Tuesday, 2018-03-20

« Monday, 2018-03-19 Index Wednesday, 2018-03-21 »
*** yamamoto has quit IRC00:26
*** yamamoto has joined #openstack-vpnaas00:28
*** yamamoto has quit IRC00:28
*** yamamoto has joined #openstack-vpnaas01:07
*** huntxu has joined #openstack-vpnaas01:10
*** yamamoto has quit IRC01:27
*** hoangcx has joined #openstack-vpnaas02:31
*** ChanServ sets mode: +o hoangcx02:31
*** hoangcx has quit IRC02:55
*** hoangcx has joined #openstack-vpnaas03:00
*** ChanServ sets mode: +o hoangcx03:00
hoangcxhuntxu: Sorry for not response to your last issue because i was stuck with dual env (centOS and ubuntu)03:03
hoangcxhuntxu: I didn't aware of it until now by checking log (to make sure whether you send me some update)03:03
hoangcxhuntxu: turn back to your issue, let me build and try a gain to make sure the thing03:04
huntxuhoangcx: np, I submitted a new version yesterday, should deal with the exit code 5 error, but it is still weird to me03:06
huntxuhoangcx: with auto=start/add for both initiator in the configuration file, the connection should be automatically added, so I doubt whether the add_connection step is needed03:07
hoangcxhuntxu: Yes. Yesterday I see a error log while restart q-l3 service. But not sure, let me check for this also.03:09
huntxuhoangcx: I will dig further today, for now it seems to me another issue, but I'm fine to get it solved in this patch, to get a clean log03:09
hoangcxhuntxu: ++03:09
*** yamamoto has joined #openstack-vpnaas03:52
*** yamamoto has quit IRC04:01
hoangcxhuntxu:04:03
hoangcxhuntxu: You said you didn't see twice of nat_travelse?04:03
*** yamamoto has joined #openstack-vpnaas04:04
huntxuhoangcx: no, just no twice of the exit code 5 error04:05
hoangcxhuntxu: ah, I see. If so, latest patch didn't so it. So it is blink to me now04:07
hoangcxhuntxu: Also, there is no problem if we restart with the q-l3 service too04:07
hoangcxhuntxu: Let me try with older version of the driver (<3.19)04:07
*** yamamoto has quit IRC04:08
huntxuhoangcx: with the latest patch, addconn shouldn't be called, if you are using initiator=bi-directional04:09
*** yamamoto has joined #openstack-vpnaas04:09
hoangcxhuntxu: Indeed04:10
*** yamamoto has quit IRC04:14
*** yamamoto has joined #openstack-vpnaas04:16
hoangcxhuntxu: I confirmed that It works well with older version04:19
hoangcxhuntxu: What will you update for the patch?04:20
hoangcxhuntxu: http://paste.openstack.org/show/705465/04:20
huntxuhoangcx: I'll remove the addconn operation in libreswan, let me try it wil older versions to see whether it works well04:22
hoangcxhuntxu: OK, thank you04:22
huntxuhoangcx: I don't know openswan quite well, so it is better to leave the addconn task in the openswan base04:24
hoangcxhuntxu: me too. But I think openswan is not available for mordern OS04:26
hoangcxhuntxu: Will it affect to StrongSwan?04:26
huntxuhoangcx: no, the start process is quite different04:27
*** yamamoto has quit IRC04:27
hoangcxhuntxu: OK then :)04:28
*** yamamoto has joined #openstack-vpnaas04:28
huntxuhoangcx: try with even older libreswan (3.12-5), and it works fine04:29
*** openstackgerrit has joined #openstack-vpnaas04:30
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734704:30
hoangcxhuntxu: Perfect04:30
hoangcxhuntxu: Thank you, What do you want me to verify for the latest patch?04:32
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734704:34
huntxuhoangcx: yeah, I'll appreciate that. Not much changed since PS4. https://review.openstack.org/#/c/547347/4..804:35
hoangcxhuntxu: OK. So, I think we are fine with its functional for PS8. Let's me check your code and +A this afternoon and see what other cores think04:39
hoangcxhuntxu: Again. Thank you for working on it :)04:39
huntxuhoangcx: thank you04:39
* hoangcx go a way for lunch time. will be back in a hour :)04:40
*** yamamoto has quit IRC04:43
*** yamamoto has joined #openstack-vpnaas04:46
*** hoangcx has quit IRC05:26
*** hoangcx has joined #openstack-vpnaas05:29
*** ChanServ sets mode: +o hoangcx05:29
hoangcxhuntxu:06:38
hoangcxhuntxu: I am asking infra team for how to create new job that running against CentOS06:38
hoangcxhuntxu: At least we would need a tempest job that running on CentOS and later for functional job06:39
hoangcxhuntxu: with tempest job, i think it isn't requirement much work (code) that we can re-use current code06:39
huntxuhoangcx: yes, at the moment the tempest jos is still not a zuul v3 native one, and now it only runs on ubuntu Xenial06:43
huntxuhoangcx: I'm going to try to switch the current tempest job into zuul v3 native, then it should be easily switch to run on CentOS 7 with only nodeset changed06:47
huntxuhoangcx: then we'll have tempest jobs for both strongswan and libreswan, and we can add functional tests to libreswan later06:48
hoangcxhuntxu: you mean neutron-vpnaas-dsvm-tempest job?06:48
huntxuhoangcx: yes, that's it06:48
hoangcxhuntxu: it is already native AFAIK06:48
hoangcxhuntxu: But I don06:49
hoangcxhuntxu: But I don't know how to set up more nodeset06:50
huntxuhoangcx: it still uses the legacy-dsvm-base base job, which is legacy v2 interface, https://docs.openstack.org/infra/manual/zuulv3.html#reworking-legacy-jobs-to-be-v3-native06:51
huntxuhoangcx: we might have to migrate it to use the new devstack-tempest base job06:52
hoangcxhuntxu: I don't have strong background about this manner.06:54
hoangcxhuntxu: So, this should be done in tempest repository. Right?06:56
huntxuhoangcx: no, this should be done in neutron-vpnaas repo, the jobs are under control in neutron-vpnaas06:57
hoangcxhuntxu: do you know how to do that?06:58
huntxuhoangcx: I tried it in another project https://review.openstack.org/#/c/552033/. Don't know whether there will be some blockers in neutron-vpnaas06:59
huntxuhoangcx: FYI there is also a bug report about this: https://bugs.launchpad.net/neutron/+bug/174751007:00
openstackLaunchpad bug 1747510 in neutron "Migrate legacy jobs to zuul v3 syntax" [Medium,Confirmed]07:00
hoangcxhuntxu: I see. So, we can try it here. Will you?07:02
huntxuhoangcx: yeah, I'm going to do that.07:02
huntxuhoangcx: here is a similar one https://review.openstack.org/#/c/552846/1307:04
hoangcxhuntxu: I see. Thanks for the pointer.07:06
hoangcxhuntxu: We at least need to tempest job for CentOS ASAP to avoid regression07:06
huntxuhoangcx: I agree07:07
hoangcxhuntxu: OK, waiting for your patch then :)07:07
hoangcxamotoki: yamamoto Could you please take a moment to check this patch https://review.openstack.org/#/c/547347/ ?07:32
amotokihoangcx: ack07:32
hoangcxamotoki: yamamoto: we need this for upgrading. Thanks a lot07:32
amotokihoangcx: can't we check version of libreswan?07:35
amotokihoangcx: in my understanding, --nssdir option was introduced to treat usecases like this07:35
amotokihoangcx: bind mount is the trick to cope with the situation that there is no option like --nssdir.07:36
hoangcxhuntxu: ^^ what do you think about amotoki opinion?07:36
amotokihoangcx: huntxu: I wonder which is better?07:36
hoangcxamotoki: AFAIK, the trick is used in strongswan before. that said there should be some same discussion that you raised07:40
hoangcxamotoki: I think we can use bind-mount for consistence for *swan drivers07:41
huntxuhoangcx: amotoki I did think of the check-version way, however for two reasons I didn't go that way07:55
huntxuthe first is that libreswan version is hardcoded in the ipsec script, and we have to parse the commandline output to get the version string07:56
huntxuthe second is that the commandline arguments of LibreSwan are not quite stable to rely on, for example, in 3.19 initnss has --nssdir, and in 3.20 pluto also has a07:57
huntxu'--nssdir' argument, and then in 3.22, --ctlbase is phased out...07:57
huntxuSo dropping as many arguments related to the paths as possible seems to be the easiest way to go08:01
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Switch tempest job to zuul v3 native  https://review.openstack.org/55444508:11
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Switch tempest job to zuul v3 native  https://review.openstack.org/55444508:46
amotokihuntxu: your observation sounds reasonable. I think it is worth commented in the commit msg or somewhere.08:56
amotokihuntxu: the current proposed approach on etc dir looks good08:57
amotokihuntxu: one more question08:57
amotokihuntxu: is 'cmd' argument change tightly coupled with libreswan 3.19+ support?08:58
amotokihuntxu: personally it affects other drivers, so it would be nice if we can do it separately.08:58
huntxuamotoki: thx for the suggestions. The 'cmd' change is only required for the virtual-private argument, I think it can be put into the configuration file so we can avoid the cmd argument change09:06
huntxuI'll update later09:06
amotokihuntxu: thanks. multiple patches with single change is much better :)09:13
*** yamamoto has quit IRC10:04
amotokihoangcx: I see your comment about neutron-vpnaas-dsvm-functional-sswan in https://review.openstack.org/#/c/543394/10:04
amotokihoangcx: .zuul.yaml specifies openstack/neutron in required-projects, so I think tox-siblings installs the rocky latest neutron10:05
amotokihoangcx: am I missing something?10:05
hoangcxamotoki: http://logs.openstack.org/94/543394/9/check/neutron-vpnaas-dsvm-functional-sswan/517bc66/job-output.txt.gz#_2018-03-19_10_00_26_79999910:05
hoangcxamotoki: this log message say it installed neutron 12.0.010:06
amotokihmmmm10:06
hoangcxamotoki: Because there was no problem with the previous patch that wasn't included tox-siblings.10:08
amotokihoangcx: yeah, I noticed the same thing.10:09
*** yamamoto has joined #openstack-vpnaas10:09
hoangcxamotoki: the latest patch is just rebased/resolved merged conflict without any change. That leaded me to the tox-siblings problem10:09
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734710:10
amotokihoangcx: we call "tox" at https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/tests/contrib/post_test_hook.sh#L3510:11
amotokihoangcx: as a quick fix, we can change this to three steps: tox -e $VENV --notest, .tox/$VENV/bin/pip install <neutron-master> and then tox -e $VENV10:12
amotokiwe need to check where we have <neutron-master> in our CI though, but I think it helps us.10:12
hoangcxamotoki: step 1: sudo -H -u $owner $sudo_env tox -e $VENV --notest10:14
*** yamamoto has quit IRC10:14
hoangcxamotoki: hmm I'm not clear steps10:16
amotokihoangcx: let me try a bit later10:19
hoangcxamotoki: I see. If it is success, Kindly please help to verify it on gate by post a patch. Then I will re-base my patch on it10:20
* hoangcx quits office now10:20
openstackgerritAkihiro Motoki proposed openstack/neutron-vpnaas master: Ensure to install latest neutron from master  https://review.openstack.org/55449510:28
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734710:32
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734710:45
amotokihoangcx: http://logs.openstack.org/95/554495/1/check/neutron-vpnaas-dsvm-functional-sswan/ce7caaa/job-output.txt.gz#_2018-03-20_10_46_02_14293510:54
*** yamamoto has joined #openstack-vpnaas11:10
*** yamamoto has quit IRC11:12
*** yamamoto has joined #openstack-vpnaas11:12
openstackgerritAkihiro Motoki proposed openstack/neutron-vpnaas master: Ensure to install latest neutron from master  https://review.openstack.org/55449511:16
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions  https://review.openstack.org/54734711:33
*** yamamoto has quit IRC11:40
*** yamamoto has joined #openstack-vpnaas11:41
*** openstackgerrit has quit IRC12:33
*** openstackgerrit has joined #openstack-vpnaas12:42
openstackgerritHunt Xu proposed openstack/neutron-vpnaas master: Switch zuul jobs to zuul v3 native  https://review.openstack.org/55444512:42
openstackgerritOpenStack Proposal Bot proposed openstack/neutron-vpnaas master: Updated from global requirements  https://review.openstack.org/55455314:07
*** huntxu has quit IRC14:12
*** yamamoto_ has joined #openstack-vpnaas14:12
*** yamamoto has quit IRC14:12
*** yamamoto_ has quit IRC15:27
*** yamamoto has joined #openstack-vpnaas16:28
*** yamamoto has quit IRC16:34
*** yamamoto has joined #openstack-vpnaas17:30
*** yamamoto has quit IRC17:36
*** yamamoto has joined #openstack-vpnaas18:32
*** yamamoto has quit IRC18:37
*** yamamoto has joined #openstack-vpnaas19:34
*** yamamoto has quit IRC19:39
*** openstackgerrit has quit IRC20:33
*** yamamoto has joined #openstack-vpnaas20:35
*** yamamoto has quit IRC20:41
*** yamamoto has joined #openstack-vpnaas21:37
*** yamamoto has quit IRC21:43
*** yamamoto has joined #openstack-vpnaas22:39
*** yamamoto has quit IRC22:45
*** yamamoto has joined #openstack-vpnaas23:41
*** yamamoto has quit IRC23:46
« Monday, 2018-03-19 Index Wednesday, 2018-03-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!