. Might be if q-vpn is enabled?	21:42
*** thuc has quit IRC		21:44
*** thuc has joined #openstack-neutron		21:45
*** sc68cal has quit IRC		21:46
*** sc68cal has joined #openstack-neutron		21:47
*** banix has quit IRC		21:48
*** banix has joined #openstack-neutron		21:49
pcm_	JoeJulian: YEah, if you have q-vpn in localrc, it should configure up the service driver in neutron.conf, when you stack.sh	21:49
*** thuc has quit IRC		21:49
*** nati_ueno has quit IRC		21:56
*** nati_ueno has joined #openstack-neutron		21:59
*** otherwiseguy has quit IRC		22:00
*** otherwiseguy has joined #openstack-neutron		22:00
*** thuc has joined #openstack-neutron		22:00
*** yfried has quit IRC		22:03
*** mvenesio has quit IRC		22:03
openstackgerrit	Aaron Rosen proposed a change to openstack/neutron: Fix Migration 50e86cb2637a https://review.openstack.org/65792	22:03
*** nati_ueno has quit IRC		22:03
*** yfried has joined #openstack-neutron		22:04
*** mfink has quit IRC		22:04
*** nati_ueno has joined #openstack-neutron		22:04
openstackgerrit	Jon Grimm proposed a change to openstack/neutron: Fix ml2 & nec plugins for allowedaddresspairs tests https://review.openstack.org/58896	22:08
*** larsks has left #openstack-neutron		22:09
*** markwash has quit IRC		22:10
*** pcm_ has quit IRC		22:11
JoeJulian	pcm_: Thanks. Didn't find the answer in the logs but you changed my train of thought successfully. I looked at devstack and how it configures differently from the documentation. Using service_plugins = neutron.services.vpn.plugin.VPNDriverPlugin instead of VPNPlugin solved the problem.	22:11
*** dims has quit IRC		22:12
*** bmeshjason has quit IRC		22:12
*** jgrimm has quit IRC		22:13
*** mestery has quit IRC		22:16
*** alexpilotti has quit IRC		22:17
*** dims has joined #openstack-neutron		22:18
*** mestery has joined #openstack-neutron		22:19
*** jprovazn has quit IRC		22:24
*** markwash has joined #openstack-neutron		22:24
*** Sukhdev has joined #openstack-neutron		22:27
*** markwash has quit IRC		22:35
*** Ilja has quit IRC		22:40
*** bjornar has quit IRC		22:40
*** mfink has joined #openstack-neutron		22:40
*** jdev789 has quit IRC		22:40
*** clev has quit IRC		22:43
*** rwsu has quit IRC		22:45
*** thuc has quit IRC		22:47
*** thuc has joined #openstack-neutron		22:47
otherwiseguy	markmcclain: (or anyone) I've backported Maru's and my patches re: polling minimization from icehouse to havana. There are 5 patches, all required. None changed at all except for mine which introduced the python-psutil dependency.	22:47
otherwiseguy	The question is: should I submit the reviews separately, or make it easier by just rebasing as a single patch since they all require each other?	22:48
*** mfink has quit IRC		22:48
markmcclain	otherwiseguy: hmmm… introducing a new dependency is going to be a problem	22:49
otherwiseguy	markmcclain: no, I removed that dependency.	22:49
markmcclain	ah cool	22:50
otherwiseguy	that's the one change I made to the patches.	22:50
otherwiseguy	sorry, wasn't clear on that. :)	22:50
lifeless	otherwiseguy: one at a time IMO	22:50
lifeless	otherwiseguy: it's easier to compare to the original patch sets that way	22:50
markmcclain	lifeless beat me to it :)	22:50
lifeless	otherwiseguy: and you can refer the change ID	22:50
lifeless	markmcclain: o/	22:50
markmcclain	lifeless: hi	22:51
otherwiseguy	lifeless / markmcclain: so, in that case, I have them all in my branch already as separate commits. just run git-review and let it create multiple reviews?	22:51
markmcclain	yes	22:51
otherwiseguy	easy enough. :)	22:52
otherwiseguy	reviews 65808-65812 created. thansk!	22:54
*** nati_ueno has quit IRC		22:54
markmcclain	otherwiseguy: great I'll look at them after dinner	22:54
*** markmcclain has quit IRC		22:54
*** nati_ueno has joined #openstack-neutron		22:56
*** nati_ueno has quit IRC		22:57
*** nati_ueno has joined #openstack-neutron		22:57
*** jorisroovers has quit IRC		22:57
openstackgerrit	Aaron Rosen proposed a change to openstack/neutron: Fix Migration 50e86cb2637a https://review.openstack.org/65814	22:57
openstackgerrit	Aaron Rosen proposed a change to openstack/neutron: Fix Migration 50e86cb2637a https://review.openstack.org/65792	22:58
*** thuc has quit IRC		22:59
*** thuc has joined #openstack-neutron		22:59
*** WackoRobie has quit IRC		23:02
*** thuc has quit IRC		23:04
*** tongli has quit IRC		23:06
*** jecarey has quit IRC		23:08
*** yamahata has quit IRC		23:14
*** rkukura has joined #openstack-neutron		23:15
*** alagalah has joined #openstack-neutron		23:19
openstackgerrit	Aaron Rosen proposed a change to openstack/neutron: Fix Migration 50e86cb2637a and 38335592a0dc https://review.openstack.org/65792	23:26
*** alagalah has quit IRC		23:30
*** alexpilotti has joined #openstack-neutron		23:35
*** zzelle has quit IRC		23:36
*** aymenfrikha has quit IRC		23:41
*** markwash has joined #openstack-neutron		23:43
*** thuc has joined #openstack-neutron		23:54
*** ashaikh has quit IRC		23:57
*** peristeri has quit IRC		23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!