| opendevreview | Jakub Libosvar proposed openstack/neutron master: DNM WIP: Don't register config options on imports https://review.opendev.org/c/openstack/neutron/+/837392 | 00:28 |
|---|---|---|
| opendevreview | Jakub Libosvar proposed openstack/neutron master: DNM WIP: Don't register config options on imports https://review.opendev.org/c/openstack/neutron/+/837392 | 00:32 |
| opendevreview | Jakub Libosvar proposed openstack/neutron master: DNM WIP: Don't register config options on imports https://review.opendev.org/c/openstack/neutron/+/837392 | 01:03 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/yoga: [API] Return 403 for POST requests when user is not authorized https://review.opendev.org/c/openstack/neutron/+/837487 | 06:00 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/xena: [API] Return 403 for POST requests when user is not authorized https://review.opendev.org/c/openstack/neutron/+/837488 | 06:01 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/wallaby: [API] Return 403 for POST requests when user is not authorized https://review.opendev.org/c/openstack/neutron/+/837489 | 06:01 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/train: When creating a VXLAN interface, a device is mandatory https://review.opendev.org/c/openstack/neutron/+/833208 | 06:11 |
| slaweq | ralonsoh: lajoskatona hi, when You will have some time, please check https://review.opendev.org/c/openstack/neutron/+/837286 | 06:12 |
| slaweq | thx a lot | 06:12 |
| lajoskatona | slaweq: checking | 06:14 |
| opendevreview | Merged openstack/neutron master: Also add B324 to bandit skip list for python3.9+ https://review.opendev.org/c/openstack/neutron/+/837462 | 06:15 |
| opendevreview | yatin proposed openstack/neutron stable/yoga: Also add B324 to bandit skip list for python3.9+ https://review.opendev.org/c/openstack/neutron/+/837670 | 06:17 |
| opendevreview | yatin proposed openstack/neutron stable/xena: Also add B324 to bandit skip list for python3.9+ https://review.opendev.org/c/openstack/neutron/+/837671 | 06:18 |
| opendevreview | yatin proposed openstack/neutron stable/wallaby: Also add B324 to bandit skip list for python3.9+ https://review.opendev.org/c/openstack/neutron/+/837672 | 06:18 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [bgpvpn] Remove setup_clients method https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837517 | 06:39 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [bgpvpn] Remove get_remote_client https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837663 | 06:39 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [bgpvpn] Remove setup_clients method https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837517 | 07:03 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [bgpvpn] Remove get_remote_client https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837663 | 07:04 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [fwaas] Remove get_remote_client & check_vm_connectivity https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837692 | 07:39 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron-tempest-plugin master: Exclude test test_floatingip_port_details from the Linuxbridge job https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837693 | 07:49 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [fwaas] Remove get_remote_client & check_vm_connectivity https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837692 | 08:07 |
| opendevreview | Roman Popelka proposed openstack/neutron-tempest-plugin master: [fwaas] Remove _create_subnet & setup_clients https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/837700 | 08:14 |
| opendevreview | yatin proposed openstack/neutron master: [DNM] Check translation job issue https://review.opendev.org/c/openstack/neutron/+/837454 | 08:21 |
| opendevreview | yatin proposed openstack/neutron master: [DNM] Check translation job issue https://review.opendev.org/c/openstack/neutron/+/837454 | 08:30 |
| opendevreview | yatin proposed openstack/neutron master: [DNM] Check translation job issue https://review.opendev.org/c/openstack/neutron/+/837454 | 08:32 |
| *** whoami-rajat__ is now known as whoami-rajat | 08:53 | |
| opendevreview | yatin proposed openstack/neutron master: [DNM] Check translation job issue https://review.opendev.org/c/openstack/neutron/+/837454 | 08:58 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron-lib master: Refactor session "is_active" handling for sqlalchemy-20 https://review.opendev.org/c/openstack/neutron-lib/+/828738 | 09:35 |
| ralonsoh | hi folks, if you have some minutes, please check https://review.opendev.org/c/openstack/neutron/+/806246 | 09:36 |
| ralonsoh | NOTE: the default behaviour does not change, if the config knobs are not modified | 09:36 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/yoga: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/neutron/+/837677 | 10:03 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/xena: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/neutron/+/837678 | 10:04 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/wallaby: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/neutron/+/837679 | 10:04 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/victoria: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/neutron/+/837707 | 10:07 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron stable/ussuri: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/neutron/+/837680 | 10:08 |
| opendevreview | Slawek Kaplonski proposed openstack/networking-ovn stable/train: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/networking-ovn/+/837709 | 10:17 |
| opendevreview | Slawek Kaplonski proposed openstack/networking-ovn stable/train: Retry port_update in the OVN if revision mismatch during live-migration https://review.opendev.org/c/openstack/networking-ovn/+/837709 | 10:27 |
| opendevreview | Lajos Katona proposed openstack/neutron stable/yoga: Add retry for privsep get_link_devices https://review.opendev.org/c/openstack/neutron/+/837681 | 11:25 |
| lajoskatona | [all]: as I see we hit also this issue: http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028160.html (I saw on older branches too), bug for it: https://bugs.launchpad.net/devstack/+bug/1968798 | 12:20 |
| opendevreview | Merged openstack/neutron stable/yoga: [stable/yoga] Drop -master jobs https://review.opendev.org/c/openstack/neutron/+/837510 | 12:26 |
| ykarel | lajoskatona, yes all devstack jobs running on ubuntu are impacted | 12:32 |
| ykarel | the bug mentions only focal, but i see bionic too | 12:33 |
| lajoskatona | ykarel: thanks | 12:33 |
| opendevreview | Pedro Henrique Pereira Martins proposed openstack/python-neutronclient master: Add support to floating ip port forwarding https://review.opendev.org/c/openstack/python-neutronclient/+/837725 | 12:35 |
| opendevreview | Krzysztof Tomaszewski proposed openstack/neutron master: Ensure to remove conntrack after applying deferred openflows https://review.opendev.org/c/openstack/neutron/+/837726 | 12:45 |
| labedz_ | hello | 12:50 |
| labedz_ | ralonsoh: about issue: https://bugs.launchpad.net/neutron/+bug/1934917, what do you think about another solution - removing conntrack entries after applying deferred flows | 12:52 |
| labedz_ | something like: https://review.opendev.org/c/openstack/neutron/+/837726 | 12:52 |
| opendevreview | Jakub Libosvar proposed openstack/neutron master: DNM WIP: Don't register config options on imports https://review.opendev.org/c/openstack/neutron/+/837392 | 12:59 |
| *** dasm|off is now known as dasm | 13:12 | |
| ralonsoh | labedz_, that will block the traffic | 13:13 |
| ralonsoh | it could be for a short time, but if you remove the conntrack entries and the flows are not applied yet, the traffic will be blocked | 13:13 |
| ralonsoh | labedz_, in any case, this code is for iptables firewall | 13:15 |
| ralonsoh | not for OVS fw | 13:15 |
| labedz_ | ralonsoh: yes - that's the point: to be sure that flows are applied before conntrack entries are deleted | 13:18 |
| ralonsoh | labedz_, we don't call this method in OVS fw | 13:19 |
| labedz_ | ralonsoh: you mean _apply_port_filter ? | 13:19 |
| ralonsoh | in "OVSFirewallDriver", we don't add anything to self._queue | 13:20 |
| ralonsoh | thus this method never does anything | 13:20 |
| labedz_ | we do in prepare_port_filter | 13:21 |
| labedz_ | ralonsoh: agent/linux/openvswitch_firewall/firewall.py L#737 | 13:22 |
| ralonsoh | what we do? | 13:22 |
| labedz_ | ralonsoh: method _delete_invalid_conntrack_entries_for_port() calls self.ipconntrack.delete_conntrack_state_by_remote_ips | 13:23 |
| ralonsoh | we do remove the invalid entries, only when the port is deleted | 13:23 |
| ralonsoh | this https://review.opendev.org/c/openstack/neutron/+/837726/1/neutron/agent/linux/ip_conntrack.py | 13:23 |
| ralonsoh | is never called in OVS FW | 13:24 |
| opendevreview | yatin proposed openstack/neutron master: [DNM] Check translation job issue https://review.opendev.org/c/openstack/neutron/+/837454 | 13:28 |
| labedz_ | ralonsoh: hmm, I am confused then: _apply_port_filter calls self.firewall.prepare_port_filter L#186, then in prepare_port_filter() we call self._delete_invalid_conntrack_entries_for_por agent/linux/openvswitch_firewall/firewall.pyL#737 and then it calls delete_conntrack_state_by_remote_ips() which populate conntrack._queue by calling _process() agent/linux/ip_conntrack.py L#187 | 13:28 |
| labedz_ | ralonsoh: and I see it in logs (done some dummy debuging) | 13:29 |
| ralonsoh | ah right, yes | 13:30 |
| ralonsoh | but what's the point of your patch? | 13:30 |
| labedz_ | ralonsoh: my initial problem is because of incosistent flow (because of batch apply) my legit traffic goes into failed flows conntrack entry | 13:30 |
| ralonsoh | yes but the problem are not in the invalid rules | 13:31 |
| ralonsoh | but the valid ones | 13:31 |
| labedz_ | ralonsoh: and becasue it happen that conntrack entry was deleted before all flow batches were applied conntrack entry stays marked in conntrack | 13:31 |
| labedz_ | ralonsoh: so when I postpone conntrack queue processing after applying all batches of deferred flows then I am fine at the end | 13:33 |
| labedz_ | ralonsoh: (except the small time between while batches are being applied) | 13:33 |
| ralonsoh | that doesn't guarantee that, in the middle of applying a port flow set, we can't reproduce the problem | 13:34 |
| ralonsoh | the issue is not in the conntrack table but in the partially applied flow set | 13:35 |
| ralonsoh | for a port | 13:35 |
| labedz_ | ralonsoh: indeed, but when there is a legit traffic already there (estabilished) while I am restarting ovs agent then between batches I have a chance that this traffic will be marked as invalid one | 13:36 |
| ralonsoh | no if the flows for a port are applied in one single tnx | 13:37 |
| ralonsoh | txn* | 13:37 |
| labedz_ | ralonsoh: true, that's why I like your patch :) | 13:37 |
| labedz_ | ralonsoh: but as it is configure option - we can have both | 13:38 |
| labedz_ | ralonsoh: my biggest problem is when I host some K8s stuff on top of it there is a lot of ipip tunnels which are also affected by this case | 13:41 |
| labedz_ | ralonsoh: tcp usually do reconnect and things are fixed by themself then ipip tunnels are more stubborn | 13:43 |
| ralonsoh | try first the other option | 13:43 |
| ralonsoh | my first concern aboyt your patch are how we are handling the sync between threads | 13:44 |
| labedz_ | ralonsoh: threads? you mean eventlet thrads for queue? | 13:47 |
| ralonsoh | yes | 13:47 |
| labedz_ | ralonsoh: IMHO eventlet semaphore should do the job | 13:48 |
| labedz_ | ralonsoh: anyway this patch is how to make it with smallest changes possible. I would prefer to refactor this ipcontrack mechanism to something more deterministic :) | 13:51 |
| opendevreview | Daniel Alvarez proposed openstack/neutron master: [ovn][migration] Support migration to OVN from iptables firewall https://review.opendev.org/c/openstack/neutron/+/837566 | 14:38 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: Revert "Add tag to port more earlier" https://review.opendev.org/c/openstack/neutron/+/837685 | 14:40 |
| labedz_ | ralonsoh: btw, thank you for checking | 15:12 |
| ralonsoh | yw | 15:12 |
| opendevreview | Lajos Katona proposed openstack/neutron-specs master: Spec folder for Zed https://review.opendev.org/c/openstack/neutron-specs/+/837736 | 15:12 |
| opendevreview | Lajos Katona proposed openstack/neutron-specs master: Spec folder for Zed https://review.opendev.org/c/openstack/neutron-specs/+/837736 | 15:31 |
| opendevreview | Merged openstack/neutron stable/yoga: Also add B324 to bandit skip list for python3.9+ https://review.opendev.org/c/openstack/neutron/+/837670 | 17:13 |
| *** dasm is now known as dasm|off | 21:36 | |
| opendevreview | Miguel Lavalle proposed openstack/neutron master: Avoid race condition when deleting trunk bridges https://review.opendev.org/c/openstack/neutron/+/837780 | 23:26 |
| opendevreview | Miguel Lavalle proposed openstack/neutron master: [WIP] Avoid race condition when deleting trunk bridges https://review.opendev.org/c/openstack/neutron/+/837780 | 23:28 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!