Tuesday, 2019-01-29

« Monday, 2019-01-28 Index Wednesday, 2019-01-30 »
*** imacdonn has quit IRC00:00
*** imacdonn has joined #openstack-neutron00:00
*** _fragatina has joined #openstack-neutron00:01
*** jlibosva has joined #openstack-neutron00:02
*** wolverineav has joined #openstack-neutron00:02
*** jlibosva has quit IRC00:06
*** itlinux has joined #openstack-neutron00:10
*** jlibosva has joined #openstack-neutron00:13
openstackgerritBrian Haley proposed openstack/neutron master: Switch isolated metadata proxy to bind to 169.254.169.254  https://review.openstack.org/60042100:15
*** jlibosva has quit IRC00:17
*** macza has quit IRC00:20
*** jlibosva has joined #openstack-neutron00:26
*** hongbin has joined #openstack-neutron00:27
*** jlibosva has quit IRC00:30
*** wolverineav has quit IRC00:34
*** wolverineav has joined #openstack-neutron00:35
*** edmondsw has quit IRC00:38
*** wolverineav has quit IRC00:39
*** mattw4 has quit IRC00:39
*** jlibosva has joined #openstack-neutron00:42
*** jlibosva has quit IRC00:46
*** wolverineav has joined #openstack-neutron00:52
*** wolverineav has quit IRC00:56
*** jlibosva has joined #openstack-neutron00:58
*** armax has quit IRC00:58
*** jlibosva has quit IRC01:03
*** yamamoto has joined #openstack-neutron01:09
*** markvoelker has joined #openstack-neutron01:10
*** macza has joined #openstack-neutron01:10
*** jlibosva has joined #openstack-neutron01:12
*** markvoelker has quit IRC01:15
*** macza has quit IRC01:15
*** jlibosva has quit IRC01:17
*** hongbin has quit IRC01:18
*** hongbin has joined #openstack-neutron01:20
*** jlibosva has joined #openstack-neutron01:23
*** _fragatina has quit IRC01:27
*** _fragatina has joined #openstack-neutron01:28
*** jlibosva has quit IRC01:28
*** dulek has quit IRC01:28
*** Dinesh_Bhor has joined #openstack-neutron01:32
*** _fragatina has quit IRC01:32
*** armax has joined #openstack-neutron01:36
*** wolverineav has joined #openstack-neutron01:37
*** jlibosva has joined #openstack-neutron01:39
*** bruca has quit IRC01:41
*** binh___ has quit IRC01:43
*** jlibosva has quit IRC01:44
*** binh_ has joined #openstack-neutron01:53
*** jlibosva has joined #openstack-neutron01:56
*** bruca has joined #openstack-neutron01:57
*** jlibosva has quit IRC02:00
*** bruca has quit IRC02:01
*** yamamoto has quit IRC02:03
*** jlibosva has joined #openstack-neutron02:08
*** jlibosva has quit IRC02:13
*** bruca has joined #openstack-neutron02:18
*** jlibosva has joined #openstack-neutron02:19
*** bruca has quit IRC02:22
*** jlibosva has quit IRC02:24
*** yedongcan has joined #openstack-neutron02:29
*** jlibosva has joined #openstack-neutron02:29
*** jlibosva has quit IRC02:34
*** bruca has joined #openstack-neutron02:38
*** yamamoto has joined #openstack-neutron02:41
*** bruca has quit IRC02:43
*** jlibosva has joined #openstack-neutron02:46
*** yamamoto has quit IRC02:46
*** jlibosva has quit IRC02:50
*** khomesh is now known as khomesh|brb02:50
*** jlibosva has joined #openstack-neutron02:58
*** bruca has joined #openstack-neutron02:59
*** jlibosva has quit IRC03:02
*** bruca has quit IRC03:04
*** khomesh|brb is now known as khomesh|bfst03:04
*** iyamahat has quit IRC03:09
*** gkadam has joined #openstack-neutron03:11
*** _fragatina has joined #openstack-neutron03:12
*** aojea has joined #openstack-neutron03:12
*** _fragatina has quit IRC03:13
*** _fragatina has joined #openstack-neutron03:14
*** jlibosva has joined #openstack-neutron03:14
*** aojea has quit IRC03:17
*** jlibosva has quit IRC03:18
*** bruca has joined #openstack-neutron03:20
*** bruca has quit IRC03:25
*** yamamoto has joined #openstack-neutron03:25
*** yamahata has quit IRC03:27
*** jlibosva has joined #openstack-neutron03:30
*** yamamoto has quit IRC03:34
*** jlibosva has quit IRC03:34
*** bruca has joined #openstack-neutron03:41
openstackgerritChengqian Liu proposed openstack/neutron master: Clear old rules that have been applied before applying new rules.  https://review.openstack.org/63201403:42
*** Dinesh_Bhor has quit IRC03:43
*** khomesh|bfst is now known as khomesh03:44
*** bruca has quit IRC03:45
*** jlibosva has joined #openstack-neutron03:46
*** Dinesh_Bhor has joined #openstack-neutron03:50
*** jlibosva has quit IRC03:51
*** bruca has joined #openstack-neutron04:02
*** jlibosva has joined #openstack-neutron04:02
*** macza has joined #openstack-neutron04:05
*** yamahata has joined #openstack-neutron04:05
*** yamamoto has joined #openstack-neutron04:06
*** bruca has quit IRC04:06
*** igordc has quit IRC04:06
*** jlibosva has quit IRC04:07
*** macza_ has joined #openstack-neutron04:07
*** _fragatina has quit IRC04:08
*** macza has quit IRC04:09
*** macza_ has quit IRC04:11
*** jlibosva has joined #openstack-neutron04:18
*** macza has joined #openstack-neutron04:21
*** jlibosva has quit IRC04:22
*** bruca has joined #openstack-neutron04:23
*** macza has quit IRC04:25
*** bruca has quit IRC04:27
*** itlinux has quit IRC04:41
*** jlibosva has joined #openstack-neutron04:43
*** bruca has joined #openstack-neutron04:43
*** jlibosva has quit IRC04:47
*** bruca has quit IRC04:47
*** jlibosva has joined #openstack-neutron04:54
*** jlibosva has quit IRC04:58
*** bruca has joined #openstack-neutron05:04
*** spsurya has joined #openstack-neutron05:05
*** bruca has quit IRC05:08
*** jlibosva has joined #openstack-neutron05:10
*** jlibosva has quit IRC05:14
*** ratailor has joined #openstack-neutron05:23
*** bruca has joined #openstack-neutron05:25
*** jlibosva has joined #openstack-neutron05:29
*** bruca has quit IRC05:29
*** jlibosva has quit IRC05:33
*** jlibosva has joined #openstack-neutron05:40
*** jlibosva has quit IRC05:45
*** bruca has joined #openstack-neutron05:46
*** lajoskatona has joined #openstack-neutron05:49
*** bruca has quit IRC05:50
*** jlibosva has joined #openstack-neutron05:56
*** sridharg has joined #openstack-neutron05:59
*** jlibosva has quit IRC06:01
*** khomesh is now known as khomesh|brb06:04
*** bruca has joined #openstack-neutron06:07
*** bruca has quit IRC06:11
*** jlibosva has joined #openstack-neutron06:12
*** jlibosva has quit IRC06:17
*** edmondsw has joined #openstack-neutron06:19
*** markvoelker has joined #openstack-neutron06:20
*** liuyulong has joined #openstack-neutron06:20
*** hongbin has quit IRC06:21
*** igordc has joined #openstack-neutron06:23
*** gcheresh has joined #openstack-neutron06:23
*** markvoelker has quit IRC06:24
*** bruca has joined #openstack-neutron06:27
*** jlibosva has joined #openstack-neutron06:29
*** gvrangan has joined #openstack-neutron06:30
*** bruca has quit IRC06:32
*** jlibosva has quit IRC06:33
*** ramishra has joined #openstack-neutron06:33
*** khomesh|brb is now known as khomesh06:44
*** jlibosva has joined #openstack-neutron06:45
*** bruca has joined #openstack-neutron06:48
*** jlibosva has quit IRC06:49
*** mosulica has joined #openstack-neutron06:51
*** bruca has quit IRC06:53
*** ccamposr has joined #openstack-neutron06:53
*** Luzi has joined #openstack-neutron06:56
*** aojea has joined #openstack-neutron06:57
*** dsneddon has quit IRC06:59
*** jlibosva has joined #openstack-neutron07:01
*** wolverineav has quit IRC07:03
*** dsneddon has joined #openstack-neutron07:04
*** wolverineav has joined #openstack-neutron07:04
*** moshele has joined #openstack-neutron07:04
*** jlibosva has quit IRC07:05
*** aojea has quit IRC07:07
*** wolverineav has quit IRC07:09
*** bruca has joined #openstack-neutron07:09
*** bruca has quit IRC07:13
*** jlibosva has joined #openstack-neutron07:17
*** jlibosva has quit IRC07:21
*** yamamoto has quit IRC07:28
*** igordc has quit IRC07:28
*** liuyulong has quit IRC07:29
*** jlibosva has joined #openstack-neutron07:29
*** bruca has joined #openstack-neutron07:30
*** moshele has quit IRC07:31
*** yamamoto has joined #openstack-neutron07:32
*** wolverineav has joined #openstack-neutron07:34
*** bruca has quit IRC07:34
*** wolverineav has quit IRC07:38
*** slaweq has joined #openstack-neutron07:42
*** aojea has joined #openstack-neutron07:46
*** sapd1 has joined #openstack-neutron07:48
*** bruca has joined #openstack-neutron07:51
*** bruca has quit IRC07:55
*** tmorin has joined #openstack-neutron08:01
*** rpittau has joined #openstack-neutron08:04
*** iyamahat has joined #openstack-neutron08:06
*** khomesh is now known as khomesh|brb08:10
*** ralonsoh has joined #openstack-neutron08:11
*** bruca has joined #openstack-neutron08:12
*** khomesh|brb is now known as khomesh08:14
*** dulek has joined #openstack-neutron08:15
*** wolverineav has joined #openstack-neutron08:15
*** bruca has quit IRC08:16
*** dsneddon has quit IRC08:19
*** wolverineav has quit IRC08:19
openstackgerritzhouxinyong proposed openstack/ovsdbapp master: Fix version in test-requirements.txt  https://review.openstack.org/63367008:19
*** markvoelker has joined #openstack-neutron08:20
*** bnemec has joined #openstack-neutron08:29
*** bruca has joined #openstack-neutron08:32
*** jpena|off is now known as jpena08:33
*** ksambor has joined #openstack-neutron08:34
*** ramishra_ has joined #openstack-neutron08:34
*** ramishra has quit IRC08:35
*** yamamoto has quit IRC08:35
*** yamamoto has joined #openstack-neutron08:36
*** janki has joined #openstack-neutron08:36
*** bruca has quit IRC08:37
*** lemko has joined #openstack-neutron08:45
*** tkajinam has quit IRC08:48
*** khomesh is now known as khomesh|bomgar08:48
*** pcaruana has joined #openstack-neutron08:51
*** dsneddon has joined #openstack-neutron08:51
*** bruca has joined #openstack-neutron08:53
*** markvoelker has quit IRC08:54
*** khomesh|bomgar is now known as khomesh|mtg08:56
openstackgerritKailun Qin proposed openstack/neutron-tempest-plugin master: Add API test for network segment range extension  https://review.openstack.org/62616208:56
*** bruca has quit IRC08:57
openstackgerritMerged openstack/neutron master: Change DHCP agent to log message after failure  https://review.openstack.org/63307709:00
openstackgerritKailun Qin proposed openstack/neutron-tempest-plugin master: Add API test for network segment range extension  https://review.openstack.org/62616209:04
*** dsneddon has quit IRC09:05
*** dsneddon has joined #openstack-neutron09:06
dalvareznumans_: im on sapd1_'s setup and this is really weird09:08
numans_dalvarez, you want me to login ?09:09
numans_dalvarez, what's happening ?09:09
dalvareznumans_: apparently with a ping it works distributed but when he runs iperf, the traffic goes through the gw node09:09
numans_dalvarez, strange.09:09
numans_dalvarez, may be this issue existed since a long time ? and never got tested ?09:11
dalvareznumans_: no idea .. im confused09:11
numans_dalvarez, ok.09:12
dalvareznumans_: sapd1_ i think that ping is also going to compute09:14
dalvarezsry to gw09:14
*** bruca has joined #openstack-neutron09:14
numans_dalvarez, oh . so everything is gw then09:14
dalvarezsapd1_: maybe numans_ can join us09:14
*** sridharg has quit IRC09:16
sapd1very strange.09:17
openstackgerritReedip proposed openstack/networking-ovn master: DNM/DNR/WIP/XYZ Improve Networking OVN Test coverage  https://review.openstack.org/60194809:18
*** bruca has quit IRC09:19
*** yamahata has quit IRC09:24
*** panda is now known as panda|numb09:28
*** sridharg has joined #openstack-neutron09:28
*** khomesh|mtg is now known as khomesh09:29
openstackgerritChengqian Liu proposed openstack/neutron master: Clear old rules that have been applied before applying new rules.  https://review.openstack.org/63201409:31
dalvareznumans_: sapd1 thing is if you ping from VM1 with FIP to VM2 with FIP09:32
dalvarezyou see the traffic going to controller node:09:32
dalvarez    192.168.54.109 > 10.1.3.4: ICMP echo request, id 23446, seq 80, length 6409:32
dalvarez16:31:16.933077 fa:16:3e:8e:83:c5 > fa:16:3e:48:0b:2f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61652, offset 0, flags [none], proto ICMP (1), length 84)09:32
dalvarez    10.1.3.4 > 192.168.54.109: ICMP echo reply, id 23446, seq 80, length 6409:32
dalvarez16:31:16.933114 fa:16:3e:bb:9d:95 > fa:16:3e:3c:fc:76, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 62, id 61652, offset 0, flags [none], proto ICMP (1), length 84)09:32
dalvarez    192.168.54.118 > 10.1.4.21: ICMP echo reply, id 23446, seq 80, length 6409:32
dalvareznumans_: ^ capture on geneve interface on controller... even if you ping from FIP to FIP, on controller you see the NAT to the fixed ip09:32
dalvareznumans_: sapd1 but if you ping from the external network to a FIP, then traffic won't go to the gw node09:33
*** mvkr has joined #openstack-neutron09:33
sapd1yes09:33
sapd1I can run iperf now if you want09:33
sapd1benchmark from physical server to VMs09:33
dalvarezsapd1: will that go to gw node too?09:34
dalvarezfrom phys to a FIP?09:34
sapd1no.09:34
sapd1direct to compute09:35
*** bruca has joined #openstack-neutron09:35
*** bruca has quit IRC09:39
dalvareznumans_: ping from VM1 (with a FIP) (compute1)  to VM2 FIP (compute 2), i see traffic coming out the tunnel on compute1 without SNAT:09:41
dalvarez16:40:53.447626 fa:16:3e:8e:83:c5 > fa:16:3e:48:0b:2f, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 32734, offset 0, flags [DF], proto ICMP (1), length 84)09:41
dalvarez    10.1.3.4 > 192.168.54.109: ICMP echo request, id 31354, seq 3, length 6409:42
dalvarezajo: ^ any clue?09:42
dalvarezit goes to the gw node09:42
ajodalvarez: yeah wasn't the FIP applied on the GW node?09:45
ajodalvarez: unless you have DVR09:45
ajodalvarez: because it's the GW node the one responsible to handle the connection tracking for NAT09:45
dalvarezajo it has dvr09:46
ajodalvarez: then why is it sent to gw node?09:47
dalvarezajo if you ping to either VM from the physical network, traffic is completely distributed09:47
ajodalvarez: doesn't the VM have a FIP ?09:47
dalvarezbut if you ping VM1 to VM2 it will go to the gw node09:47
dalvarezajo both have09:47
dalvarezseems like a big bug :p09:47
*** pbandark has joined #openstack-neutron09:47
ajodalvarez: on geneve?09:47
dalvarezajo looks like snat is a bit broken09:47
ajodalvarez: something fishy there, yes09:47
dalvarezajo yeah if i ping from VM1 to VM2 i can see the pings on the gw node on the tunnel interface09:47
ajodalvarez: unless DVR is not working09:47
ajohmmm09:47
ajowieeerrdddd09:48
ajoyes09:48
sapd1ajo: I think in the case a vRouter with 2 network and 2 VM on each network has FIPs09:48
sapd1other cases I don't get this issue09:48
*** stelucz has joined #openstack-neutron09:49
ajodalvarez: sapd1 very weird09:49
ajoseems like something broken in the DVR mechanism09:49
dalvarezyeah09:49
ajoit's going through a wrong pipeline09:49
dalvarezit is09:49
ajowe have a09:50
ajowork for numans_ ^09:50
ajo:D09:50
ajo:)09:50
dalvarezi think that it's going first through the LS which sends out the packet on the localnet port before hiting the router pipeline09:50
dalvarezbut definitely numans_ will come for rescue09:50
dalvarezsapd1: this is a really cool bug to post into ovs-discuss ML :)09:50
dalvarezto report*09:50
numans_dalvarez, yo09:51
dalvarezsapd1: i checked all the settings and from networking-ovn (openstack) perspective, all's good09:51
numans_dalvarez, is it easy to reproduce ?09:51
sapd1numans_: too easy09:51
dalvareznumans_: not sure, sapd1 shared some diagram yesterday09:51
numans_sapd1, i remember that.09:51
dalvareznumans_: but perhaps you can dig into his setup, it'll be easier...09:51
*** markvoelker has joined #openstack-neutron09:51
numans_sapd1, i am fine to dig in .. sapd1 is it fine ?09:51
sapd1dalvarez: I will be on holiday in some days :D09:52
sapd1numans_: Right now, you can access my setup.09:52
dalvarezsapd1: perfect for numans_ to take a look and you report the bug so that when you're back all's sorted out :P09:52
sapd1but maybe next 5days, I will be on my holiday09:52
numans_sapd1, i think that's fine. once we have a reproducer locally we can dig in further09:53
sapd1numans_: direct message to me.09:53
dalvarezsapd1: you observed 7gbps when running iperf from the phys host, do you have similar figure from ml2ovs?09:53
numans_sapd1, https://launchpad.net/~numansiddique/+sshkeys09:53
sapd1dalvarez: never =))09:53
dalvarezhaha sapd1 which numbers were you getting?09:55
dalvarezwith ml2ovs i mean09:55
sapd1dalvarez: only 4Gbps. I mean L3-VRRP not DVR09:55
dalvarezsapd1: okay so you dont have comparison with ml2ovs + dvr?09:55
*** bruca has joined #openstack-neutron09:56
numans_i will be back in 5 min09:56
*** numans_ is now known as numans_afk09:56
steluczHi, I have deployed devstack with bagpipe and bgpvpn. If I associate network (shared as external via rbac, and associated FIP on VM) to bgpvpn interconnection, then no routes (FIP's /32) are propagated to bgp route reflector. Is this bug or not supported use case?09:59
*** maciejjozefczyk has quit IRC10:00
*** bruca has quit IRC10:00
*** khomesh is now known as khomesh|gone10:01
*** pbandark has quit IRC10:02
*** jschwarz has joined #openstack-neutron10:07
jschwarzjlibosva, *wave*10:07
*** numans_afk is now known as numans10:07
jlibosvajschwarz!!! \o/10:07
numansdalvarez, sapd1 i am in now10:08
jschwarzdalvarez, *wave*10:09
dalvarezjschwarz: <3 !!!!!!!10:10
dalvarezjschwarz: \o/ how is it going man!!10:10
dalvarezjlibosva: ^ !!!10:10
jlibosvadalvarez: \o/10:10
jschwarzdalvarez, you know10:12
jschwarzdalvarez, life :-)10:12
dalvarezjschwarz: \o nice!! planning to come back? :p10:15
*** bruca has joined #openstack-neutron10:16
*** bruca has quit IRC10:21
*** gvrangan has quit IRC10:21
*** ramishra_ has quit IRC10:23
*** sapd1 has quit IRC10:23
*** markvoelker has quit IRC10:24
openstackgerritSlawek Kaplonski proposed openstack/neutron master: Fix update of ports cache in router_info class  https://review.openstack.org/63361810:25
numansdalvarez, so the issue is that the packet is going out vai the tunnel port right in compute nodes ?10:29
dalvareznumans: that's the issue10:29
dalvarezwhile it should be through the external interface (vlan53 ?) to the other compute node10:29
*** ramishra has joined #openstack-neutron10:30
numansdalvarez, the node SVR509R seem to be stuck10:31
numansdalvarez, can you see if you can enter some keys ?10:31
dalvareznumans: let me check10:32
dalvareznumans: tmux is working but i cant enter anything there either10:32
dalvareznumans: i think it's down10:32
dalvarezsapd1_:  ^10:32
numansdalvarez, i am able to login again, but keys are frozen10:34
*** bruca has joined #openstack-neutron10:37
numansdalvarez, its back now10:38
*** Dinesh_Bhor has quit IRC10:38
*** gvrangan has joined #openstack-neutron10:40
*** dsneddon has quit IRC10:41
*** bruca has quit IRC10:42
dulekdougwig: Okay, I've got some time to take a look. So first of all - yes, reverting your patch helps. :D10:43
dulekdougwig: Secondly - it seems that adding project_id to the SG rule creation API request does make a difference.10:44
dulekdougwig: But we need to take a closer look to be sure here.10:44
*** mvkr has quit IRC10:46
jschwarzdalvarez, probably not ;-)10:50
*** moshele has joined #openstack-neutron10:55
openstackgerritMerged openstack/neutron master: Improve port dhcp Provisioning  https://review.openstack.org/62683010:57
*** bruca has joined #openstack-neutron10:58
*** tssurya has joined #openstack-neutron11:00
*** ssbarnea|bkp2 has quit IRC11:01
*** janki has quit IRC11:02
*** ssbarnea|rover has joined #openstack-neutron11:02
*** bruca has quit IRC11:02
*** mvkr has joined #openstack-neutron11:03
*** davidsha has joined #openstack-neutron11:04
*** dsneddon has joined #openstack-neutron11:06
*** dsneddon has quit IRC11:11
*** yamamoto has quit IRC11:14
sapd1_numans: dalvarez I just went out.11:15
sapd1_now I'm back11:16
numanssapd1_, ok. no progress so far.. definitely an issue.11:16
*** sapd1 has joined #openstack-neutron11:17
sapd1numans: What is going on?11:17
numanssapd1, lookin into the logical flows to see if something is wrong11:19
*** bruca has joined #openstack-neutron11:19
*** mystery_smith has joined #openstack-neutron11:19
*** markvoelker has joined #openstack-neutron11:21
*** bruca has quit IRC11:23
mystery_smithHas anyone seen issues with neutron-server 13.0.2 memory utilization constantly climbing? Seems a restart temporarily alleviates the problem :-/11:24
sapd1dalvarez: numans big bug :D11:31
openstackgerritKailun Qin proposed openstack/neutron-tempest-plugin master: Add API test for network segment range extension  https://review.openstack.org/62616211:35
*** sapd1 has quit IRC11:36
*** gvrangan has quit IRC11:39
*** maciejjozefczyk has joined #openstack-neutron11:39
*** bruca has joined #openstack-neutron11:40
*** dsneddon has joined #openstack-neutron11:40
*** tbachman has quit IRC11:44
*** bruca has quit IRC11:44
*** dsneddon has quit IRC11:45
*** maciejjozefczyk has quit IRC11:47
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron-specs master: Changing segmentation ID of existing network should be allowed  https://review.openstack.org/63358311:53
*** markvoelker has quit IRC11:53
*** yamamoto has joined #openstack-neutron11:54
*** wwriverrat has quit IRC11:56
*** bruca has joined #openstack-neutron12:01
*** gvrangan has joined #openstack-neutron12:03
*** yamamoto has quit IRC12:04
*** kukacz has quit IRC12:04
*** kukacz has joined #openstack-neutron12:04
*** moshele has quit IRC12:04
openstackgerritLucas Alvares Gomes proposed openstack/networking-ovn master: DO NOT REVIEW: Test OVNClient with non-nested transactions  https://review.openstack.org/63370712:05
*** bruca has quit IRC12:05
*** lucasagomes is now known as lucas-hungry12:07
*** liuyulong has joined #openstack-neutron12:12
*** dsneddon has joined #openstack-neutron12:12
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: Add add_tc_policy_class and list_tc_policy_classes using pyroute2  https://review.openstack.org/62326812:13
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: Add delete_tc_policy_class using pyroute2  https://review.openstack.org/62406612:14
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: Add TC filter functions implemented with pyroute2  https://review.openstack.org/62568512:14
*** jpena is now known as jpena|lunch12:15
*** dsneddon has quit IRC12:16
*** iyamahat has quit IRC12:18
*** stelucz has quit IRC12:20
*** bruca has joined #openstack-neutron12:21
*** yamamoto has joined #openstack-neutron12:23
*** bruca has quit IRC12:26
*** moshele has joined #openstack-neutron12:28
openstackgerritChengqian Liu proposed openstack/neutron master: Clear old rules that have been applied before applying new rules.  https://review.openstack.org/63201412:30
*** ratailor has quit IRC12:31
*** pcaruana has quit IRC12:40
*** bruca has joined #openstack-neutron12:42
*** bruca has quit IRC12:46
*** dsneddon has joined #openstack-neutron12:49
*** pcaruana has joined #openstack-neutron12:50
*** markvoelker has joined #openstack-neutron12:50
*** lucas-hungry is now known as lucasagomes12:51
*** dsneddon has quit IRC12:55
*** mosulica has quit IRC12:59
*** gvrangan has quit IRC13:01
*** mosulica has joined #openstack-neutron13:01
*** bruca has joined #openstack-neutron13:03
*** tbachman has joined #openstack-neutron13:04
*** bruca has quit IRC13:07
*** tbachman has quit IRC13:09
*** aojea_ has joined #openstack-neutron13:10
*** aojea_ has quit IRC13:14
*** tbachman has joined #openstack-neutron13:14
*** mosulica has quit IRC13:15
*** hjensas is now known as hjensas|afk13:15
*** mosulica has joined #openstack-neutron13:17
*** boden has joined #openstack-neutron13:18
*** markvoelker has quit IRC13:20
*** gkadam has quit IRC13:20
*** sean-k-mooney has quit IRC13:20
*** sean-k-mooney has joined #openstack-neutron13:21
*** bruca has joined #openstack-neutron13:24
*** mriedem has joined #openstack-neutron13:28
*** bruca has quit IRC13:29
*** dsneddon has joined #openstack-neutron13:30
openstackgerritKailun Qin proposed openstack/neutron-tempest-plugin master: [DNM] Test dependencies  https://review.openstack.org/63373313:31
*** jpena|lunch is now known as jpena13:36
*** dsneddon has quit IRC13:38
*** alexperreault has joined #openstack-neutron13:38
*** abaindur has joined #openstack-neutron13:39
*** alexperreault has left #openstack-neutron13:39
*** kailun has joined #openstack-neutron13:40
*** mgheorghe has joined #openstack-neutron13:42
*** gcheresh_ has joined #openstack-neutron13:43
*** gcheresh has quit IRC13:44
*** bruca has joined #openstack-neutron13:45
*** bruca has quit IRC13:49
*** abaindur has quit IRC13:51
mgheorgheHey everyone. I need some help with openstack policies. We have an Openstack deployment in HA with major services enabled. We are using keystone v3 API and policy.json. We are using domains for each of our users. The problem we face is with domain admin user and neutron and glance. If a user has the role 'admin' on the domain, without being a member/admin in a project that belongs to that domain, that said user can create/list/delete/update13:52
mgheorghenetworks and images cloudwise. Is this by design? The expected behaviour would be that a domain admin should only be able to create/delete/update projects/users and assign roles. Moreover, if i make that user an admin to a project in that domain, it becomes a cloud_admin. He can do anything that the cloud_admin can do, except creating domains and updating roles. The cloud is using the default keystonev3_policy.json. My guess is that neutron13:52
mgheorgheonly checks if the user has the role admin assigned, and does not check if it is domain or project scoped. Isn't there any policy for neutron that takes into account domain scopes?13:53
*** mmethot has joined #openstack-neutron13:55
*** njohnston has joined #openstack-neutron13:55
*** panda|numb is now known as panda13:56
*** mlavalle has joined #openstack-neutron13:58
*** yamamoto has quit IRC14:00
openstackgerritChengqian Liu proposed openstack/neutron master: Update the processing of assigned addresses when assigning addresses  https://review.openstack.org/63340614:02
*** dsneddon has joined #openstack-neutron14:02
*** bruca has joined #openstack-neutron14:05
*** dsneddon has quit IRC14:06
*** bruca has quit IRC14:10
*** aojea_ has joined #openstack-neutron14:12
*** mchlumsky has joined #openstack-neutron14:16
*** yamamoto has joined #openstack-neutron14:23
*** bruca has joined #openstack-neutron14:26
openstackgerritKailun Qin proposed openstack/neutron-tempest-plugin master: [DNM] Test Zuul CI  https://review.openstack.org/63374814:26
*** aojea_ has quit IRC14:30
*** aojea_ has joined #openstack-neutron14:33
*** yedongcan has left #openstack-neutron14:36
*** mystery_smith has quit IRC14:37
*** samc-bbc has joined #openstack-neutron14:37
*** dave-mccowan has joined #openstack-neutron14:39
*** dsneddon has joined #openstack-neutron14:42
openstackgerritBrian Haley proposed openstack/neutron master: Add some create subnet negative tests  https://review.openstack.org/62357314:42
*** dave-mccowan has quit IRC14:45
*** pcaruana has quit IRC14:45
*** dsneddon has quit IRC14:46
openstackgerritAdrian Chiris proposed openstack/neutron master: Add support for binding activate and deactivate  https://review.openstack.org/62012314:49
*** pcaruana has joined #openstack-neutron14:53
*** mosulica has quit IRC14:53
*** pbandark has joined #openstack-neutron15:00
openstackgerritAdrian Chiris proposed openstack/neutron master: Add support for binding activate and deactivate  https://review.openstack.org/62012315:05
*** Luzi has quit IRC15:05
*** mmethot_ has joined #openstack-neutron15:08
*** mmethot has quit IRC15:09
*** hongbin has joined #openstack-neutron15:13
*** salmankhan has joined #openstack-neutron15:14
*** yamamoto has quit IRC15:15
*** aojea_ has quit IRC15:16
*** yamamoto has joined #openstack-neutron15:16
*** yamamoto has quit IRC15:16
*** aojea_ has joined #openstack-neutron15:16
*** dsneddon has joined #openstack-neutron15:17
*** yamamoto has joined #openstack-neutron15:17
*** salmankhan has quit IRC15:18
*** wolverineav has joined #openstack-neutron15:21
*** aojea_ has quit IRC15:21
*** yamamoto has quit IRC15:23
*** dsneddon has quit IRC15:24
*** moshele has quit IRC15:25
*** wolverineav has quit IRC15:25
*** trinaths has joined #openstack-neutron15:26
*** pbandark has quit IRC15:32
*** vpickard has quit IRC15:35
*** bruca has quit IRC15:37
*** bruca has joined #openstack-neutron15:37
*** livelace has joined #openstack-neutron15:37
*** vpickard has joined #openstack-neutron15:39
dulekdougwig, slaweq: Hey folks. So we now know exactly what changed with https://review.openstack.org/#/c/628691 being merged.15:39
dulekReady?!15:39
*** livelace has quit IRC15:39
*** gcheresh_ has quit IRC15:39
*** gcheresh_ has joined #openstack-neutron15:40
dulekdougwig, slaweq: So now you're unable to create SG rules belonging to different tenants in a single SG.15:40
dulekAnd previously you could, e.g. if admin created a rule in user's SG, the user couldn't see it.15:40
*** ltomasbo has joined #openstack-neutron15:42
njohnstondulek: Hmm, I'm not sure that is a documented feature.  It may have been an unintended side-effect that was removed as inadvertently as it was enabled.15:42
*** gcheresh_ has quit IRC15:45
duleknjohnston: I get that, but I also expect that this might break a lot of use cases.15:45
*** lajoskatona has quit IRC15:46
duleknjohnston: It definitely broke us (Kuryr-Kubernetes) as we expected admin can add rules to any SG without specifying SG id.15:46
*** liuyulong has quit IRC15:47
njohnstondulek: if you don't specify SG id, how does it know what SG you're adding rules to?15:47
ltomasbonjohnston, we do add the SG id, just not the project_id15:48
njohnstonit sounds like you should file a bug (if you didn't already) and we should make sure some tests are added to cover this particular use case so that we treat it as part of the contract.15:49
duleknjohnston: Yes, sorry, I need coffee. :D15:49
njohnstonLooking at the change I don't see anything off the top of my head that would trigger this, but perhaps the change's authors have an idea.  Any thoughts dougwig?15:50
*** openstackgerrit has quit IRC15:51
*** openstackgerrit has joined #openstack-neutron15:52
openstackgerritMerged openstack/ovsdbapp master: Convert base commands to ReadOnlyCommand  https://review.openstack.org/63324415:52
*** dsneddon has joined #openstack-neutron15:53
*** dsneddon has quit IRC16:01
duleknjohnston, dougwig: Oh, that easy. Look at this line: https://review.openstack.org/#/c/628691/19/neutron/db/securitygroups_db.py@53016:02
duleknjohnston: get_security_group() wasn't doing any project_id checks besides checking if current user can see the SG.16:02
duleknjohnston: Now we need SG project_id to match current user project_id if you don't put project_id in the request.16:03
*** _mmethot_ has joined #openstack-neutron16:06
*** gcheresh_ has joined #openstack-neutron16:07
*** mmethot_ has quit IRC16:08
openstackgerritChengqian Liu proposed openstack/neutron master: Clear old rules that have been applied before applying new rules.  https://review.openstack.org/63201416:09
*** hjensas|afk is now known as hjensas16:10
openstackgerritChengqian Liu proposed openstack/neutron master: Update the processing of assigned addresses when assigning addresses  https://review.openstack.org/63340616:11
*** gcheresh_ has quit IRC16:15
openstackgerritNate Johnston proposed openstack/neutron master: Allow admin to add SG rules to other tenants w/o project ID  https://review.openstack.org/63377516:16
njohnstondulek ^^16:16
duleknjohnston: Looks like it would help. Want me to run this in Kuryr gates?16:17
njohnstondulek: yes please, and I'll work on adding tests to ensure the behavior16:18
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: [DNM] Change provider network segmentation ID in OVS agent  https://review.openstack.org/63298416:19
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: [DNM] Change provider network segmentation ID  https://review.openstack.org/63316516:19
duleknjohnston: Hm, but will it work with for non-admin users that have access to projects?16:21
*** wolverineav has joined #openstack-neutron16:21
duleknjohnston: I mean previously it was checked on context.16:22
duleknjohnston: I assume it was more complicated16:22
duleknjohnston: I think it should be done like here: https://github.com/openstack/neutron/blob/2eb31f84c9a6c9fc6340819f756a7a82cbf395f3/neutron/objects/base.py#L53016:25
dougwigwow, the user couldn't see it???  "e.g. if admin created a rule in user's SG, the user couldn't see it."16:26
*** dsneddon has joined #openstack-neutron16:26
dulekdougwig: To be honest I'm double checking that now.16:27
dulekdougwig: But it seems like it was the case.16:27
dougwigi'm not sure whether to consider that an undiscovered bug, or a feature. but it is a semantic change.16:29
*** wolverineav has quit IRC16:30
dougwigoh, there's the logic difference, i see it.  one sec.16:30
*** pbandark has joined #openstack-neutron16:31
*** dsneddon has quit IRC16:32
openstackgerritDoug Wiegley proposed openstack/neutron master: Restore tenant_id check on security group rule adds to previous semantic  https://review.openstack.org/63377816:34
dougwigdulek: try this: https://review.openstack.org/63377816:34
openstackgerritDoug Wiegley proposed openstack/neutron master: Restore tenant_id check on security group rule adds to previous semantic  https://review.openstack.org/63377816:35
dulekdougwig: http://paste.openstack.org/show/744181/16:36
dulekxD16:36
*** Nel1x has joined #openstack-neutron16:36
dulekdougwig: This is nice, isn't it?16:36
dulekdougwig: I'm 100% sure that someone already depends from the fact that admin can inject hidden rules.16:36
dougwigdulek: wow, that's an intense hidden *feature*.16:36
dougwigsee 633778, and i think it restores the old behavior.  running pep8/units on it now.16:37
dulekdougwig: I'll add a Kuryr-Kubernetes patch to check that.16:37
*** tstrul has joined #openstack-neutron16:37
dougwigwe definitely need a CI test for that, to make sure we don't break it again.16:37
dougwiggimme a few mins to get the typos out. i wanted to get it up so people could see the diff, but it's early, and not working yet.16:38
*** tstrul has quit IRC16:38
*** ksambor has quit IRC16:38
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: Add TC filter functions implemented with pyroute2  https://review.openstack.org/62568516:38
dougwigi think we can put taht test case into the api unit tests, actually.16:39
openstackgerritDoug Wiegley proposed openstack/neutron master: Restore tenant_id check on security group rule adds to previous semantic  https://review.openstack.org/63377816:40
otherwiseguymlavalle: amotoki: https://review.openstack.org/#/c/633770/ ovsdbapp release needs one of your signoffs. Thanks!16:40
njohnstondougwig +116:40
dulekdougwig: So now we need to wait for https://review.openstack.org/#/c/633780 to finish.16:40
dulekdougwig: And then I guess you guys should have a discussion about the "hidden SG rules" hidden feature. :D16:41
dougwigi'm about 99% certain that it's unintended.  but we do seem to have people using it.16:42
dougwigmakes debugging weirdness harder16:42
dulekdougwig: Just for the record - as Kuryr we just want to be able to add SG rules without needing to query neutron to get SG's project_id.16:42
dulekdougwig: That's basically it.16:42
mlavalleotherwiseguy: done16:43
dougwigwhich you shouldn't need, i agree.  if you've got the sg_id, and the perms to edit it, that should be it.16:43
otherwiseguymlavalle++16:43
dougwigbut i'd expect it to be visible to everyone who can read it.16:43
dougwigmaybe i'm wrong?16:44
*** mchlumsky has quit IRC16:45
*** mchlumsky has joined #openstack-neutron16:48
njohnstondougwig: I would expect it to be visible to anyone who can read it as well... but this is a prime example of Hyrum's Law and I am not inclined to change the existing behavior unless someone files a bug to do so16:48
dougwigthat's fair. let me get the test case added, so at least we won't regress it.16:49
njohnstondougwig: Awesome, thanks!16:50
*** jschwarz has quit IRC16:50
dulekdougwig, njohnston: Thanks for quick reaction guys! I'm happy to try debugging stuff, but writing code in your project is another thing. :D16:51
*** wwriverrat has joined #openstack-neutron16:51
*** mosulica has joined #openstack-neutron16:52
dougwigdulek: i'm just glad you found this before the change hit the stable branches.  thank you!16:54
*** ccamposr has quit IRC17:01
*** pcaruana has quit IRC17:01
*** mosulica has quit IRC17:02
*** dsneddon has joined #openstack-neutron17:06
*** macza has joined #openstack-neutron17:07
*** tssurya has quit IRC17:09
*** mgheorghe has quit IRC17:09
*** dsneddon has quit IRC17:10
*** hongbin has quit IRC17:14
*** iyamahat has joined #openstack-neutron17:18
*** yamamoto has joined #openstack-neutron17:21
*** rpittau has quit IRC17:21
*** rpittau has joined #openstack-neutron17:21
*** tmorin has quit IRC17:22
*** ramishra has quit IRC17:25
*** yamamoto has quit IRC17:27
*** bnemec has quit IRC17:27
*** bruca has quit IRC17:30
*** mattw4 has joined #openstack-neutron17:33
*** rpittau has quit IRC17:35
*** dsneddon has joined #openstack-neutron17:39
*** sridharg has quit IRC17:44
*** trinaths has quit IRC17:46
*** dsneddon has quit IRC17:47
*** bruca has joined #openstack-neutron17:47
*** bruca has quit IRC17:52
openstackgerritDoug Wiegley proposed openstack/neutron master: Restore tenant_id check on security group rule adds to previous semantic  https://review.openstack.org/63377817:55
*** tbachman has quit IRC17:55
*** davidsha has quit IRC17:55
dougwig@dulek @njohnston: ok, the fix review now has a test case that catches this oddity.  fails on the old patch.17:56
*** aojea has quit IRC17:58
openstackgerritboden proposed openstack/neutron master: use payloads for SECURITY_GROUP BEFORE_CREATE events  https://review.openstack.org/62830417:59
clarkbas a heads up neutron changes are failing on pep8 jobs due to a new release of pycodestyle. I don't know what the requirements team intends to do to address that but neutron could fix the issues to get past it17:59
bodenhi... anyone else noticed a new pep8 failure http://logs.openstack.org/23/620123/5/check/openstack-tox-pep8/f8b1d4b/job-output.txt.gz#_2019-01-29_15_41_41_920372. getting it locally too18:02
bodenfailures I should say18:02
dougwigboden: look at the line above yours.  :)18:03
*** bruca has joined #openstack-neutron18:03
*** igordc has joined #openstack-neutron18:03
clarkbrequirements team says that the linters are managed per project18:04
bodendougwig thanks.. -1 for me18:04
clarkbso you'll want to pin or fix the errors locally18:04
bodenmlavalle slaweq ^ and preference as to if we should pin or just address the failures?18:07
dougwighmm, checking the first file, the check is actually wrong.  it's mis-parsing a context indent.18:07
dougwigoh wait, maybe not.18:07
dougwigit's right, just really subtle.18:08
bodenyeah... appears to be 5 spaces rather than 418:09
dougwigi'll push a fix patch up, which is orthogonal to pinning or not.18:09
bodendougwig: ack thanks18:09
*** dsneddon has joined #openstack-neutron18:10
*** aojea has joined #openstack-neutron18:10
*** aojea has quit IRC18:15
*** jpena is now known as jpena|off18:15
*** mattw4 has quit IRC18:15
*** iyamahat has quit IRC18:19
openstackgerritRodolfo Alonso Hernandez proposed openstack/neutron master: Add VLAN and VXLAN link information in get_devices_info  https://review.openstack.org/63379518:21
*** ralonsoh has quit IRC18:22
*** lemko has quit IRC18:25
*** mattw4 has joined #openstack-neutron18:28
*** aojea has joined #openstack-neutron18:29
*** mosulica has joined #openstack-neutron18:31
openstackgerritDoug Wiegley proposed openstack/neutron master: Update neutron files for new over-indentation hacking rule (E117)  https://review.openstack.org/63379718:31
*** iyamahat has joined #openstack-neutron18:34
openstackgerritDoug Wiegley proposed openstack/neutron master: Update neutron files for new over-indentation hacking rule (E117)  https://review.openstack.org/63379718:34
*** amuller has joined #openstack-neutron18:35
*** mosulica has quit IRC18:38
*** gcheresh_ has joined #openstack-neutron18:46
*** yamahata has joined #openstack-neutron18:52
*** aojea has quit IRC18:52
*** aojea has joined #openstack-neutron18:53
*** aojea has quit IRC18:57
*** _fragatina has joined #openstack-neutron19:01
*** yamamoto has joined #openstack-neutron19:04
*** mvkr has quit IRC19:06
*** robbbe has joined #openstack-neutron19:15
*** slogan621_ has quit IRC19:31
*** tbachman has joined #openstack-neutron19:31
*** tbachman has quit IRC19:35
dougwigdulek: looks like 633780 is happy now; just one non-voting job left in zuul.19:39
*** tbachman has joined #openstack-neutron19:41
*** gcheresh_ has quit IRC19:53
*** yamamoto has quit IRC20:05
*** blake has joined #openstack-neutron20:05
*** tmorin has joined #openstack-neutron20:25
*** blake has quit IRC20:25
*** bruca_ has joined #openstack-neutron20:26
*** bruca has quit IRC20:29
*** aojea has joined #openstack-neutron20:29
*** aojea has quit IRC20:30
*** aojea_ has joined #openstack-neutron20:30
haleybdougwig: mind if i update https://review.openstack.org/#/c/633797/ ?  just fixing some indentation, even though it's pep8-happy20:34
dougwigNot at all, feel free.20:35
*** tmorin has quit IRC20:36
openstackgerritBrian Haley proposed openstack/neutron master: Update neutron files for new over-indentation hacking rule (E117)  https://review.openstack.org/63379720:36
haleybdougwig: of course now i'll own the failures i might have introduced, but it passed locally :)20:36
dougwigHaha, good luck. :)20:41
openstackgerritSlawek Kaplonski proposed openstack/neutron master: Fix update of ports cache in router_info class  https://review.openstack.org/63361820:53
*** robbbe has quit IRC21:02
openstackgerritSlawek Kaplonski proposed openstack/neutron master: Remove deprecated 'external_network_bridge' option  https://review.openstack.org/56736921:04
slaweqtonyb: hi21:04
slaweqtonyb: some time ago You -1'ed my patch https://review.openstack.org/#/c/567369/ which removes external_network_bridge option from Neutron21:05
slaweqtonyb: as You said Ironic is still using it21:05
slaweqtonyb: do You have any idea when Ironic will not need it anymore?21:05
*** robbbe has joined #openstack-neutron21:06
tonybslaweq: I don't I'll make sometime today to look into it and possibly start a m/l thread21:09
*** munimeha1 has joined #openstack-neutron21:11
openstackgerritNate Johnston proposed openstack/neutron master: Utilize bulk port creation ops in ml2 plugin  https://review.openstack.org/62481521:12
*** mogindi has joined #openstack-neutron21:16
mogindiHi there :) looking for someone to help me with neutron metering agent21:17
mogindimlavalle: I have a patch for metering agent DVR, but i may need some help making sure it doesn't break it for l3ha (don't have adequate test evironment to test that) and could potentially use some improvements21:26
*** amuller has quit IRC21:29
haleybmogindi: you can add me to the review as well21:37
mogindihaleyb: ok will do21:49
*** bruca_ has quit IRC21:53
*** bruca_ has joined #openstack-neutron21:54
*** mchlumsky has quit IRC22:00
*** boden has quit IRC22:11
*** jlibosva has quit IRC22:13
*** bruca_ has quit IRC22:15
*** bruca_ has joined #openstack-neutron22:16
*** igordc has quit IRC22:21
*** dsneddon has quit IRC22:27
*** mattw4 has quit IRC22:28
*** mattw4 has joined #openstack-neutron22:29
openstackgerritHarald JensÃ¥s proposed openstack/neutron master: Fix port update deferred IP allocation with host_id + new MAC  https://review.openstack.org/63111622:31
*** aojea_ has quit IRC22:33
*** igordc has joined #openstack-neutron22:34
*** slaweq has quit IRC22:36
*** munimeha1 has quit IRC22:43
*** mattw4 has quit IRC22:55
*** tkajinam has joined #openstack-neutron22:55
openstackgerritBrian Haley proposed openstack/neutron master: Switch isolated metadata proxy to bind to 169.254.169.254  https://review.openstack.org/60042122:56
*** robbbe has quit IRC22:56
*** mattw4 has joined #openstack-neutron23:02
*** dsneddon has joined #openstack-neutron23:02
*** dsneddon has quit IRC23:08
-openstackstatus- NOTICE: http://zuul.openstack.org is not working. https://zuul.openstack.org does work. Please use that while we investigate.23:14
*** dsneddon has joined #openstack-neutron23:37
*** dsneddon has quit IRC23:45
*** dsneddon has joined #openstack-neutron23:45
*** njohnston has quit IRC23:47
*** njohnston has joined #openstack-neutron23:49
*** rcernin has quit IRC23:53
*** dsneddon has quit IRC23:55
« Monday, 2019-01-28 Index Wednesday, 2019-01-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!