Tuesday, 2024-08-20

« Monday, 2024-08-19 Index Wednesday, 2024-08-21 »
opendevreviewMiguel Lavalle proposed openstack/neutron-tempest-plugin master: Test metadata query over IPv6 only network with OVS and LB  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92650300:40
opendevreviewLiushy proposed openstack/neutron master: [OVN] Support address group for ovn driver  https://review.opendev.org/c/openstack/neutron/+/85150903:19
opendevreviewLiushy proposed openstack/neutron master: [OVN] Support address group for ovn driver  https://review.opendev.org/c/openstack/neutron/+/85150903:24
ralonsohykarel, hello! Are you around? I'm trying to debug https://review.opendev.org/c/openstack/neutron/+/924317, in particular one of the tests that is recurrently failing with these patches08:08
ralonsohtest_established_tcp_session_after_re_attachinging_sg08:08
ralonsohchecking the tempest logs, the issue seems to be in the first check, when the port is initially configured with the SSH rule and the test port (6666)08:08
ralonsohbut tempest cannot SSH into the VM08:08
ralonsohwell, no, that's not correct: it can SSH but cannot ping to port 666608:10
ykarelHi ralonsoh08:10
opendevreviewyatin proposed openstack/neutron master: Revert "Temporary mark ovs-rally job as non-voting"  https://review.opendev.org/c/openstack/neutron/+/92661308:10
ralonsohbtw, I can see the OVS agent applying the 6666 port rule08:12
ralonsohykarel, I'm checking https://6858d98d7a501e0358b0-54baced7b3de4d4a8f29448d2e5adbbf.ssl.cf2.rackcdn.com/925376/3/check/neutron-tempest-plugin-openvswitch-enforce-scope-old-defaults/9ba0ee0/controller/logs/index.html in particular, but I've seen the same problem in other cases08:15
ralonsohthe port related to these SG rules is created and deleted inmediatly08:15
ykarelralonsoh, so that test failing consistantly in those patches?08:15
ralonsohnot constantly but very frequently08:15
ykarelas i recall seeing that fail in past but not that frequent08:16
ralonsohnot all ml2/ovs jobs are always failing but there is always one or two with this error08:16
ralonsohyeah, me too, but with this patch this problem seems to be "improved"08:16
ykarelohkk now i see it rebased on https://review.opendev.org/c/openstack/neutron/+/92537608:19
ykarelwhich i had put -W couple of days back08:19
ykarelas the failure looked related as failures were quite frequent in that patch08:19
ralonsohyes, right08:19
ykarelwhile the jobs were mostly stable08:19
ykarelhttps://review.opendev.org/c/openstack/neutron/+/925376/comments/dd6ad1ac_7aee4f6b08:20
ralonsohyes, I saw this comment08:20
ralonsohand I really don't know why this is happening with this patch08:20
ralonsohand specifically with OVS (this is a change that affects the Neutron API wsgi module)08:21
ralonsohbut is not affecting ML2/OVN (with wsgi)08:21
ralonsohas commented, the problem is always the same, checking the OVS agent logs: the VM port is created and right after deleted (I don't know why)08:23
ykarel@ralonsoh, me neither know how that patch is linked to the failures, i had just concluded based on pattern and didn't want to get it merged and have wider impact across patches unless and until we sure that's not related08:38
ykarelwill check logs post lunch to see if can spot something08:38
ralonsohfor sure, we can't merge it right now08:38
ralonsohI'm pinging a Nova folk to find out why n-compute is deleting this port (that is happening in other executions too)08:38
ykarel+108:38
ralonsohykarel, hey, only if you have time. I'm checking https://32db135de77b6f5b2e24-00cf68680e4576901ac5e284377f47f2.ssl.cf2.rackcdn.com/924317/7/experimental/neutron-tempest-plugin-openvswitch-distributed-dhcp/43f8b60/controller/logs/screen-q-agt.txt. The port "new" event is received at 12:41:1509:12
ralonsohAug 19 12:41:15.653623 np0038215967 neutron-openvswitch-agent[61294]: DEBUG neutron.agent.common.async_process [-] Output received from [ovsdb-client monitor tcp:127.0.0.1:6640 Interface name,ofport,external_ids --format=json]: {"data":[["18eba42b-2254-46a1-aeb8-2027e39235ed","old",null,257,null],["","new","tap9bc40eec-ae",-1,["map",[["attached-mac","fa:16:3e:ec:7b:05"],["iface-id","9bc40eec-ae67-4b56-9e75-551609520b09:12
ralonsoh27"],["iface-status","active"],["vm-uuid","4623b509-a848-41a4-9fc2-1cf8227bd4ca"]]]]],"headings":["row","action","name","ofport","external_ids"]} {{(pid=61294) _read_stdout /opt/stack/neutron/neutron/agent/common/async_process.py:285}}09:12
ralonsohbut nova created the VM more than 1 minute before and decides to delete it at 12:41:1409:13
ralonsohAug 19 12:41:14.998800 np0038215967 devstack@n-api.service[58447]: DEBUG nova.compute.api [None req-54123910-92d9-491b-b845-f8e7d37490dd tempest-StatefulNetworkSecGroupTest-1423213631 tempest-StatefulNetworkSecGroupTest-1423213631-project-member] [instance: 4623b509-a848-41a4-9fc2-1cf8227bd4ca] Going to try to terminate instance {{(pid=58447) delete /opt/stack/nova/nova/compute/api.py:2725}}09:13
ralonsohAug 19 12:41:15.024110 np0038215967 devstack@n-api.service[58446]: DEBUG nova.policy [None req-1e19f865-7f99-4da7-ae46-4965467a20d2 tempest-TrunkTest-1398874509 tempest-TrunkTest-1398874509-project-member] Policy check for os_compute_api:os-extended-server-attributes failed with credentials {'is_admin': False, 'user_id': 'e318cd2f500f41249a5a2f13772dc59b', 'user_domain_id': 'default', 'system_scope': None, 09:13
ralonsoh'domain_id': None, 'project_id': '7f724d856c9d4a2ab98d13c20f696d1e', 'project_domain_id': 'default', 'roles': ['reader', 'member'], 'is_admin_project': True, 'service_user_id': None, 'service_user_domain_id': None, 'service_project_id': None, 'service_project_domain_id': None, 'service_roles': []} {{(pid=58446) authorize /opt/stack/nova/nova/policy.py:203}}09:13
ralonsohso for some reason, we receive the port creation event just at the same time Nova decides to delete it because it never received the vif-plugged-event09:14
ralonsoh(next time I'll use https://paste.opendev.org/)09:14
opendevreviewRodolfo Alonso proposed openstack/neutron-tempest-plugin master: DNM == Wait for the ML2/OVS FW conntrack rules to be deleted  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92662111:15
opendevreviewRodolfo Alonso proposed openstack/neutron master: Monkey patch the system libraries before calling them  https://review.opendev.org/c/openstack/neutron/+/92537611:15
opendevreviewRodolfo Alonso proposed openstack/neutron-tempest-plugin master: DNM == Wait for the ML2/OVS FW conntrack rules to be deleted  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92662111:23
opendevreviewRodolfo Alonso proposed openstack/neutron master: DNM == Test neutron-tempest-plugin-openvswitch  https://review.opendev.org/c/openstack/neutron/+/92520511:23
damiandabrowskiralonsoh: I looked at https://review.opendev.org/c/openstack/neutron/+/907504 and I think it's unrelated to my issues :/11:33
damiandabrowskiI added OVN nat rules for 0.0.0.0/0 on my routers but it didn't help.11:33
damiandabrowskiI also created two, small all-in-one environments(one with OVN and another one with OVS) with even simpler architecture:11:34
damiandabrowskihttps://i.ibb.co/gzjd604/Screenshot-from-2024-08-20-13-26-55.png11:34
damiandabrowskiFor OVN: vm-inner-* do not have internet connectivity, vm-outer-* have internet connectivity. It's also a bit weird that gateway for inner-router is down.11:34
damiandabrowskiFor OVS: all VMs have internet connectivity and all neutron ports are up11:34
ralonsohdamiandabrowski,  0.0.0.0/0 won't work, you need to add one by one the inner networks to the external OVN router11:38
ralonsohas NAT entries11:38
ralonsohdid you use this patch in your OVN deployment?11:38
damiandabrowskiahh ok, i'll try to add NAT entries manually(for inner network, not 0.0.0.0/0) and if it won't work, I'll try to use above patch to make sure it's unrelated11:40
ralonsohdamiandabrowski, why don't you use this patch?11:40
ralonsohthat will be faster11:40
damiandabrowskiyeah...you may be right, let me try to apply the patch right away11:41
damiandabrowskiralonsoh: I applied the patch, enabled ovn.ovn_router_indirect_snat, restarted all neutron and ovn services, executed OVN DB sync tool in repair mode and even recreated all routers/networks - no extra NAT rules were added12:31
damiandabrowskiI'm currently trying to find out why12:31
opendevreviewyatin proposed openstack/neutron stable/2024.1: Adopt to StandardAttribute load method change to "selectin"  https://review.opendev.org/c/openstack/neutron/+/92662912:33
opendevreviewyatin proposed openstack/neutron stable/2023.2: Adopt to StandardAttribute load method change to "selectin"  https://review.opendev.org/c/openstack/neutron/+/92663112:36
opendevreviewyatin proposed openstack/neutron stable/2023.1: Adopt to StandardAttribute load method change to "selectin"  https://review.opendev.org/c/openstack/neutron/+/92663312:37
*** jamesdenton is now known as Guest97213:25
*** jamesdenton_alt is now known as jamesdenton13:25
damiandabrowskiralonsoh: okay, so I noticed that patch https://review.opendev.org/c/openstack/neutron/+/907504 works perfectly fine but for other scenarios13:41
damiandabrowskilike the one described here: https://bugs.launchpad.net/neutron/+bug/138604113:41
damiandabrowskiwhere "inner" router does not have default gateway and static routes are defined on both routers13:41
damiandabrowskiin my case, both of my routers have default gateways, I don't define any static routes and technically I'm not doing nested NAT13:41
damiandabrowskiso I think this patch should not be required in my case(and applying it does not help)13:41
damiandabrowskibut there must be some other difference between OVS and OVN that breaks my architecture :/13:42
haleybdamiandabrowski: that patch is being updated, it does not work exactly right13:43
ralonsohdamiandabrowski, then I don't know what is your particular case, please open a LP bug with a reproducer, including the networks, subnets, routers and extra routes added13:43
damiandabrowskihaleyb: ahh ok, thanks for the info! For now I just want to make sure that I'm really affected by this issue or I need to dig somewhere else13:59
damiandabrowskiralonsoh: okok, done: https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/207743013:59
haleyb#startmeeting networking14:00
opendevmeetMeeting started Tue Aug 20 14:00:33 2024 UTC and is due to finish in 60 minutes.  The chair is haleyb. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'networking'14:00
haleybPing list: bcafarel, elvira, frickler, mlavalle, mtomaska, obondarev, slaweq, tobias-urdin, ykarel, lajoskatona, jlibosva, averdagu, amotoki, haleyb, ralonsoh14:00
mlavalle\o14:00
damiandabrowskiI also have all-in-one environment with described setup for both OVS and OVN, I can let you in if it can help.14:00
ykarelo/14:00
ihrachyso/14:00
ralonsohhello14:00
slaweqo/14:00
bcafarelo/14:00
obondarevo/14:00
elvirao/14:01
haleyb#topic announcements14:01
haleybWe are now in Dalmatian release week (R - 6)14:01
haleybWork on libraries should be wrapping up!14:02
haleybNon-client library freeze: August 22nd, 2024 (R-6 week)14:02
haleybClient library freeze: August 29th, 2024 (R-5 week)14:02
mtomaskao/14:02
haleybDalmatian-3 milestone: August 29th, 2024 (R-5 week)14:02
haleybWith all that said, are there any neutron-lib changes that need attention and merging?14:02
haleybhttps://review.opendev.org/c/openstack/neutron-lib/+/924700 perhaps?14:03
ralonsohthis is not a hard requirement14:03
ralonsohbut that will be perfect if merged14:03
haleyback14:04
haleybihrachys: there is this older one you have - https://review.opendev.org/c/openstack/neutron-lib/+/90904414:04
haleybit had some comments14:05
ihrachysforgot about it. I don't think it's important release wise anyway.14:05
haleybif there are others please ping for reviews as the release patches will start coming14:06
haleybihrachys: ack, just trying to get things merged14:06
slaweqralonsoh I just approved Your patch14:06
ralonsohslaweq++14:07
haleyband i'll copy/paste my comment from last week14:07
haleybSince we are at the end of the cycle, I would like to start using the priorities dashboard for patches in the "ready to merge" state. This could be older changes as well as new ones14:07
mlavalle+114:07
slaweq++14:07
ykarel+114:07
haleybSo if you think something is "ready to go" add an RP+1 so others can see it14:07
haleybwe have some old patches14:07
haleybthere is a link in the wiki, it's too long to paste14:08
haleyband i think lajos added a comment about TaaS, which I don't think has RP settings14:08
haleybbut I'll add his work here if people have cycles14:09
haleyb#link https://review.opendev.org/q/topic:%22bug/2015471%22+status:open14:09
haleybTap Mirror for OVN14:09
haleyband OVS14:09
haleyband other comments or important things to share?14:10
haleybI will mention again we are in the combined PTL/TC election cycle, there was an email to the -discuss list for those interested14:12
slaweqright, I was just going to say that14:12
slaweqthx haleyb :)14:12
haleybAs I mentioned, I will run again for PTL, I have the cycles :)14:14
mlavalle++14:14
mlavalleThanks for your servicw14:14
haleyb#topic bugs14:15
haleybI was the bug deputy last week, my report is at14:15
haleyb#link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/Y6B77PQKGGM2MZXBKCL73WQIIEEDBW2S/14:15
haleyband amazingly there was only one bug14:15
slaweqthis time You were lucky with bugs :)14:15
haleybvery lucky14:15
bcafarelAugust 15 week, usually quiet time :)14:16
haleyb#link https://bugs.launchpad.net/neutron/+bug/207691614:16
haleybIPv6 metadata issue with ml2/ovs and LB, mlavalle tracked down to gate setup14:16
haleyb#link https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92650314:17
mlavalleI have a comment regarding this bug14:17
mlavalleMy first approach to fix it was to enable metadata in isolated networks (enable_isolated_metadata = true)14:18
haleybthat would fix the case where the dhcp-agent is providing the service14:19
mlavalleHowever, yesterday I discovered that while that fixed the IPv6 problem and allowed the new test case to pass, a couple of other unrelated test cases failed14:19
mlavalleso in the end I decided not to use an isolated network for the IPv6 test case and now everything seems to be good14:20
mlavallehowever that let me to wonder whether we are testing isolated networks in neutron-tempest-plugin14:20
mlavalleand we are not14:21
haleybah, i just noticed you changed it to add a router interface, which is maybe better as it's like a "normal" network would be14:21
mlavalleyeah, now I use a router14:21
mlavallebut, isolated networks is something that we support, don't we14:21
mlavalle?14:22
ralonsohyes, using the DHCP namespace14:22
haleybyes, fully supported, and a number of deployment tools set it14:22
mlavallemaybe we should be testing it in n-t-p14:22
mlavalleand yesterday I found that two test cases stareted to fail when I enebled isolated networks14:23
haleybmlavalle: yes, more coverage would be good, probably would find some edge cases14:23
mlavallein other words, maybe we are not paying attention enough and we regressing in this feature14:23
haleyb#link https://review.opendev.org/c/openstack/neutron/+/926497 is one of those odd cases i've been working on14:23
haleybmlavalle: we can either use the existing bug or open another to track the work14:24
mlavalleok, I'm going to file a new LP with this discovery and I'm going to try to come up with a n-t-p test case14:24
mlavalletargeting specifically isolated networks14:25
mlavallethat's all14:25
haleybmlavalle: thanks for fixing this and doing more testing14:25
haleybany other bugs to discuss?14:26
haleyb#topic community-goals14:27
haleybralonsoh: do you want to talk about eventlet removal? i only quickly saw the related patches to track down the gate failure stopping your other patches from merging14:28
ralonsohyes, I've spent more than one day debugging this14:28
ralonsohand the only conclusion is that, in the 2 failing cases, we somehow are faster and don't allow the OVS agent to configure backend14:29
ralonsohI'm testing with adding sleeps after the SG port updates14:29
ralonsohI know is horrible but still testing14:29
ralonsohthat's all14:29
haleybralonsoh: thanks, and yes i understand just adding delays in tests is not great14:31
haleybi will look at the reviews later14:31
haleybthe other community goal is neutronclient deprecation. i don't think lajos is here, but he has additional changes for horizon up14:32
haleyb#link https://review.opendev.org/q/topic:%22bug/1999774%2214:32
haleybi had no other community items14:33
haleyb#topic bugs14:33
haleybi forgot in #bugs that this week rubasov is the deputy, next week is mlavalle 14:34
haleybis that good for both?14:34
haleybalthough i don't thinkg rubasov is here today14:34
ralonsohif he doesn't reply, I can do it this week14:34
mlavalleyes it is for me14:34
mlavallerubasov said last week he is on PTO yesterday and today14:35
mlavallebut that he will catch up tomorrow14:35
mlavallehe was fine with this week14:35
haleybgreat, thanks. oh right, he said he'll catch up in last weeks notes, and it's a slow week anyways14:36
haleybok, that's all the bug stuff i had14:36
haleyb#topic on-demand14:36
haleybi had one topic, but will let any others go first14:36
ralonsohnothing from me14:37
haleybi just had a question on the update to the RBAC default override14:37
mlavallenothing from me either14:37
haleyb#link https://review.opendev.org/c/openstack/neutron/+/92608514:37
haleybthat patch seems fine, except for the designate scenario, but i didn't quite understand gmann's comment and if it means there was something broken14:38
haleybslaweq: maybe if you can give your opinion in the review it would help move it along, i'm stumped14:40
slaweqsure, I will check it14:41
haleybthanks, i'm sure he'd like to get that series all merged as it crosses many repos14:41
haleybi had nothing else14:42
haleybykarel: CI meeting in person today?14:42
ykarelhaleyb, yes video today14:42
haleybgreat, that's in :17 for anyone attending14:43
haleybthanks for coming, and don't forget to look at the priority dashboard :)14:43
haleyband have a great week14:43
haleyb#endmeeting14:43
opendevmeetMeeting ended Tue Aug 20 14:43:37 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:43
opendevmeetMinutes:        https://meetings.opendev.org/meetings/networking/2024/networking.2024-08-20-14.00.html14:43
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/networking/2024/networking.2024-08-20-14.00.txt14:43
opendevmeetLog:            https://meetings.opendev.org/meetings/networking/2024/networking.2024-08-20-14.00.log.html14:43
ralonsohbye14:43
ykarelo/14:43
ihrachyshaleyb: in nested snat experiments you did for 0.0.0.0/0 snat rule for ovn, when you had issues with fips; which ovn version did you run?14:44
haleybihrachys: i don't exactly know. I *thought* I tried to build from source at the time i sent the patch14:45
ihrachyshaleyb: so like master?14:45
haleybyes, it should have had that conntrack fix you mentioned for the issue14:46
ihrachysi'm being told something was broken circa 24.03 but not before. still need to check if earlier releases are good actually.14:46
ihrachysso I wanted to check if you tried with a pre 24.03. will do it myself of course.14:46
haleybi just don't know what version, sorry14:47
ihrachysack14:47
ihrachyshaleyb: https://github.com/ovn-org/ovn/commit/40136a2f14:49
mlavallehaleyb: yeah, one of the failing test cases I saw yesteday was neutron_tempest_plugin.scenario.test_mtu.NetworkWritableMtuTest.test_connectivity_min_max_mtu. So it seems to be related to https://bugs.launchpad.net/neutron/+bug/207420714:52
mlavalleI'll investigate further before filing another LP. Good pointer, though. Thanks!14:53
haleybihrachys: interesting, i would have thought i had that based on the date but ???14:55
ihrachysI'm told this commit actually breaks something in the scenario14:55
ihrachysso we're going to check if revert fixes it14:55
ihrachysin next day or two14:55
haleybah14:55
haleybmlavalle: thanks for that, my next step of testing my fix for the dhcp-agent mtu issue was to look at the metadata agents and see if they need a similar fix14:56
haleybbasically, if just ipv4 subnets don't configure ipv6 metadata address, since the degenerate case of a small mtu could break it14:57
ykarel#startmeeting neutron_ci15:03
opendevmeetMeeting started Tue Aug 20 15:03:34 2024 UTC and is due to finish in 60 minutes.  The chair is ykarel. Information about MeetBot at http://wiki.debian.org/MeetBot.15:03
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:03
opendevmeetThe meeting name has been set to 'neutron_ci'15:03
ykarelPing list: bcafarel, lajoskatona, mlavalle, mtomaska, ralonsoh, ykarel, jlibosva, elvira15:03
ykarelThis will be video meeting this time: https://meetpad.opendev.org/neutron-ci-meetings15:03
ykarel#topic Stable branches15:05
ykarelall good15:06
ykarel#topic Stadium projects15:06
ykarelrest all green apart from sfc https://bugs.launchpad.net/neutron/+bug/206872715:06
ykarel#action slawek to check for sfc failures in coming weeks and have some conclusion for dalmatian release15:11
ykarel#topic Rechecks15:12
ykarel#topic Tempest/Scenario15:12
ykarelpagination api test random failures15:12
ykarelhttps://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_34a/periodic/opendev.org/openstack/neutron/master/neutron-ovs-tempest-plugin-iptables_hybrid-nftables/34a2463/testr_results.html15:12
ykarelhttps://bugs.launchpad.net/neutron/+bug/207632815:12
opendevreviewTerry Wilson proposed openstack/neutron unmaintained/yoga: ovn-metadata: Refactor events  https://review.opendev.org/c/openstack/neutron/+/92665515:14
opendevreviewTerry Wilson proposed openstack/neutron unmaintained/yoga: Handle creation of Port_Binding with chassis set  https://review.opendev.org/c/openstack/neutron/+/92665615:14
ykarelhttps://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92620115:14
ykarel#topic Periodic15:16
ykarelpost gres jobs with recent fixes now still randomly fails with15:16
ykarel AttributeError: 'NoneType' object has no attribute 'tags'15:16
ykarel- https://82f990e55ca70e41f871-36409e2f060733ae498eef8cd27f40f4.ssl.cf5.rackcdn.com/periodic/opendev.org/openstack/neutron/master/neutron-ovn-tempest-postgres-full/126119f/controller/logs/screen-q-svc.txt15:16
ykarel- https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_360/periodic/opendev.org/openstack/neutron/master/neutron-ovn-tempest-postgres-full/3602d9e/controller/logs/screen-q-svc.txt15:16
ykarel#action ralonsoh to check failures in postgres job15:18
ykarel#topic Grafana15:18
ykarelhttps://grafana.opendev.org/d/f913631585/neutron-failure-rate15:18
ykarel#topic On Demand15:19
opendevreviewTerry Wilson proposed openstack/neutron unmaintained/yoga: Handle creation of Port_Binding with chassis set  https://review.opendev.org/c/openstack/neutron/+/92665615:21
ykarelNeutron CI meeting time15:22
ralonsoh+1 thank you all15:22
ykarel#agreed to move CI meeting to Monday 2:00 UTC15:23
ykarel#endmeeting15:23
opendevmeetMeeting ended Tue Aug 20 15:23:24 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:23
opendevmeetMinutes:        https://meetings.opendev.org/meetings/neutron_ci/2024/neutron_ci.2024-08-20-15.03.html15:23
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/neutron_ci/2024/neutron_ci.2024-08-20-15.03.txt15:23
opendevmeetLog:            https://meetings.opendev.org/meetings/neutron_ci/2024/neutron_ci.2024-08-20-15.03.log.html15:23
otherwiseguy@haleyb: Just to prove that I promise I don't hate your customers. ;) https://review.opendev.org/c/openstack/neutron/+/92665615:25
otherwiseguyI did a previous version that also backported kuba's refactor, but then remembered that originally when I proposed the dowstream patch, his refactor hadn't merged. So this was just the /1 revision--so it *should* work.15:27
otherwiseguyAlso, we're making good progress on getting the 0.0.0.0/0 thing resolved with the OVN folks. It's looking like it'll be a backportable fix.15:27
otherwiseguySo just having code in neutron that uses your config option to toggle setting NAT.logical_ip=0.0.0.0/0 *hopefully* will work.15:28
ralonsohykarel, 1 min, if you have time15:34
ralonsohhttps://95a57cfa3d60c01252ee-a75a90e4f62f1557c9429d321082a0da.ssl.cf5.rackcdn.com/925205/12/check/neutron-tempest-plugin-openvswitch-iptables_hybrid-4/346848e/testr_results.html15:34
haleybotherwiseguy: hey, thanks! that was a much more compact patch than waht i had15:34
ralonsohthe command to remove the SG rule from the port is sent at 2024-08-20 13:00:59,04515:34
ralonsohthe OVS agent starts processing it 20 secs later15:34
otherwiseguyhaleyb: just took my brain a while to remember all of the details of putting the fix together. takes longer every day. ;)15:35
ralonsohAug 20 13:01:20.063875 np0038223743 neutron-openvswitch-agent[61344]: DEBUG neutron.agent.securitygroups_rpc [None req-65f7e1ba-e56f-4843-a499-232de9cbf47e tempest-StatefulNetworkSecGroupTest-48337440 tempest-StatefulNetworkSecGroupTest-48337440-project-member] Adding ['6589eb87-d607-41ec-9e54-8d8b906cfbc7'] devices to the list of devices for which firewall needs to be refreshed {{(pid=61344) _security_group_updated 15:35
ralonsoh/opt/stack/neutron/neutron/agent/securitygroups_rpc.py:227}}15:35
ralonsohthat is an unacceptable delay, to be honest15:35
haleybotherwiseguy: and regarding the snat thing, that's even better news, ihrachys did mention something about a possible revert, might mention to martin15:37
ykarelralonsoh, yes that's bad :(15:45
ralonsohykarel, because we can increase the testing timeout, I'15:46
ralonsohI'm going to document it and propose a patch15:46
ralonsoh(this american keyboard with the small enter is killing me)15:46
ykarelralonsoh, but do you get why it started happening now?15:46
ykarelspecific to this patch or something else?15:47
ralonsohnot really, but I'm not checking the Neutron API part, that is the only one affected by this patch15:47
ralonsohI'm now*15:47
ykarelalso there were couple of patches related to move to singlethread, those could be related?15:48
ykarelhmm but here in ovs agent log it doesn't look busy15:49
ralonsohI found that there is a hiccup in the n-api os 20 seconds15:50
ralonsohhttps://95a57cfa3d60c01252ee-a75a90e4f62f1557c9429d321082a0da.ssl.cf5.rackcdn.com/925205/12/check/neutron-tempest-plugin-openvswitch-iptables_hybrid-4/346848e/controller/logs/screen-neutron-api.txt15:50
ralonsohfrom Aug 20 13:00:59.30455115:50
ralonsohto Aug 20 13:01:19.69590 there is nothing15:50
ralonsohand this is just in the middle of the SG update15:50
opendevreviewMerged openstack/neutron-lib master: Fix python modules docs build  https://review.opendev.org/c/openstack/neutron-lib/+/92550316:11
opendevreviewMerged openstack/neutron-lib master: Add API extension ``tag-creation``  https://review.opendev.org/c/openstack/neutron-lib/+/92470016:19
haleybralonsoh: regarding that 20 seconds, does that dbcounter entry tell us anything? SELECT=2155, etc? that should have been just after though, so i'm confused16:25
opendevreviewMerged openstack/neutron master: Add tap_mirror to extension to OVN supported extensions  https://review.opendev.org/c/openstack/neutron/+/90584016:27
haleybralonsoh: there is also this entry in tempest_log.txt there around that time16:45
haleyb2024-08-20 13:01:09.313 87890 INFO neutron_tempest_plugin.scenario.test_security_groups [-] Wait for conntrack invalid rules to be deleted16:45
haleybbut i can't find any code that prints that in codesearch :-/16:45
opendevreviewBrian Haley proposed openstack/neutron unmaintained/yoga: Handle creation of Port_Binding with chassis set  https://review.opendev.org/c/openstack/neutron/+/92665618:09
opendevreviewBrian Haley proposed openstack/neutron unmaintained/zed: Handle creation of Port_Binding with chassis set  https://review.opendev.org/c/openstack/neutron/+/92666618:10
opendevreviewBrian Haley proposed openstack/neutron unmaintained/zed: Handle creation of Port_Binding with chassis set  https://review.opendev.org/c/openstack/neutron/+/92666618:13
otherwiseguy@haleyb: it does look like reverting https://github.com/ovn-org/ovn/commit/40136a2f seems to fix FIP to FIP traffic using logical_ip=0.0.0.0/0.18:36
otherwiseguyInterestingly, the pings seem broken in 22.04, work in 23.09, and are broken again in main. :p18:39
haleybotherwiseguy: thanks for the info, i'm going to ping martin now so he's aware, don't know if your plan is to revert or find a fix18:40
otherwiseguyhaleyb: I'm not sure yet what their plan is either. But if your customers are on 22.04 by chance (like my devstack install on jammy) then it might work w/o any changes.18:41
otherwiseguyer, nm18:42
otherwiseguyif they were on 23.09.18:42
otherwiseguyETOOMANYVERSIONS18:42
otherwiseguygetting ready to test to make sure that the nested pinging also works18:42
haleyblet me look, i know most are on 22.04.3 i believe18:43
otherwiseguyyeah, w/o the patch both fip2fip and nested outbound pinging (at least to the router ip 172.24.4.1 and fips) works.18:44
haleybotherwiseguy: i pinged him he'll try and reproduce, thanks for looking into it21:03
mlavallehaleyb: would you nudge https://review.opendev.org/c/openstack/neutron/+/922264 over the edge, please?21:32
haleybmlavalle: pushed21:34
mlavallehaleyb: :-)21:49
opendevreviewMiguel Lavalle proposed openstack/neutron-tempest-plugin master: Test metadata query over IPv6 only network with OVS and LB  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/92650322:18
opendevreviewMerged openstack/neutron master: Fix support of IPv6 only networks in OVN metadata agent  https://review.opendev.org/c/openstack/neutron/+/92226423:16
opendevreviewMiguel Lavalle proposed openstack/neutron master: User defined router flavor driver with no LSP  https://review.opendev.org/c/openstack/neutron/+/91780023:26
« Monday, 2024-08-19 Index Wednesday, 2024-08-21 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!