Wednesday, 2025-05-07

opendevreviewliuyulong proposed openstack/neutron master: Adds unique constraint for network segment ranges  https://review.opendev.org/c/openstack/neutron/+/94789803:12
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Change the OVN QoS rule priority for floating IPs  https://review.opendev.org/c/openstack/neutron/+/94889405:49
hamidlotfi__ralonsoh: I read all these conversations line by line07:55
hamidlotfi__https://bugs.launchpad.net/neutron/+bug/210763407:55
hamidlotfi__But it didn't help me. Maybe I didn't understand the point you're interested in.07:55
ralonsohhamidlotfi__, the traffic in the DVR routers, the iptables rules in the namespace can forward the traffic directly07:58
ralonsohhttps://review.opendev.org/c/openstack/neutron/+/35506207:58
ralonsohthus I don't know if the FWaaS rule can be enforced there07:59
ralonsohbut I don't actually know well how fwaas works with ml2/ovs07:59
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895308:49
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895308:57
opendevreviewJimin Shin proposed openstack/neutron master: Extend port resource request only when using qos minimum rules  https://review.opendev.org/c/openstack/neutron/+/94475609:21
opendevreviewJimin Shin proposed openstack/neutron master: Add mock for count method  https://review.opendev.org/c/openstack/neutron/+/94754709:21
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895309:47
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895310:38
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895310:40
sean-k-mooneyralonsoh: as far as im aware firewall as a service implemente all the role in the neutron router namespace so you would jsut have to make sure its enabeld in the l3 agent on the compute for dvr to function i think. i think its just an exteion to the l3 agent but maybe they have there own. if its the latter case you owuld need ot install that agent on each compute node but i10:58
sean-k-mooneydont belive that is the case10:58
sean-k-mooneyit should be noted that firewall ass a service only providees firewallign across l3 networks i.e. it never provided facilaites for firewalling within an l2 broadcast domain. that what security groups are for, endpoint level enforcemnet. firwall as a service is for network level enforcement between diffent subnets11:01
sean-k-mooneyralonsoh: i do no see FWaaS mentioned in https://bugs.launchpad.net/neutron/+bug/210763411:02
sean-k-mooneyralonsoh: for what it wornt i dont think its a vlaid bug to say there shoudl be no routablit between tenant netowrks in this case11:03
ralonsohsean-k-mooney, the issue reported in ^ this bug mentions the problem of having two different network ports, not in the same L2 domain11:03
ralonsohI don't know exactly where the fwaas process the rules when using ml2/ovs (and l3 agent)11:04
sean-k-mooneyright but if your using networking bgp11:04
sean-k-mooneyand adress pools to provide subnets to the tenatn networks11:04
ralonsohthis is not relevant in the bug11:04
sean-k-mooneyits expected to have routeablity betwen the tenant networks11:04
ralonsohyes, and this is where the fwaas should apply the rules11:05
sean-k-mooneythat is where it could11:05
ralonsohthus I don't know if this "fast exit" code implementation is interfering the fwaas rules11:05
sean-k-mooneyit should only apply the rule if an admin configured it to do so11:05
sean-k-mooneyneutron-bgp-dragent is ment to make the tenant network automaticlaly routable to everyone11:06
sean-k-mooneytenatn networkin in general in neutron are inteneded to be routabel if you confiure the routing in the data center router to do that11:07
sean-k-mooneyso blockign that routing would be a backward incompatble change so not something that shoudl be done by default11:07
ralonsohno, I'm not suggesting to block that routing11:08
ralonsohactually what was proposed was to have a config option to make this "fast exit" code selectable or not11:09
sean-k-mooneyhum ok there are some iterpo issues with taht but i guess that not terribel11:09
sean-k-mooneyit might be better ot ahve an atrtibute on the subnet to contol if it shoudl be annoched11:10
sean-k-mooneyand a default in the config11:10
sean-k-mooneyat least that way you coudl discover form the api if the tenant subnet is exported via bgp and shoudl be routable11:11
sean-k-mooneyralonsoh: anyway i just popped by to let you know that i rebased https://review.opendev.org/c/openstack/neutron/+/899956 and adressed haleyb's requst to bump pbr verion in requiremetns.txt11:13
sean-k-mooneyi didnt see a patch up to add pyproject.toml for neutron other then my old one11:13
ralonsohsean-k-mooney, no, we didn't push this patch before11:14
sean-k-mooneyneutron seams to have doged the breakage in devstack becasue ye are already using the seperate module due to the eventlet removal work11:14
ralonsohsean-k-mooney, we had last week a problem with designate11:15
ralonsohsean-k-mooney, and checking that, I don't know why Neutron is not failing right now11:15
sean-k-mooneyya the patch that was merged was not correct IMO11:15
sean-k-mooneysince it droped supprot for wsgi_script wihtout deprecation11:16
ralonsohsean-k-mooney, but that was the patch modifying the wsgi module (instead of creating the script)11:16
ralonsohyes, we have this11:16
sean-k-mooneyright but they are not mutally exclisive11:16
ralonsohright11:16
sean-k-mooneythe the scrips still get generated work if you use setup.py installl or use an older setuptools11:17
ralonsohbut we are using setuptools 80 now11:17
sean-k-mooneythey were not generated in devstack because without the pyproject.toml pbr was not enabled11:17
sean-k-mooneyand devstack uses -e11:17
sean-k-mooneyralonsoh: the reason the current approch was problematic is many of the isntallers still rely on the wsgi script11:18
ralonsohyes but if we no longer need the script in Neutron, why the toml file is needed?11:19
ralonsohthis is what I don't 100% understand11:19
sean-k-mooneywithout it pbr is not being used11:19
sean-k-mooneyso the other thing pbr does for you is not being used right now becaue pip is provideing its own that uses setuptools withou calling our setup.py11:20
ralonsohright, it no longer calls setup.py11:20
sean-k-mooneyright but pbr does much more then just generate the wsgi_scripts11:21
sean-k-mooneyit provideing automatic versioning of the package https://docs.openstack.org/pbr/latest/user/features.html#version it autogeeration several files https://docs.openstack.org/pbr/latest/user/features.html#automatic-file-generation11:22
sean-k-mooneyeventully as a comunity we may want to move away form having to maintain pbr. setuptools_scm  (an updatrem extention ot setup tools) can do some of this for us now but not all of it11:27
ralonsohI've approved the patch. I'll ping haleyb, lajoskatona and slaweq to check it too11:27
ralonsohok, I think ykarel +W it!11:28
sean-k-mooneyack thanks there are simliar patches up for other neuton* project but most of them are old 11:28
sean-k-mooneyhttps://review.opendev.org/q/topic:%22pip-23.1-support%2211:28
sean-k-mooneyralonsoh: my emails say yes :)11:29
ralonsohI'll rebase the n-lib one11:29
opendevreviewsean mooney proposed openstack/neutron-lib master: add pyproject.toml to support pip 23.1  https://review.opendev.org/c/openstack/neutron-lib/+/89995711:29
sean-k-mooneyyou jmight want to update the version like i did too11:29
opendevreviewLajos Katona proposed openstack/networking-bgpvpn master: Add pyproject.toml to support pip 23.1  https://review.opendev.org/c/openstack/networking-bgpvpn/+/90028711:29
sean-k-mooneyit shoud use pbr 6.0.0 and wheel is not required11:29
sean-k-mooneyi shoudl really update the verion in my example repo to refact that11:30
sean-k-mooneyi have an etherpad and script for generating the minimal patch https://etherpad.opendev.org/p/pep-517-and-pip-2311:30
opendevreviewMerged openstack/ovn-bgp-agent master: Fix arp_proxy LSP option formatting  https://review.opendev.org/c/openstack/ovn-bgp-agent/+/94583812:01
ralonsohdo we have issues with focal?12:54
ralonsohhttps://2ce6b0a7d5e9590d3719-61a5ffddd2974bf904ab38b965509754.ssl.cf5.rackcdn.com/openstack/cccb3fb712b540699abd6c3c9f0d543c/job-output.txt12:54
ralonsohE: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/focal-updates/main/binary-amd64/Packages.xz  File has unexpected size (3924420 != 3924360). Mirror sync in progress? [IP: 91.189.91.82 80]12:55
ralonsohI'll ask in infra12:55
opendevreviewMaor Blaustein proposed x/whitebox-neutron-tempest-plugin master: Add WSGI check for devstack  https://review.opendev.org/c/x/whitebox-neutron-tempest-plugin/+/94895312:56
opendevreviewElod Illes proposed openstack/networking-bagpipe stable/2024.2: [CI][stable-only] Fix py311 periodic stable job for 2024.2  https://review.opendev.org/c/openstack/networking-bagpipe/+/94903012:59
opendevreviewMerged openstack/neutron master: add pyproject.toml to support pip 23.1  https://review.opendev.org/c/openstack/neutron/+/89995613:10
cardoesean-k-mooney: I think I did the needful for all of ironic but lemme know if its wrong13:16
sean-k-mooneycardoe: i belive ironic is already covered13:28
opendevreviewPierre Riteau proposed openstack/ovn-octavia-provider master: Respect passed arguments for Neutron client connection  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/92589313:54
opendevreviewPierre Riteau proposed openstack/ovn-octavia-provider master: Respect passed arguments for Neutron client connection  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/92589314:56
*** ralonsoh is now known as ralonsoh_out15:15
opendevreviewLajos Katona proposed openstack/neutron-vpnaas master: [S-RBAC] New default API policies for neutron-vpnaas  https://review.opendev.org/c/openstack/neutron-vpnaas/+/94891416:04
opendevreviewLajos Katona proposed openstack/neutron-vpnaas master: [S-RBAC] New default API policies for neutron-vpnaas  https://review.opendev.org/c/openstack/neutron-vpnaas/+/94891416:14
opendevreviewMerged openstack/networking-bgpvpn master: Add pyproject.toml to support pip 23.1  https://review.opendev.org/c/openstack/networking-bgpvpn/+/90028719:43

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!