opendevreview | Brian Haley proposed openstack/neutron master: Allow service role more RBAC access for Octavia https://review.opendev.org/c/openstack/neutron/+/945329 | 00:47 |
---|---|---|
opendevreview | Brian Haley proposed openstack/neutron master: Allow service role more RBAC access for Octavia https://review.opendev.org/c/openstack/neutron/+/945329 | 00:48 |
cardoe | mlavalle: ah I see. sometimes when I restart neutron it's making the router on OVN during the startup of neutron. I'm guessing when its syncing the DB? | 01:24 |
opendevreview | Merged openstack/neutron stable/2024.2: Subnet filter by "router:external" needs to be changed to "external" https://review.opendev.org/c/openstack/neutron/+/948780 | 05:10 |
opendevreview | Merged openstack/neutron master: [ovn]Allow multiple IPv6 ports on router from same network https://review.opendev.org/c/openstack/neutron/+/936931 | 05:10 |
opendevreview | liuyulong proposed openstack/neutron master: Revert "Synchronize the network segment range initialization" https://review.opendev.org/c/openstack/neutron/+/947812 | 05:58 |
opendevreview | liuyulong proposed openstack/neutron master: Adds unique constraint for network segment ranges https://review.opendev.org/c/openstack/neutron/+/947898 | 05:58 |
ykarel | thx ralonsoh for reporting https://bugs.launchpad.net/bugs/2110004, i was about to report that | 06:01 |
ralonsoh | ykarel, yw! | 06:01 |
sahid | o/ | 07:27 |
tobias-urdin | can i get another +2 core review on https://review.opendev.org/c/openstack/neutron/+/945329 – thx! | 08:09 |
ralonsoh | let me check | 08:10 |
ralonsoh | slaweq, ^ can you review it a last time? This is RBAC related | 08:12 |
hamidlotfi__ | Hi there, | 08:28 |
hamidlotfi__ | I'm using Neutron FWaaS v2 with OpenStack 2024.1 deployed via kolla-ansible. In an environment with DVR enabled, firewall rules between subnets are not applied as expected. The same configuration works correctly in another setup where DVR is disabled. | 08:28 |
hamidlotfi__ | I have two subnets (10.10.10.0/24 and 20.20.20.0/24) connected via a router with DVR enabled, and I’m trying to isolate them using FWaaS v2 rules, but instances can still ping each other. | 08:28 |
hamidlotfi__ | In a separate environment without DVR, the same FWaaS v2 configuration works correctly and blocks the traffic as expected, Any suggestions? | 08:28 |
ralonsoh | hamidlotfi__, if I recall correctly, there is a bug about this | 08:37 |
ralonsoh | no, is about bgp | 08:37 |
ralonsoh | but I think it could be related | 08:38 |
ralonsoh | https://bugs.launchpad.net/neutron/+bug/2107634 | 08:38 |
opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: Tap Mirror API and scenario tests https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/886004 | 08:51 |
slaweq | ralonsoh tobias-urdin approved | 08:58 |
opendevreview | Lajos Katona proposed openstack/neutron-tempest-plugin master: Remove Bobcat 2023.2 jobs https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/948850 | 08:59 |
tobias-urdin | slaweq: ralonsoh thanks :) | 09:09 |
slaweq | tobias-urdin thank you for the patch :) | 09:22 |
hamidlotfi__ | ralonsoh: Thanks for your reply. I don't think it's related to BGP because I didn't enable BGP. | 10:10 |
ralonsoh | hamidlotfi__, no, but the issue with the DVR router could be | 10:12 |
ralonsoh | please check the bug | 10:12 |
opendevreview | liuyulong proposed openstack/neutron master: Partially revert "Synchronize the network segment range initialization" https://review.opendev.org/c/openstack/neutron/+/947812 | 10:12 |
opendevreview | liuyulong proposed openstack/neutron master: Adds unique constraint for network segment ranges https://review.opendev.org/c/openstack/neutron/+/947898 | 10:12 |
opendevreview | Merged openstack/neutron master: Update ``filter_existing_chassis`` signature and make it static https://review.opendev.org/c/openstack/neutron/+/947321 | 10:17 |
opendevreview | Merged openstack/neutron master: Allow service role more RBAC access for Octavia https://review.opendev.org/c/openstack/neutron/+/945329 | 11:21 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: Initialize the network segment ranges only in first WSGI worker https://review.opendev.org/c/openstack/neutron/+/948200 | 11:41 |
haleyb | #startmeeting networking | 13:00 |
opendevmeet | Meeting started Tue May 6 13:00:32 2025 UTC and is due to finish in 60 minutes. The chair is haleyb. Information about MeetBot at http://wiki.debian.org/MeetBot. | 13:00 |
opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 13:00 |
opendevmeet | The meeting name has been set to 'networking' | 13:00 |
haleyb | Ping list: bcafarel, elvira, frickler, mlavalle, mtomaska, obondarev, slaweq, tobias-urdin, ykarel, lajoskatona, jlibosva, averdagu, haleyb, ralonsoh | 13:00 |
mlavalle | \o | 13:00 |
lajoskatona | o/ | 13:00 |
mtomaska | o/ | 13:00 |
ralonsoh | hello | 13:00 |
obondarev | o/ | 13:00 |
haleyb | ok let's get started | 13:01 |
haleyb | #announcements | 13:01 |
slaweq | o/ | 13:01 |
haleyb | We are currently in Week R-21 of Flamingo | 13:01 |
cbuggy | o/ | 13:01 |
haleyb | Final 2025.2 Flamingo release: October 3rd, 2025 | 13:01 |
haleyb | #link https://releases.openstack.org/flamingo/schedule.html | 13:02 |
haleyb | Reminder: If you have a topic for the drivers meeting on Friday, please add it to the wiki @ https://wiki.openstack.org/wiki/Meetings/NeutronDrivers | 13:02 |
haleyb | that said, I am out this Friday and all next week | 13:02 |
rubasov | o/ | 13:03 |
haleyb | might be online randomly but at work meeting | 13:03 |
haleyb | if anyone is in Frankfurt i will buy the beers | 13:03 |
haleyb | so i am looking for someone to run this meeting next week, and the drivers if there is an agenda | 13:04 |
ralonsoh | I can do it | 13:04 |
haleyb | thanks ralonsoh! | 13:05 |
haleyb | i had no other announcements, anyone else have something? | 13:06 |
slaweq | I won't be able to attend drivers meeting this week probably | 13:06 |
ralonsoh | then we should cancel next drivers meeting | 13:07 |
opendevreview | Merged openstack/neutron stable/2025.1: [Stable Only][CI][fips jobs] Use stable constraints for tempest https://review.opendev.org/c/openstack/neutron/+/948796 | 13:07 |
haleyb | sure, will cancel this weeks meeting and cleanup the wiki | 13:07 |
haleyb | #topic bugs | 13:08 |
haleyb | otherwiseguy was marked as deputy but i never did track him down, but i was watching bugs and there were not many, will just go through the unowned ones | 13:09 |
haleyb | #link https://bugs.launchpad.net/neutron/+bug/2109865 | 13:10 |
haleyb | OVN 24.09.0: Router Ports Remain DOWN and Unclaimed in OpenStack (Kolla-Ansible) Deployment | 13:10 |
haleyb | this is most likely something in the config | 13:11 |
mtomaska | All router ports remain DOWN and are not reachable from DHCP namespaces. Are they using DHCP agent with ML2 OVN? | 13:11 |
haleyb | mtomaska: that's a good question, didn't connect the dots there | 13:12 |
haleyb | there should only be ovnmeta namespaces | 13:12 |
mtomaska | right, but maybe they need DHCP agent for baremetal? that is the only use case I know about dhcp agent + OVN | 13:13 |
mtomaska | anyway. Ill ask more Qs | 13:13 |
ralonsoh | I'm checking the CI and I don't think we are yet testing this OVN version | 13:13 |
ralonsoh | in noble, we use the package provided that is 24.03.x | 13:14 |
ralonsoh | and we use other (older) versions in Jammy before | 13:14 |
ralonsoh | but, and please correct me if I'm wrong, we are not yet testing this version in the CI | 13:14 |
ralonsoh | (that doesn't mean it should not work) | 13:14 |
lajoskatona | don't we have ovn and ovs main jobs? | 13:15 |
haleyb | right, it should work. i can ask if it is a ubuntu-provided OVN as well | 13:15 |
ralonsoh | lajoskatona, yeah... right | 13:16 |
ralonsoh | I'll ask in the bug for logs, in particular when the router and the interfaces are created | 13:16 |
haleyb | ralonsoh: ack, thanks | 13:16 |
haleyb | next one | 13:17 |
haleyb | #link https://bugs.launchpad.net/neutron/+bug/2109591 | 13:17 |
haleyb | master periodic job running with centos 9-stream broken with py39 constraint drop https://review.opendev.org/c/openstack/requirements/+/948285 | 13:17 |
haleyb | ykarel picked this up and just pushed a series | 13:17 |
mtomaska | yatin fixed it https://review.opendev.org/c/openstack/neutron/+/948796 | 13:18 |
haleyb | https://review.opendev.org/q/topic:%22bug/2109591%22 | 13:18 |
haleyb | ykarel: so does this mean we can run the centos9 fips job with py3.11 ? | 13:19 |
haleyb | oh maybe yatin is not here | 13:19 |
ykarel | haleyb, with those set of patches jobs are green, if those are expected we should be fine | 13:19 |
ykarel | s/expected/accepted | 13:19 |
haleyb | ykarel: ack, so then that will allow us to remove py39 from setup.cfg? | 13:20 |
ykarel | yes | 13:20 |
haleyb | ack, can do that when they all merge, thanks! | 13:21 |
haleyb | next one | 13:22 |
haleyb | there was another occurence of a possible OVS bug | 13:23 |
haleyb | #link https://bugs.launchpad.net/neutron/+bug/2109676 | 13:23 |
haleyb | which i marked as a duplicate of | 13:23 |
haleyb | #link https://bugs.launchpad.net/neutron/+bug/2103641 | 13:23 |
haleyb | a thread was started on ovs-discuss to try and figure this out | 13:24 |
haleyb | seemed to be a new occurence from the responses | 13:25 |
ralonsoh | I'm not sure about the scenario | 13:25 |
ralonsoh | Create 2 instances: one uses a VLAN IP, and the other uses Geneve(with floating IP), both same subnet | 13:25 |
ralonsoh | same subnet? these are 2 different networks (vlan, geneve) | 13:25 |
ralonsoh | I know you have closed the previous bug as duplicated, but maybe the reporter is not subscribed to the new one | 13:27 |
ralonsoh | I'll comment on the closed one | 13:27 |
slaweq | ralonsoh same subnet I guess means that it is same ip address range, like e.g 192.168.1.0/24 in both | 13:27 |
haleyb | it was more about getting vswitchd stuck in the ovs_rcu loop | 13:27 |
ralonsoh | slaweq, yes but then it is using iperf between both | 13:28 |
ralonsoh | and he mentions FIP, so I think there is a router in the middle | 13:28 |
slaweq | right | 13:28 |
ralonsoh | I'll try to reproduce this scenario | 13:29 |
slaweq | but router don't allow to connect overlapping subnets to it | 13:29 |
ralonsoh | that's the point | 13:29 |
slaweq | so there is something strange there IMHO | 13:29 |
ralonsoh | ahhh the FIP, I think the VLAN VM is in the external network | 13:30 |
ralonsoh | anyway, I'll try to reproduce it | 13:30 |
haleyb | ralonsoh: ack, thanks, i can point you at the thread on ovs-discuss if necessary, they had a suggestion if we can reproduce it, i just hadn't had time yet | 13:31 |
ralonsoh | haleyb, for sure, please, send the link | 13:31 |
ralonsoh | or maybe you can add it in the LP bug too | 13:31 |
haleyb | https://mail.openvswitch.org/pipermail/ovs-discuss/2025-April/053586.html | 13:32 |
haleyb | will add to LP too | 13:32 |
haleyb | i think that was all the new bugs, any others to discuss? | 13:34 |
haleyb | this week mtomaska is the deputy, next week is bcafarel - is that good for both? | 13:34 |
mtomaska | ACK | 13:35 |
haleyb | thanks | 13:35 |
haleyb | #topic community goals | 13:36 |
haleyb | lajoskatona: i noticed your neutronclient change for heat | 13:36 |
haleyb | was there one for nova as well? | 13:37 |
lajoskatona | yes, but n time since last tuesday | 13:37 |
lajoskatona | to check them | 13:37 |
lajoskatona | I even have to push this one : https://review.opendev.org/c/openstack/horizon/+/946269 with Horizon folks | 13:38 |
haleyb | ack, will take a look! | 13:38 |
lajoskatona | thanks | 13:39 |
haleyb | ralonsoh: did you want to give an update on eventlet patches? | 13:39 |
ralonsoh | no new reviews but this is the progress: | 13:39 |
ralonsoh | I was working on the metadata agent, to replace the socket server | 13:39 |
ralonsoh | and, finally, I realize what is happening | 13:40 |
bcafarel | haleyb: late ack, but good for next week! | 13:40 |
ralonsoh | the new socket server (same as in OVN metadata agent or OVN agent) has a blocking method | 13:40 |
haleyb | bcafarel: thanks! | 13:40 |
ralonsoh | that doesn't work with eventlet (you need to manually yield) | 13:41 |
ralonsoh | so we need to migrate all the agent in one shot to kernel threads | 13:41 |
ralonsoh | because is using oslo.service, I'll push a patch depending on the patch that is under review | 13:41 |
ralonsoh | that's all (not too much, but took me a lot of time) | 13:41 |
haleyb | thanks for tracking it down, was it causing random CI failures? | 13:42 |
ralonsoh | not this agent, that I'm aware | 13:43 |
ralonsoh | and all the progress I've done is local (in my computer) | 13:43 |
haleyb | ah ok | 13:43 |
haleyb | related to eventlet i saw the requirements bump of pyroute2 was reverted since it broke nova (or os-vif?) | 13:44 |
ralonsoh | os-vif, that is the library that uses it in nova-compute | 13:45 |
haleyb | so i think we have to wait | 13:45 |
ralonsoh | yes, Peter is working now with gibi, if I'm not wrong | 13:45 |
* gibi perks up | 13:46 | |
haleyb | ack, and i saw they are making progress on eventlet | 13:46 |
haleyb | gibi: we were just talking about having to revert pyroute2 bump since it broke nova/os-vif | 13:47 |
gibi | ahh yeah at least the maintainer created an issue on pyroute2 to make it work for us | 13:47 |
gibi | until that we pin the deps | 13:47 |
gibi | https://github.com/svinota/pyroute2/issues/1338 | 13:48 |
haleyb | oh, perfect, so we can eventually move to some 0.9-ish pyroute2, perfect | 13:48 |
haleyb | i'll watch the bug thanks for the link | 13:49 |
haleyb | #topic on-demand | 13:50 |
haleyb | anything else to discuss? | 13:51 |
ralonsoh | I have one topic | 13:51 |
haleyb | sure | 13:51 |
ralonsoh | https://bugs.launchpad.net/neutron/+bug/2106463 | 13:51 |
ralonsoh | this bug is legit | 13:51 |
ralonsoh | since we moved to WSGI, there is a problem with the network segment ranges initialization | 13:52 |
ralonsoh | so we can end with duplicated default registers | 13:52 |
ralonsoh | there are two approaches | 13:52 |
ralonsoh | Liu is pushing this: https://review.opendev.org/c/openstack/neutron/+/947898 | 13:52 |
ralonsoh | that implies to modify the physnet field | 13:52 |
ralonsoh | just to be clear: in the Neutron code, if physnet is None, we usually declare this a a tunnelled netwokr | 13:53 |
ralonsoh | also this change is not backportable | 13:53 |
ralonsoh | my change: https://review.opendev.org/c/openstack/neutron/+/948200 | 13:53 |
ralonsoh | is backportable, doesn't need the revert of the code, is WSGI friendly (it moves the initialization to worker=1) and wraps the initialization code inside a DB context | 13:54 |
ralonsoh | if two servers are starting at the same time, this will be DB safe | 13:54 |
ralonsoh | that's all, is up to you to decide what implementation is better | 13:55 |
haleyb | i remember reviewing this last night but seems you've updated, i think it looks good | 13:56 |
ralonsoh | yes, to add the initialization wrap | 13:56 |
ralonsoh | so all DB calls will be pushed in the same txn | 13:56 |
mlavalle | I'll review both. I also think it would be a good idea to give him some time to respond to your latest explanation in response to his comment | 13:56 |
ralonsoh | for sure, this is why I raise this topic | 13:57 |
ralonsoh | raised* | 13:57 |
mlavalle | +1 | 13:57 |
haleyb | mlavalle: sure, i will look but only +1 until liu has commented | 13:57 |
mlavalle | yeap, let's try to get to a consesnsus | 13:57 |
haleyb | alright, we are near top of hour, any other topics? | 13:58 |
haleyb | ok, good luck next week, reach out via email if there is a fire while i'm away | 13:59 |
haleyb | #endmeeting | 13:59 |
opendevmeet | Meeting ended Tue May 6 13:59:50 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 13:59 |
opendevmeet | Minutes: https://meetings.opendev.org/meetings/networking/2025/networking.2025-05-06-13.00.html | 13:59 |
opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/networking/2025/networking.2025-05-06-13.00.txt | 13:59 |
opendevmeet | Log: https://meetings.opendev.org/meetings/networking/2025/networking.2025-05-06-13.00.log.html | 13:59 |
mlavalle | \o | 13:59 |
mtomaska | o/ | 13:59 |
ralonsoh | bye | 13:59 |
lajoskatona | Bye, have a good travel :-) | 14:00 |
haleyb | thanks, i'll fix all the bugs i can by friday :) | 14:00 |
opendevreview | Merged openstack/neutron master: [OVN] Method to retrieve the LRP chassis list https://review.opendev.org/c/openstack/neutron/+/947783 | 14:03 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN] Change the OVN QoS rule priority for floating IPs https://review.opendev.org/c/openstack/neutron/+/948894 | 14:42 |
opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN] Change the OVN QoS rule priority for floating IPs https://review.opendev.org/c/openstack/neutron/+/948894 | 15:06 |
opendevreview | Lajos Katona proposed openstack/neutron-vpnaas master: [S-RBAC] New default API policies for neutron-vpnaas https://review.opendev.org/c/openstack/neutron-vpnaas/+/948914 | 16:18 |
opendevreview | sean mooney proposed openstack/os-vif master: add pyproject.toml to support pip 23.1 https://review.opendev.org/c/openstack/os-vif/+/899946 | 16:27 |
stephenfin | lajoskatona: ralonsoh: Would you be able to take over https://review.opendev.org/c/openstack/devstack/+/932203 and the patch below? You are of course free to abandon in favour of your own patches if needed | 16:33 |
opendevreview | Rico Lin proposed openstack/neutron master: Fix ovn db sync with log resources https://review.opendev.org/c/openstack/neutron/+/948053 | 16:48 |
opendevreview | Rico Lin proposed openstack/neutron master: Update instead of recreate acl in ovn sync https://review.opendev.org/c/openstack/neutron/+/948215 | 16:48 |
cardoe | mlavalle: I created https://bugs.launchpad.net/neutron/+bug/2110060 for the issue I saw | 16:57 |
opendevreview | Merged openstack/neutron stable/2024.1: [Stable Only][CI][fips jobs] Use stable constraints for tempest https://review.opendev.org/c/openstack/neutron/+/948807 | 17:09 |
noonedeadpunk | hey there! I'm very sorry, but is there any chance to merge this bugfix? https://review.opendev.org/c/openstack/neutron/+/931495 | 17:56 |
noonedeadpunk | as it's already half a year since last negative comment on it | 17:57 |
mlavalle | cardoe: thank you. Yesterday, when I saw your comment, I suspected that if we indeed had an issue, it would have to do with a maintenance task or restart | 18:02 |
mlavalle | cardoe: I'll take a look at the LP bug | 18:02 |
cardoe | I'm running 2024.2 fwiw. | 18:03 |
mlavalle | cardoe: ack | 18:03 |
opendevreview | Merged openstack/os-vif master: add pyproject.toml to support pip 23.1 https://review.opendev.org/c/openstack/os-vif/+/899946 | 20:48 |
opendevreview | Maor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Actively check type instead of `WB_CONF.openstack_type` https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/947957 | 21:17 |
opendevreview | Maor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/948953 | 21:17 |
opendevreview | sean mooney proposed openstack/neutron master: add pyproject.toml to support pip 23.1 https://review.opendev.org/c/openstack/neutron/+/899956 | 23:07 |
opendevreview | sean mooney proposed openstack/neutron master: add pyproject.toml to support pip 23.1 https://review.opendev.org/c/openstack/neutron/+/899956 | 23:16 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!