Thursday, 2021-11-04

« Wednesday, 2021-11-03 Index Friday, 2021-11-05 »
opendevreviewGhanshyam proposed openstack/neutron stable/train: DNM: test tempest train-last tag  https://review.opendev.org/c/openstack/neutron/+/81659700:47
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: update ACL actions on stateful field change  https://review.opendev.org/c/openstack/neutron/+/81660000:57
opendevreviewliuyulong proposed openstack/neutron-specs master: Spec for distributed datapath for metadata  https://review.opendev.org/c/openstack/neutron-specs/+/80285401:24
opendevreviewliuyulong proposed openstack/neutron-specs master: Spec for distributed datapath for metadata  https://review.opendev.org/c/openstack/neutron-specs/+/80285401:41
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: enable stateless-security-group api  https://review.opendev.org/c/openstack/neutron/+/81661203:04
opendevreviewIhar Hrachyshka proposed openstack/neutron-tempest-plugin master: Add stateless security group test case  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81661303:04
opendevreviewIhar Hrachyshka proposed openstack/neutron-tempest-plugin master: Add stateless security group test case  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81661303:07
opendevreviewIhar Hrachyshka proposed openstack/neutron-tempest-plugin master: Add stateless security group test case  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81661303:08
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: enable stateless-security-group api  https://review.opendev.org/c/openstack/neutron/+/81661203:08
opendevreviewCong Nguyen Thanh proposed openstack/neutron master: [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util  https://review.opendev.org/c/openstack/neutron/+/81632803:14
opendevreviewCong Nguyen Thanh proposed openstack/neutron master: [OVN] Fix port disable security dead when run neutron-ovn-db-sync-util  https://review.opendev.org/c/openstack/neutron/+/81632803:15
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: update ACL actions on stateful field change  https://review.opendev.org/c/openstack/neutron/+/81660003:17
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: enable stateless-security-group api  https://review.opendev.org/c/openstack/neutron/+/81661203:17
opendevreviewIhar Hrachyshka proposed openstack/neutron master: Bump OVN version for functional job to 21.06  https://review.opendev.org/c/openstack/neutron/+/81661403:17
opendevreviewMerged openstack/neutron stable/victoria: [DVR] Fix update of the MTU in the SNAT namespace  https://review.opendev.org/c/openstack/neutron/+/81295003:19
opendevreviewIhar Hrachyshka proposed openstack/neutron-tempest-plugin master: Add stateless security group test case  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81661303:20
*** gibi_pto_back_thu is now known as gibi07:56
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Sync QoS policies  https://review.opendev.org/c/openstack/neutron/+/81305208:10
opendevreviewLajos Katona proposed openstack/neutron master: Increase the timeout for arm64 jobs  https://review.opendev.org/c/openstack/neutron/+/81662108:48
opendevreviewMerged openstack/os-ken master: Bugfix now multiple switches can connect with TLS  https://review.opendev.org/c/openstack/os-ken/+/81383309:12
opendevreviewMerged openstack/os-ken master: Allow user to set cipher list.  https://review.opendev.org/c/openstack/os-ken/+/81383509:16
opendevreviewMerged openstack/os-ken master: Add support for the MTU ND option.  https://review.opendev.org/c/openstack/os-ken/+/81383609:28
dulekIs this normal: https://3e7cdff9e56ac3733874-d434493bb46e5d37fd5df3f066caeb22.ssl.cf5.rackcdn.com/816305/2/check/kuryr-kubernetes-tempest/2ac6084/controller/logs/screen-ovn-northd.txt ?09:35
slaweqlucasagomes:  hi, can You maybe take a look at ^^ ?09:37
opendevreviewMerged openstack/neutron stable/ussuri: [DVR] Fix update of the MTU in the SNAT namespace  https://review.opendev.org/c/openstack/neutron/+/81295109:40
opendevreviewMerged openstack/neutron stable/ussuri: [OVN Migration] Remove trunk's subports from the nodes  https://review.opendev.org/c/openstack/neutron/+/81543509:40
opendevreviewRodolfo Alonso proposed openstack/neutron master: Increase openstack-tox-py38 timeout in gate  https://review.opendev.org/c/openstack/neutron/+/81663109:42
opendevreviewRodolfo Alonso proposed openstack/neutron master: Increase openstack-tox-py38 and openstack-tox-py39 timeouts  https://review.opendev.org/c/openstack/neutron/+/81663109:45
slaweqralonsoh:  can You check https://review.opendev.org/c/openstack/neutron/+/815235 ? thx in advance10:01
ralonsohsure10:01
slaweqthx10:03
slaweqand https://review.opendev.org/c/openstack/neutron/+/799439 also :)10:03
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Don't enforce scopes in the API policies UT temporary  https://review.opendev.org/c/openstack/neutron/+/81583810:10
opendevreviewMerged openstack/neutron master: Check quota limits  https://review.opendev.org/c/openstack/neutron/+/80147010:10
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Don't enforce scopes in the API policies UT temporary  https://review.opendev.org/c/openstack/neutron/+/81583810:10
slaweqralonsoh: and last one for now https://review.opendev.org/c/openstack/os-ken/+/813985 :)10:13
slaweqit's the last not approved os-ken patch10:14
slaweqsorry https://review.opendev.org/c/openstack/os-ken/+/81560110:14
ralonsohyes hehehe10:14
ralonsohI saw it10:14
slaweqwhen those 2 will be merged we can do new os-ken release with all things from ryu merged :)10:14
ralonsohso now we are in sync with ryu10:14
slaweqwith those 2 we should be :)10:15
jkulikhi folks, quick question if this is a bug or somehow intenational: https://github.com/sapcc/neutron/commit/d0c172afa6ea38e94563afb4994471420b27cddf introduce updating the external port of a FIP with project_id, while https://github.com/openstack/neutron/blob/master/neutron/db/l3_db.py#L326 states that this is explicitly not set10:27
jkulikthis change makes floating ip ports count into quota10:27
*** lbragstad4 is now known as lbragstad10:33
opendevreviewMerged openstack/neutron-tempest-plugin master: Increase "neutron-tempest-plugin-scenario-ovn" timeout to 3h  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81643810:33
ralonsohjkulik, you are right, this is a corner case but this is adding the project ID to those ports10:36
ralonsohit is worth to, at least, open a LP bug10:36
*** lbragstad1 is now known as lbragstad10:43
opendevreviewLajos Katona proposed openstack/neutron master: Recheck irrelevant files  https://review.opendev.org/c/openstack/neutron/+/81664211:03
opendevreviewLajos Katona proposed openstack/neutron master: Increase the timeout for arm64 jobs  https://review.opendev.org/c/openstack/neutron/+/81662111:06
*** lbragstad7 is now known as lbragstad11:07
opendevreviewMerged openstack/os-ken master: add ofproto 1.3 coverage, check key-error and attribute-error.  https://review.opendev.org/c/openstack/os-ken/+/81398511:28
opendevreviewMerged openstack/os-ken master: Bump min eventlet version to 0.26.1  https://review.opendev.org/c/openstack/os-ken/+/81560111:28
slaweqlajoskatona: ralonsoh ^^ with those 2 patches merged, I will prepare release patch for os-ken now11:29
ralonsohslaweq, cool, send the releases patch link11:30
slaweqralonsoh: lajoskatona 7911ff1820b83bf1657c322c36ca68dcb5c0a84611:31
slaweqsorry https://review.opendev.org/c/openstack/releases/+/81664611:32
slaweq:)11:32
opendevreviewMerged openstack/neutron stable/xena: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81645411:53
opendevreviewMerged openstack/neutron stable/wallaby: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81634811:53
opendevreviewMerged openstack/neutron master: Add "FLAVOR_NAME" to ovn migration resources creation  https://review.opendev.org/c/openstack/neutron/+/81397211:53
lajoskatonaslaweq: thanks12:12
slaweqlajoskatona: yw :)12:14
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/train: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81645912:19
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/stein: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81647012:19
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/rocky: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81647112:19
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/queens: Don't setup bridge controller if it is already set  https://review.opendev.org/c/openstack/neutron/+/81647212:19
opendevreviewMerged openstack/neutron-lib master: Move RULE_TYPE_MINIMUM_PACKET_RATE to neutron-lib  https://review.opendev.org/c/openstack/neutron-lib/+/81644712:27
slaweqralonsoh: when You will have some time, please check jlibosva 's question in https://review.opendev.org/c/openstack/neutron/+/81418112:31
ralonsohslaweq, let me check13:18
ralonsohslaweq, done13:24
slaweqralonsoh: I just replied to Your comment13:26
zigofrickler: I believe we would continue to manually setup the BGP speakers in production, but it's still nice to have.13:35
opendevreviewDaniel Alvarez proposed openstack/neutron master: [ovn] Add timeout option to ovsdb-client command  https://review.opendev.org/c/openstack/neutron/+/81669813:37
dalvarezjlibosva: otherwiseguy ^^13:38
dalvarezlucasagomes: ^im sorry you would prolly want to include this in your list of backports :p13:39
opendevreviewIhar Hrachyshka proposed openstack/neutron master: Bump OVN version for functional job to 21.06  https://review.opendev.org/c/openstack/neutron/+/81661413:40
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: update ACL actions on stateful field change  https://review.opendev.org/c/openstack/neutron/+/81660013:40
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: enable stateless-security-group api  https://review.opendev.org/c/openstack/neutron/+/81661213:40
lucasagomesdalvarez, nice, I will review but for backports I probably won't be around once it merges tho... The other patches are already backported13:40
lucasagomesotherwiseguy, jlibosva maybe can take care of backporting it ?13:41
jlibosvasure13:43
jlibosvadalvarez: lucasagomes left a comment there13:43
lucasagomesjlibosva++13:44
opendevreviewDaniel Alvarez proposed openstack/neutron master: [ovn] Add timeout option to ovsdb-client command  https://review.opendev.org/c/openstack/neutron/+/81669813:51
dalvarezjlibosva++ thanks done13:51
dalvarezralonsoh++ thanks done13:51
dalvarezagh group is 'ovn' not 'ovs'13:52
opendevreviewDaniel Alvarez proposed openstack/neutron master: [ovn] Add timeout option to ovsdb-client command  https://review.opendev.org/c/openstack/neutron/+/81669813:55
ihrachysany reason why we don't bump ovn / ovs in gate?13:56
ihrachysI see some references to kernel incompatibility in zuul conf. still relevant?13:57
ralonsohjlibosva, ^13:58
jlibosvaihrachys: ralonsoh do you have a link that gives more details about the incompatibility? I'm all up for bumping the versions14:13
ralonsohjlibosva, I just pinged you because you added this comment in https://review.opendev.org/c/openstack/neutron/+/816614/2/zuul.d/base.yaml14:14
ralonsoh      # TODO(jlibosva): v2.13.1 is incompatible with kernel 4.15.0-118, sticking to commit hash until new v2.13 tag is created14:14
ralonsohbut seems that https://zuul.opendev.org/t/openstack/status#816614 has correctly installed those new versions in the FT job14:16
ihrachyswe'll see if it passes. that's all I care really :)14:17
opendevreviewMerged openstack/neutron master: Deprecate 'allow_overlapping_ips' config option  https://review.opendev.org/c/openstack/neutron/+/80784814:20
opendevreviewMerged openstack/neutron master: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/79943914:20
opendevreviewIhar Hrachyshka proposed openstack/neutron-tempest-plugin master: Add stateless security group test case  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81661314:21
opendevreviewDr. Jens Harbott proposed openstack/neutron-dynamic-routing master: Add a StaticScheduler without automatic scheduling  https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/81526514:22
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Add functional and fullstack jobs with FIPS enabled  https://review.opendev.org/c/openstack/neutron/+/81400914:26
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/xena: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/81665814:30
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/wallaby: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/81665914:30
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/victoria: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/81666014:31
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/ussuri: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/81666114:31
opendevreviewSlawek Kaplonski proposed openstack/neutron stable/train: [DVR] Fix update of the MTU in the DVR HA routers  https://review.opendev.org/c/openstack/neutron/+/81666214:31
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Execute OVN migration transactions independently  https://review.opendev.org/c/openstack/neutron/+/81418114:42
opendevreviewGhanshyam proposed openstack/neutron stable/train: [stable-only] Remove non-existing networking-midonet job  https://review.opendev.org/c/openstack/neutron/+/81670814:52
gmannslaweq: lajoskatona ^^ seems zuul configuration error on stable/train, this fixing it. I found it when doing DNM testing patch there https://review.opendev.org/c/openstack/neutron/+/81659714:53
gmannI mean this is fix - https://review.opendev.org/c/openstack/neutron/+/81418114:53
gmannahh, sorry,  https://review.opendev.org/c/openstack/neutron/+/81670814:53
opendevreviewGhanshyam proposed openstack/neutron stable/train: DNM: test tempest train-last tag  https://review.opendev.org/c/openstack/neutron/+/81659714:53
slaweqthx gmann :)14:54
lajoskatonathanks gmann, good catch14:58
EugenMayerwhat could be the cause that no matter what i do, the security groups have no effect at all. Adding now security groups at all will still allow connections on all ports, so the default for all instances seems to be INGRESS ALL ACCEPT. the default security group is not configured this way15:01
EugenMayerThis must have been happened out of a sudden - we had to add security groups for everything beforhand15:01
gmannslaweq: may be you can cleanup this too https://github.com/openstack/neutron/blob/master/zuul.d/project.yaml#L3515:02
lajoskatonagmann: https://review.opendev.org/c/openstack/neutron/+/815466/2/zuul.d/project.yaml15:03
gmannlajoskatona: ah nice, thanks 15:15
EugenMayeris it a known bug that in xena, you cannot add security groups when creating an instance and using a port? Neither from the cli, nor from the UI. Both offer it, but they will not save those15:23
opendevreviewSebastian Lohff proposed openstack/neutron master: Do not set project_id for floating ip ports  https://review.opendev.org/c/openstack/neutron/+/81672216:21
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Use ovs constants from neutron-lib  https://review.opendev.org/c/openstack/neutron/+/79712016:36
slaweqralonsoh: lajoskatona mlavalle if You have some time, please check once again https://review.opendev.org/c/openstack/neutron/+/797120 - I addressed comments there and TBH I agree with obondarev's opinion there16:38
slaweqI hope it will be fine for You too16:38
ralonsohsure16:38
lajoskatonaslaweq: ok16:38
slaweqthx guys16:38
mlavalleslaweq: yes, I will take a look16:38
slaweqthx You too16:39
opendevreviewBalazs Gibizer proposed openstack/neutron master: Do not block qos for direct-physical ports  https://review.opendev.org/c/openstack/neutron/+/81596216:42
opendevreviewIhar Hrachyshka proposed openstack/neutron master: Bump OVN version for functional job to 21.06  https://review.opendev.org/c/openstack/neutron/+/81661416:46
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: update ACL actions on stateful field change  https://review.opendev.org/c/openstack/neutron/+/81660016:46
opendevreviewIhar Hrachyshka proposed openstack/neutron master: ovn: enable stateless-security-group api  https://review.opendev.org/c/openstack/neutron/+/81661216:46
opendevreviewLajos Katona proposed openstack/neutron master: Document admin_state_up  https://review.opendev.org/c/openstack/neutron/+/81672517:10
opendevreviewLajos Katona proposed openstack/neutron master: Increase the timeout for arm64 jobs  https://review.opendev.org/c/openstack/neutron/+/81662117:13
EugenMayeris it a Xena (or always?) default that the default security group is ingress all ACCEPT?18:02
ihrachysEugenMayer AFAIU only for members of the same group18:09
ihrachysaccept all for egress only18:09
EugenMayerihrachys wait so all servers, which are part of the default group having 'ingress accept all'?18:26
EugenMayersounds like this group fills up very fast and it really sound like an unusual default to me, thus the question18:26
ihrachysafaiu all ports in a group have free for all18:27
ihrachyssee https://wiki.openstack.org/wiki/Neutron/SecurityGroups#Behavior18:28
ihrachyswait, maybe I misreawd18:28
EugenMayer"For the default security group a rule which allows intercommunication among hosts associated with the default security group is defined by default."18:29
ihrachysyes, this part. sounds like "free for all" no?18:29
EugenMayeri would say, you are right about that. 18:29
EugenMayerA little shocker to me, but well, good to know. Just means i want to redefine the default group. I guess there is no real setting for that so all project start with 'ingress ALL DROP'18:30
ihrachysAFAIR default comes from aws that is mimicked by nova SG api, that comes pre-neutron: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/default-custom-security-groups.html#default-security-group18:30
EugenMayerwhatever, entirely not the philosophy i use firewalls with. But that might be just me18:31
ihrachysopenstack originally tried to mimic aws in network scope (not just network, compute too), and then expanded into more elaborate use cases. the roots were kept.18:32
EugenMayeri see18:32
EugenMayeris it somewhat 'by design' too, that if you create a port first, then create an instance assigning this port and at the same time, add security groups to that instance (in one go, in the API or in the GUI) - the security groups are simply not applied?18:34
EugenMayerone can apply the security groups to the port beforehand and those are then applied to the instance. But when applying security groups via instance create, those are just dropped. Interestingly, you can just update the instance security updates after the creation, that works18:35
EugenMayerwhen not using a port (while creating an instance), but rather a network (thus the port is created on the fly), applying security groups via the GUI and API works during creation18:36
opendevreviewMerged openstack/neutron master: Replace "tenant_id" with "project_id" in metering service  https://review.opendev.org/c/openstack/neutron/+/81480720:05
opendevreviewMerged openstack/neutron stable/victoria: Check a namespace existence by checking only its own directory  https://review.opendev.org/c/openstack/neutron/+/81651520:05
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Add functional and fullstack jobs with FIPS enabled  https://review.opendev.org/c/openstack/neutron/+/81400921:44
opendevreviewMerged openstack/neutron stable/wallaby: Check a namespace existence by checking only its own directory  https://review.opendev.org/c/openstack/neutron/+/81651322:34
opendevreviewMerged openstack/neutron-tempest-plugin master: [stable/{train,stein}] Use old guest image for these branches  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/81551823:23
opendevreviewMerged openstack/neutron master: Use the DB object when listing the SG rules  https://review.opendev.org/c/openstack/neutron/+/81637323:30
« Wednesday, 2021-11-03 Index Friday, 2021-11-05 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!