opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 05:52 |
---|---|---|
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 05:53 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: ``_make_security_group_rule_dict`` only accepts SG rule OVO https://review.opendev.org/c/openstack/neutron/+/932162 | 05:56 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 06:00 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 06:10 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: DNM - "security_group_rules" is not a SG selectable field https://review.opendev.org/c/openstack/neutron/+/932163 | 06:10 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Replace ``greenthread.sleep`` with ``time.sleep`` https://review.opendev.org/c/openstack/neutron/+/931251 | 08:17 |
opendevreview | liuyulong proposed openstack/neutron master: Add basical functionalities for metadata path extension https://review.opendev.org/c/openstack/neutron/+/881535 | 08:44 |
opendevreview | liuyulong proposed openstack/neutron master: Add metadata path extension openflows https://review.opendev.org/c/openstack/neutron/+/888097 | 08:44 |
opendevreview | liuyulong proposed openstack/neutron master: Fullstack case for metadata path https://review.opendev.org/c/openstack/neutron/+/888098 | 08:44 |
opendevreview | liuyulong proposed openstack/neutron master: Add devstack plugin to enable ovs metadata_path https://review.opendev.org/c/openstack/neutron/+/928586 | 08:44 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add Health monitor sync logic https://review.opendev.org/c/openstack/ovn-octavia-provider/+/931288 | 08:46 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add sync floating IP support https://review.opendev.org/c/openstack/ovn-octavia-provider/+/929039 | 09:44 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 10:00 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: DNM - "security_group_rules" is not a SG selectable field https://review.opendev.org/c/openstack/neutron/+/932163 | 10:00 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add sync floating IP support https://review.opendev.org/c/openstack/ovn-octavia-provider/+/929039 | 12:01 |
opendevreview | Merged openstack/neutron master: Do not dispose local_vlan_hints https://review.opendev.org/c/openstack/neutron/+/880334 | 12:35 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add Health monitor sync logic https://review.opendev.org/c/openstack/ovn-octavia-provider/+/931288 | 12:40 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add sync floating IP support https://review.opendev.org/c/openstack/ovn-octavia-provider/+/929039 | 12:40 |
ralonsoh | haleyb_, hello! Give me today to add the eventlet stuff into the etherpad of the PTG | 12:45 |
*** ykarel_ is now known as ykarel | 13:04 | |
*** haleyb_ is now known as haleyb | 13:07 | |
haleyb | ralonsoh: sure, i need to add things myself too | 13:08 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add Health monitor sync logic https://review.opendev.org/c/openstack/ovn-octavia-provider/+/931288 | 13:13 |
opendevreview | Fernando Royo proposed openstack/ovn-octavia-provider master: Add sync floating IP support https://review.opendev.org/c/openstack/ovn-octavia-provider/+/929039 | 13:13 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Optimize the SG rule retrieval https://review.opendev.org/c/openstack/neutron/+/932041 | 13:35 |
haleyb | #startmeeting neutron_drivers | 14:00 |
opendevmeet | Meeting started Fri Oct 11 14:00:47 2024 UTC and is due to finish in 60 minutes. The chair is haleyb. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
opendevmeet | The meeting name has been set to 'neutron_drivers' | 14:00 |
haleyb | Ping list: ykarel, mlavalle, mtomaska, slaweq, obondarev, tobias-urdin, lajoskatona, amotoki, haleyb, ralonsoh | 14:00 |
mlavalle | \o | 14:00 |
lajoskatona | o/ | 14:01 |
slaweq | o/ | 14:01 |
haleyb | vprokofev: glad to see you could make it (again) | 14:02 |
haleyb | we can wait a minute for ralonsoh as he had added something as well | 14:02 |
vprokofev | Thanks. Though I have a feeling this is not happening (again). | 14:02 |
cbuggy | o/ | 14:03 |
ralonsoh | hi | 14:04 |
ralonsoh | sorry, I was in a call | 14:04 |
haleyb | ralonsoh: hi, so that makes 5 drivers, we can get started | 14:05 |
haleyb | first topic is from vprokofev | 14:05 |
haleyb | #link https://bugs.launchpad.net/neutron/+bug/2083214 | 14:05 |
haleyb | [RFE] control random-fully behavior on a per-FIP base | 14:05 |
vprokofev | i don't know if i need to say something so just ask if you have any questions | 14:06 |
haleyb | For some background, there was a bug related to this and we fixed it by adding a config option to control SNAT | 14:06 |
haleyb | #link https://review.opendev.org/c/openstack/neutron/+/854041 | 14:07 |
vprokofev | yes, but as i mentioned before - it's global | 14:07 |
haleyb | vprokofev: sorry, i was slow, but if you want to explain the rfe a little that would be good | 14:07 |
vprokofev | you enable/disable it for the whole cloud | 14:07 |
lajoskatona | As I see this proposal is a good extension of the above cfg option (from https://review.opendev.org/c/openstack/neutron/+/854041 ) | 14:07 |
vprokofev | this comes from a real use-case in a cloud i operate | 14:08 |
vprokofev | we have some customers who use overlay networks which use udp hole punching | 14:08 |
vprokofev | random-fully breaks it for them | 14:08 |
vprokofev | so we want to disable it for some specific IPs | 14:08 |
vprokofev | i pretty much wrote implementation of it already | 14:09 |
vprokofev | and din't want to carry private patch around | 14:09 |
vprokofev | also others can benefit from it | 14:09 |
lajoskatona | +1, thanks for proposing it here | 14:09 |
mlavalle | besides testing it in devstack, have you deployed it in production? | 14:09 |
vprokofev | not yet, it's pending change request approval. internal procedures, you know | 14:10 |
haleyb | what does OVN do in this case? is there any changes needed there? | 14:10 |
vprokofev | not that i'm aware of since we're using OVS | 14:11 |
ralonsoh | if we implement this API for FIP, that will have partial support | 14:11 |
mlavalle | I think it is ML2/OVS only | 14:11 |
slaweq | so does it mean that with your proposal config option which we have now for this will be not needed anymore? | 14:11 |
vprokofev | no, config option can still be used. my idea was to set default value to None so behavior is inherited from config option | 14:12 |
haleyb | mlavalle: right, i just didn't want to create another gap if OVN has some similar type option (i just don't know) | 14:12 |
ralonsoh | no no, if this is a new API for floating IPs, then we should not use a config option | 14:13 |
ralonsoh | we usually don't support API config driven options | 14:13 |
haleyb | ralonsoh: there is already a config option | 14:13 |
ralonsoh | I know | 14:13 |
slaweq | but do we really need that option? I would rather deprecate and remove it, and for the API change, choose some default value which could be then overwritten for each FIP | 14:13 |
ralonsoh | but this change wants to control each FIP individually | 14:13 |
ralonsoh | so that means a new API for FIPs | 14:13 |
ralonsoh | we can provide a default value=False, as is now | 14:14 |
slaweq | or maybe it could be done for router instead of the FIP and then all FIPs using this router would have it enabled or disabled | 14:14 |
lajoskatona | +1 and remove the cfg option | 14:14 |
lajoskatona | I mean +1 for API default=False, and remove cfg option | 14:14 |
vprokofev | the way i implemented it doesn't break existing setups in any way. it does complicates things a bit since it requires a new validator of type "boolean_or_none" which did not exist before. removing config option means there's no need for a new validator | 14:15 |
slaweq | it could be even added to both: router and fip resources and inherited by fips if not set for them directly, like we have for QoS policies for ports and networks | 14:15 |
mlavalle | +1 | 14:15 |
vprokofev | i did not consider enabling it on a per-router base since we needed some IPs in a project to use random-fully and some don't | 14:15 |
haleyb | use_random_fully defaults to True today | 14:15 |
lajoskatona | is this cfg option considered by OVN routers/FIPs? | 14:16 |
lajoskatona | or is this something that works only with iptables based implementation? | 14:17 |
haleyb | no only the iptables code currently | 14:17 |
ralonsoh | that doesn't apply to OVN, we don't have this in OVN | 14:17 |
lajoskatona | ack | 14:17 |
haleyb | ralonsoh: do we need to worry about OVN? is there even support for such a thing in core OVN? | 14:18 |
ralonsoh | I have no idea, to be honest | 14:18 |
ralonsoh | I would need to check it | 14:18 |
haleyb | ok, i didn't either | 14:18 |
haleyb | when vprokofev updates his could to OVN and things don't work the same he might be back here :) | 14:19 |
haleyb | s/could/cloud | 14:19 |
ralonsoh | first thing: document the parity gap with L3 agent | 14:19 |
haleyb | it's just something we need to document for now as you said | 14:19 |
ralonsoh | but let's focus on the L3 agent, not in OVN | 14:19 |
lajoskatona | +1 | 14:22 |
haleyb | so do we need to discuss the point slaweq made about applying this to routers and fips? | 14:22 |
ralonsoh | maybe for now we can focus the goal to FIPs | 14:23 |
ralonsoh | we can extend that to routers in a follow-up implementation | 14:23 |
slaweq | ++ | 14:23 |
mlavalle | +1 | 14:23 |
haleyb | ok, so let's vote on this how it is described - applying to FIPs | 14:23 |
haleyb | +1 from me as well | 14:23 |
mlavalle | +1 | 14:23 |
ralonsoh | +1 to this RFE, I would like to see a spec | 14:24 |
slaweq | +1 | 14:24 |
lajoskatona | +1 | 14:24 |
haleyb | ok, great, we have consensus | 14:24 |
haleyb | vprokofev: can you write-ip a spec on this? there is a neutron-specs repo | 14:25 |
haleyb | i need to double-check it has an epoxy subdir | 14:25 |
vprokofev | sure. never wriote one before, so it may require some proof-reading | 14:26 |
mlavalle | we will provide plenty of help with that | 14:26 |
ralonsoh | some examples https://review.opendev.org/q/project:openstack/neutron-specs | 14:26 |
ralonsoh | but you can ping us here | 14:27 |
vprokofev | thank, i'll write up one next week then | 14:27 |
haleyb | great, thanks, i'll create a 2025.1 folder | 14:28 |
mlavalle | thanks for your proposal! | 14:28 |
haleyb | ralonsoh: you had the next item on the agenda | 14:28 |
ralonsoh | #link https://bugs.launchpad.net/neutron/+bug/2083527 | 14:29 |
ralonsoh | the first topic: To be able to nest two external networks, as explained in the LP bug | 14:30 |
noonedeadpunk | o/ | 14:30 |
ralonsoh | this is something we don't test right now and I don't know if that is supported | 14:30 |
ralonsoh | this is: a network connected to a router, this router to a GW network, this network to a router and another GW network | 14:30 |
noonedeadpunk | so frankly - I haven't tested access to A-net from public (real external one) | 14:30 |
ralonsoh | this is a bit different to the nested routing scenario | 14:31 |
opendevreview | Takashi Kajinami proposed openstack/neutron master: Replace deprecated is_advsvc https://review.opendev.org/c/openstack/neutron/+/931574 | 14:31 |
noonedeadpunk | but the problem is that FIP did not work at all between middle and lower network | 14:31 |
noonedeadpunk | (while I'd expect it to) | 14:31 |
ralonsoh | because we expect a FIP to have communication thought a GW IP, outside OpenStack | 14:32 |
ralonsoh | but you are redirecting this traffic to another router | 14:32 |
haleyb | noonedeadpunk: stupid question, but had you tried with Ales' latest patch? it just merged to OVN last week | 14:33 |
noonedeadpunk | um, not really. so step 11 and 12 explain from where what I test | 14:33 |
noonedeadpunk | to OVN-OVN? | 14:33 |
noonedeadpunk | I did not build OVN from sources, no | 14:34 |
noonedeadpunk | and also https://review.opendev.org/c/openstack/neutron/+/931495 covers the usecase described | 14:34 |
haleyb | i just know there was an edge case with FIPs that the patch fixed i believe, so we don't chase our tails | 14:34 |
haleyb | but it's maybe orthagonal to your ask in the bug | 14:35 |
ralonsoh | about this patch, that is related to the second topic: this is fixing the scenario implemented in https://review.opendev.org/c/openstack/neutron/+/909194. I never tested it with FIPs, only SNAT | 14:37 |
ralonsoh | so I'm going to open a bug for this a link this patch too | 14:37 |
ralonsoh | (this case is for one router only, connected to a tunnelled GW network) | 14:37 |
haleyb | i had tried the "nested" patch with FIP to FIP, but with the core OVN patch as well, which seemed to work, without i don't think it did | 14:38 |
haleyb | and snat to FIP | 14:38 |
noonedeadpunk | > "so step 11 and 12 explain from where what I test" - So eventually what I'm testing is a VM on "fake-external" geneve network trying to access a "layered" VM on geneve through FIP | 14:38 |
noonedeadpunk | so I'm not passing down 2 routers | 14:38 |
noonedeadpunk | and as router is binded to chassiss... And FIP NAT still to the router external port - things do not work | 14:40 |
ralonsoh | yes, this is why this bug should change the scope and the description | 14:40 |
noonedeadpunk | haleyb: it's good to know that OVN patch did cover that :) | 14:41 |
ralonsoh | I think there is too much noise in the testing procedure | 14:41 |
ralonsoh | if that is going to be tested with traffic through on router | 14:41 |
noonedeadpunk | Well, I first described what I feel is off, and only then realized what actually is wrong | 14:41 |
noonedeadpunk | so description is indeed generic | 14:42 |
ralonsoh | ok, so in shake of documentation for next developers, I would change the description and I would keep apart the nested routing | 14:42 |
ralonsoh | this is a red herring there | 14:42 |
noonedeadpunk | ok, yeah, will edit it | 14:43 |
* noonedeadpunk still needs to invest in unit/functional test coverage | 14:43 | |
ralonsoh | thanks a lot, I'll review the patch on monday, I think it makes sense and this is indeed a bug | 14:43 |
ralonsoh | (nothing else from me, thanks!) | 14:43 |
lajoskatona | this patch: https://review.opendev.org/c/openstack/neutron/+/931495 ? | 14:44 |
ralonsoh | yes | 14:44 |
haleyb | so more a bug than rfe | 14:44 |
ralonsoh | yes | 14:44 |
noonedeadpunk | but if you see something obviously wrong with the approach - please comment | 14:45 |
ralonsoh | sure, in the reviews | 14:46 |
noonedeadpunk | As I personally don't very much like string comparison of True... | 14:46 |
noonedeadpunk | but I saw that being used elsewhere in code... | 14:46 |
haleyb | ok. did we have any other rfes/bugs to discuss? | 14:46 |
ralonsoh | no thanks | 14:46 |
haleyb | if not i'll close this as i have a conflict i'm late for | 14:46 |
noonedeadpunk | thanks folks | 14:47 |
haleyb | thanks for attending everyone and have a good weekend | 14:47 |
haleyb | #endmeeting | 14:47 |
opendevmeet | Meeting ended Fri Oct 11 14:47:18 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:47 |
opendevmeet | Minutes: https://meetings.opendev.org/meetings/neutron_drivers/2024/neutron_drivers.2024-10-11-14.00.html | 14:47 |
opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2024/neutron_drivers.2024-10-11-14.00.txt | 14:47 |
opendevmeet | Log: https://meetings.opendev.org/meetings/neutron_drivers/2024/neutron_drivers.2024-10-11-14.00.log.html | 14:47 |
mlavalle | \o | 14:47 |
ralonsoh | bye, have a nice weekend | 14:47 |
lajoskatona | o/ | 14:47 |
slaweq | o/ | 14:47 |
vprokofev | thank you for your time! | 14:47 |
slaweq | have a great weekend all!!! | 14:47 |
ralonsoh | folks, if you have some minutes: https://review.opendev.org/c/openstack/neutron/+/932041 (the failing tests are now passing) | 14:50 |
ralonsoh | if merged, I'll backport it | 14:50 |
opendevreview | Slawek Kaplonski proposed openstack/neutron master: Use 'port-trusted-vif' api extension definition from neutron-lib https://review.opendev.org/c/openstack/neutron/+/932181 | 14:51 |
opendevreview | Brian Haley proposed openstack/neutron-specs master: Spec folder for 2025.1 cycle https://review.opendev.org/c/openstack/neutron-specs/+/932182 | 14:51 |
opendevreview | Merged openstack/neutron-specs master: Spec folder for 2025.1 cycle https://review.opendev.org/c/openstack/neutron-specs/+/932182 | 15:04 |
opendevreview | Takashi Kajinami proposed openstack/python-neutronclient master: Drop unused tempest from test requirements https://review.opendev.org/c/openstack/python-neutronclient/+/932187 | 15:06 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: "security_group_rules" is not a SG selectable field https://review.opendev.org/c/openstack/neutron/+/932163 | 15:12 |
opendevreview | Rodolfo Alonso proposed openstack/neutron-tempest-plugin master: [WSGI] Move all OVN jobs to use WSGI API module https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/930743 | 15:14 |
opendevreview | Stephen Finucane proposed openstack/neutron master: zuul: Explicitly set NEUTRON_DEPLOY_MOD_WSGI https://review.opendev.org/c/openstack/neutron/+/932189 | 15:14 |
ralonsoh | haleyb, https://etherpad.opendev.org/p/oct2024-ptg-neutron. I've added the documentation for the eventlet deprecation | 15:26 |
ralonsoh | I'll also send an update in the mail chain stated by Herve | 15:26 |
ralonsoh | (but later, I need to leave now) | 15:26 |
haleyb | ralonsoh: ack, thanks | 15:29 |
opendevreview | Merged openstack/neutron master: Remove the sleep calls in the ``create_or_update_agent`` method https://review.opendev.org/c/openstack/neutron/+/931249 | 17:27 |
*** haleyb is now known as haleyb|out | 19:13 | |
opendevreview | Merged openstack/neutron master: Add special treatment for 'any' in SG rule API https://review.opendev.org/c/openstack/neutron/+/926498 | 23:06 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!