*** yamamoto has quit IRC | 00:26 | |
*** yamamoto has joined #openstack-vpnaas | 00:28 | |
*** yamamoto has quit IRC | 00:28 | |
*** yamamoto has joined #openstack-vpnaas | 01:07 | |
*** huntxu has joined #openstack-vpnaas | 01:10 | |
*** yamamoto has quit IRC | 01:27 | |
*** hoangcx has joined #openstack-vpnaas | 02:31 | |
*** ChanServ sets mode: +o hoangcx | 02:31 | |
*** hoangcx has quit IRC | 02:55 | |
*** hoangcx has joined #openstack-vpnaas | 03:00 | |
*** ChanServ sets mode: +o hoangcx | 03:00 | |
hoangcx | huntxu: Sorry for not response to your last issue because i was stuck with dual env (centOS and ubuntu) | 03:03 |
---|---|---|
hoangcx | huntxu: I didn't aware of it until now by checking log (to make sure whether you send me some update) | 03:03 |
hoangcx | huntxu: turn back to your issue, let me build and try a gain to make sure the thing | 03:04 |
huntxu | hoangcx: np, I submitted a new version yesterday, should deal with the exit code 5 error, but it is still weird to me | 03:06 |
huntxu | hoangcx: with auto=start/add for both initiator in the configuration file, the connection should be automatically added, so I doubt whether the add_connection step is needed | 03:07 |
hoangcx | huntxu: Yes. Yesterday I see a error log while restart q-l3 service. But not sure, let me check for this also. | 03:09 |
huntxu | hoangcx: I will dig further today, for now it seems to me another issue, but I'm fine to get it solved in this patch, to get a clean log | 03:09 |
hoangcx | huntxu: ++ | 03:09 |
*** yamamoto has joined #openstack-vpnaas | 03:52 | |
*** yamamoto has quit IRC | 04:01 | |
hoangcx | huntxu: | 04:03 |
hoangcx | huntxu: You said you didn't see twice of nat_travelse? | 04:03 |
*** yamamoto has joined #openstack-vpnaas | 04:04 | |
huntxu | hoangcx: no, just no twice of the exit code 5 error | 04:05 |
hoangcx | huntxu: ah, I see. If so, latest patch didn't so it. So it is blink to me now | 04:07 |
hoangcx | huntxu: Also, there is no problem if we restart with the q-l3 service too | 04:07 |
hoangcx | huntxu: Let me try with older version of the driver (<3.19) | 04:07 |
*** yamamoto has quit IRC | 04:08 | |
huntxu | hoangcx: with the latest patch, addconn shouldn't be called, if you are using initiator=bi-directional | 04:09 |
*** yamamoto has joined #openstack-vpnaas | 04:09 | |
hoangcx | huntxu: Indeed | 04:10 |
*** yamamoto has quit IRC | 04:14 | |
*** yamamoto has joined #openstack-vpnaas | 04:16 | |
hoangcx | huntxu: I confirmed that It works well with older version | 04:19 |
hoangcx | huntxu: What will you update for the patch? | 04:20 |
hoangcx | huntxu: http://paste.openstack.org/show/705465/ | 04:20 |
huntxu | hoangcx: I'll remove the addconn operation in libreswan, let me try it wil older versions to see whether it works well | 04:22 |
hoangcx | huntxu: OK, thank you | 04:22 |
huntxu | hoangcx: I don't know openswan quite well, so it is better to leave the addconn task in the openswan base | 04:24 |
hoangcx | huntxu: me too. But I think openswan is not available for mordern OS | 04:26 |
hoangcx | huntxu: Will it affect to StrongSwan? | 04:26 |
huntxu | hoangcx: no, the start process is quite different | 04:27 |
*** yamamoto has quit IRC | 04:27 | |
hoangcx | huntxu: OK then :) | 04:28 |
*** yamamoto has joined #openstack-vpnaas | 04:28 | |
huntxu | hoangcx: try with even older libreswan (3.12-5), and it works fine | 04:29 |
*** openstackgerrit has joined #openstack-vpnaas | 04:30 | |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 04:30 |
hoangcx | huntxu: Perfect | 04:30 |
hoangcx | huntxu: Thank you, What do you want me to verify for the latest patch? | 04:32 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 04:34 |
huntxu | hoangcx: yeah, I'll appreciate that. Not much changed since PS4. https://review.openstack.org/#/c/547347/4..8 | 04:35 |
hoangcx | huntxu: OK. So, I think we are fine with its functional for PS8. Let's me check your code and +A this afternoon and see what other cores think | 04:39 |
hoangcx | huntxu: Again. Thank you for working on it :) | 04:39 |
huntxu | hoangcx: thank you | 04:39 |
* hoangcx go a way for lunch time. will be back in a hour :) | 04:40 | |
*** yamamoto has quit IRC | 04:43 | |
*** yamamoto has joined #openstack-vpnaas | 04:46 | |
*** hoangcx has quit IRC | 05:26 | |
*** hoangcx has joined #openstack-vpnaas | 05:29 | |
*** ChanServ sets mode: +o hoangcx | 05:29 | |
hoangcx | huntxu: | 06:38 |
hoangcx | huntxu: I am asking infra team for how to create new job that running against CentOS | 06:38 |
hoangcx | huntxu: At least we would need a tempest job that running on CentOS and later for functional job | 06:39 |
hoangcx | huntxu: with tempest job, i think it isn't requirement much work (code) that we can re-use current code | 06:39 |
huntxu | hoangcx: yes, at the moment the tempest jos is still not a zuul v3 native one, and now it only runs on ubuntu Xenial | 06:43 |
huntxu | hoangcx: I'm going to try to switch the current tempest job into zuul v3 native, then it should be easily switch to run on CentOS 7 with only nodeset changed | 06:47 |
huntxu | hoangcx: then we'll have tempest jobs for both strongswan and libreswan, and we can add functional tests to libreswan later | 06:48 |
hoangcx | huntxu: you mean neutron-vpnaas-dsvm-tempest job? | 06:48 |
huntxu | hoangcx: yes, that's it | 06:48 |
hoangcx | huntxu: it is already native AFAIK | 06:48 |
hoangcx | huntxu: But I don | 06:49 |
hoangcx | huntxu: But I don't know how to set up more nodeset | 06:50 |
huntxu | hoangcx: it still uses the legacy-dsvm-base base job, which is legacy v2 interface, https://docs.openstack.org/infra/manual/zuulv3.html#reworking-legacy-jobs-to-be-v3-native | 06:51 |
huntxu | hoangcx: we might have to migrate it to use the new devstack-tempest base job | 06:52 |
hoangcx | huntxu: I don't have strong background about this manner. | 06:54 |
hoangcx | huntxu: So, this should be done in tempest repository. Right? | 06:56 |
huntxu | hoangcx: no, this should be done in neutron-vpnaas repo, the jobs are under control in neutron-vpnaas | 06:57 |
hoangcx | huntxu: do you know how to do that? | 06:58 |
huntxu | hoangcx: I tried it in another project https://review.openstack.org/#/c/552033/. Don't know whether there will be some blockers in neutron-vpnaas | 06:59 |
huntxu | hoangcx: FYI there is also a bug report about this: https://bugs.launchpad.net/neutron/+bug/1747510 | 07:00 |
openstack | Launchpad bug 1747510 in neutron "Migrate legacy jobs to zuul v3 syntax" [Medium,Confirmed] | 07:00 |
hoangcx | huntxu: I see. So, we can try it here. Will you? | 07:02 |
huntxu | hoangcx: yeah, I'm going to do that. | 07:02 |
huntxu | hoangcx: here is a similar one https://review.openstack.org/#/c/552846/13 | 07:04 |
hoangcx | huntxu: I see. Thanks for the pointer. | 07:06 |
hoangcx | huntxu: We at least need to tempest job for CentOS ASAP to avoid regression | 07:06 |
huntxu | hoangcx: I agree | 07:07 |
hoangcx | huntxu: OK, waiting for your patch then :) | 07:07 |
hoangcx | amotoki: yamamoto Could you please take a moment to check this patch https://review.openstack.org/#/c/547347/ ? | 07:32 |
amotoki | hoangcx: ack | 07:32 |
hoangcx | amotoki: yamamoto: we need this for upgrading. Thanks a lot | 07:32 |
amotoki | hoangcx: can't we check version of libreswan? | 07:35 |
amotoki | hoangcx: in my understanding, --nssdir option was introduced to treat usecases like this | 07:35 |
amotoki | hoangcx: bind mount is the trick to cope with the situation that there is no option like --nssdir. | 07:36 |
hoangcx | huntxu: ^^ what do you think about amotoki opinion? | 07:36 |
amotoki | hoangcx: huntxu: I wonder which is better? | 07:36 |
hoangcx | amotoki: AFAIK, the trick is used in strongswan before. that said there should be some same discussion that you raised | 07:40 |
hoangcx | amotoki: I think we can use bind-mount for consistence for *swan drivers | 07:41 |
huntxu | hoangcx: amotoki I did think of the check-version way, however for two reasons I didn't go that way | 07:55 |
huntxu | the first is that libreswan version is hardcoded in the ipsec script, and we have to parse the commandline output to get the version string | 07:56 |
huntxu | the second is that the commandline arguments of LibreSwan are not quite stable to rely on, for example, in 3.19 initnss has --nssdir, and in 3.20 pluto also has a | 07:57 |
huntxu | '--nssdir' argument, and then in 3.22, --ctlbase is phased out... | 07:57 |
huntxu | So dropping as many arguments related to the paths as possible seems to be the easiest way to go | 08:01 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Switch tempest job to zuul v3 native https://review.openstack.org/554445 | 08:11 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Switch tempest job to zuul v3 native https://review.openstack.org/554445 | 08:46 |
amotoki | huntxu: your observation sounds reasonable. I think it is worth commented in the commit msg or somewhere. | 08:56 |
amotoki | huntxu: the current proposed approach on etc dir looks good | 08:57 |
amotoki | huntxu: one more question | 08:57 |
amotoki | huntxu: is 'cmd' argument change tightly coupled with libreswan 3.19+ support? | 08:58 |
amotoki | huntxu: personally it affects other drivers, so it would be nice if we can do it separately. | 08:58 |
huntxu | amotoki: thx for the suggestions. The 'cmd' change is only required for the virtual-private argument, I think it can be put into the configuration file so we can avoid the cmd argument change | 09:06 |
huntxu | I'll update later | 09:06 |
amotoki | huntxu: thanks. multiple patches with single change is much better :) | 09:13 |
*** yamamoto has quit IRC | 10:04 | |
amotoki | hoangcx: I see your comment about neutron-vpnaas-dsvm-functional-sswan in https://review.openstack.org/#/c/543394/ | 10:04 |
amotoki | hoangcx: .zuul.yaml specifies openstack/neutron in required-projects, so I think tox-siblings installs the rocky latest neutron | 10:05 |
amotoki | hoangcx: am I missing something? | 10:05 |
hoangcx | amotoki: http://logs.openstack.org/94/543394/9/check/neutron-vpnaas-dsvm-functional-sswan/517bc66/job-output.txt.gz#_2018-03-19_10_00_26_799999 | 10:05 |
hoangcx | amotoki: this log message say it installed neutron 12.0.0 | 10:06 |
amotoki | hmmmm | 10:06 |
hoangcx | amotoki: Because there was no problem with the previous patch that wasn't included tox-siblings. | 10:08 |
amotoki | hoangcx: yeah, I noticed the same thing. | 10:09 |
*** yamamoto has joined #openstack-vpnaas | 10:09 | |
hoangcx | amotoki: the latest patch is just rebased/resolved merged conflict without any change. That leaded me to the tox-siblings problem | 10:09 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 10:10 |
amotoki | hoangcx: we call "tox" at https://github.com/openstack/neutron-vpnaas/blob/master/neutron_vpnaas/tests/contrib/post_test_hook.sh#L35 | 10:11 |
amotoki | hoangcx: as a quick fix, we can change this to three steps: tox -e $VENV --notest, .tox/$VENV/bin/pip install <neutron-master> and then tox -e $VENV | 10:12 |
amotoki | we need to check where we have <neutron-master> in our CI though, but I think it helps us. | 10:12 |
hoangcx | amotoki: step 1: sudo -H -u $owner $sudo_env tox -e $VENV --notest | 10:14 |
*** yamamoto has quit IRC | 10:14 | |
hoangcx | amotoki: hmm I'm not clear steps | 10:16 |
amotoki | hoangcx: let me try a bit later | 10:19 |
hoangcx | amotoki: I see. If it is success, Kindly please help to verify it on gate by post a patch. Then I will re-base my patch on it | 10:20 |
* hoangcx quits office now | 10:20 | |
openstackgerrit | Akihiro Motoki proposed openstack/neutron-vpnaas master: Ensure to install latest neutron from master https://review.openstack.org/554495 | 10:28 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 10:32 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 10:45 |
amotoki | hoangcx: http://logs.openstack.org/95/554495/1/check/neutron-vpnaas-dsvm-functional-sswan/ce7caaa/job-output.txt.gz#_2018-03-20_10_46_02_142935 | 10:54 |
*** yamamoto has joined #openstack-vpnaas | 11:10 | |
*** yamamoto has quit IRC | 11:12 | |
*** yamamoto has joined #openstack-vpnaas | 11:12 | |
openstackgerrit | Akihiro Motoki proposed openstack/neutron-vpnaas master: Ensure to install latest neutron from master https://review.openstack.org/554495 | 11:16 |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Make libreswan driver work with recent versions https://review.openstack.org/547347 | 11:33 |
*** yamamoto has quit IRC | 11:40 | |
*** yamamoto has joined #openstack-vpnaas | 11:41 | |
*** openstackgerrit has quit IRC | 12:33 | |
*** openstackgerrit has joined #openstack-vpnaas | 12:42 | |
openstackgerrit | Hunt Xu proposed openstack/neutron-vpnaas master: Switch zuul jobs to zuul v3 native https://review.openstack.org/554445 | 12:42 |
openstackgerrit | OpenStack Proposal Bot proposed openstack/neutron-vpnaas master: Updated from global requirements https://review.openstack.org/554553 | 14:07 |
*** huntxu has quit IRC | 14:12 | |
*** yamamoto_ has joined #openstack-vpnaas | 14:12 | |
*** yamamoto has quit IRC | 14:12 | |
*** yamamoto_ has quit IRC | 15:27 | |
*** yamamoto has joined #openstack-vpnaas | 16:28 | |
*** yamamoto has quit IRC | 16:34 | |
*** yamamoto has joined #openstack-vpnaas | 17:30 | |
*** yamamoto has quit IRC | 17:36 | |
*** yamamoto has joined #openstack-vpnaas | 18:32 | |
*** yamamoto has quit IRC | 18:37 | |
*** yamamoto has joined #openstack-vpnaas | 19:34 | |
*** yamamoto has quit IRC | 19:39 | |
*** openstackgerrit has quit IRC | 20:33 | |
*** yamamoto has joined #openstack-vpnaas | 20:35 | |
*** yamamoto has quit IRC | 20:41 | |
*** yamamoto has joined #openstack-vpnaas | 21:37 | |
*** yamamoto has quit IRC | 21:43 | |
*** yamamoto has joined #openstack-vpnaas | 22:39 | |
*** yamamoto has quit IRC | 22:45 | |
*** yamamoto has joined #openstack-vpnaas | 23:41 | |
*** yamamoto has quit IRC | 23:46 |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!