| *** yifei has joined #tacker | 00:24 | |
| *** phuoc_ has joined #tacker | 00:46 | |
| *** wangqwsh has joined #tacker | 00:53 | |
| *** bobh has quit IRC | 00:58 | |
| *** bobh has joined #tacker | 01:08 | |
| *** phuoc_ has quit IRC | 02:33 | |
| *** bobh has quit IRC | 02:54 | |
| *** bobh has joined #tacker | 03:28 | |
| *** bobh has quit IRC | 03:52 | |
| *** links has joined #tacker | 04:23 | |
| *** openstackgerrit has joined #tacker | 04:52 | |
| *** janki has joined #tacker | 05:22 | |
| *** trinaths has joined #tacker | 05:43 | |
| *** Taseer has joined #tacker | 05:52 | |
| *** egonzalez has joined #tacker | 07:40 | |
| *** yifei has quit IRC | 08:25 | |
| *** mbuil has joined #tacker | 08:52 | |
| mbuil | hello. Is anyone working with vnffg? I am seeing errors in stable/ocata when creating a vnffg | 09:19 |
|---|---|---|
| egonzalez | mbuil, what kind of errors? | 09:19 |
| trinaths | mbuil: what errors? can u post them | 09:20 |
| mbuil | First error is that according to this guide https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html, when creating a vnfffg, I should use a boolean value after the --symmetrical flag | 09:20 |
| mbuil | tacker vnffg-create --vnffgd-name <vnffgd-name> \ | 09:21 |
| mbuil | --vnf-mapping <vnf-mapping> --symmetrical <boolean> <vnffg-name> | 09:21 |
| mbuil | egonzalez, trinaths: however, the tacker db is configured like this: | 09:21 |
| mbuil | symmetrical | tinyint(1) | YES | | NULL | 09:21 |
| trinaths | can u use paste | 09:21 |
| mbuil | trinaths sorry. You can go to this link https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html and search for "tacker vnffg-create" | 09:22 |
| trinaths | 1 or '' | 09:23 |
| mbuil | trinaths: yeah, I used 0 and it worked but I think that is a bug. The type should be 'BOOL' in the database and not 'tinyint' | 09:24 |
| mbuil | trinaths, egonzalez: second bug: When I try to execute the vnffg-create, I get this in the logs: https://hastebin.com/iroxucokuv.sql | 09:25 |
| trinaths | its ocata or master branch ? | 09:25 |
| mbuil | trinaths: it should be stable/ocata but let me double check | 09:25 |
| trinaths | do u have networking-sfc installed ? | 09:26 |
| mbuil | trinaths: yes, and working | 09:26 |
| egonzalez | mbuil, networking-sfc installed in host where the command is used | 09:27 |
| mbuil | yes, if I type openstack --help | grep sfc I get all the networking-sfc commands | 09:27 |
| mbuil | I was able to create a port-pair, port-pair group, etc | 09:27 |
| mbuil | I am trying to integrate tacker --> networking-sfc --> ODL --> OVS+NSH. Up to networking-sfc, everything was working. Tacker is left :) | 09:28 |
| trinaths | https://bugs.launchpad.net/tacker/+bug/1658364 | 09:28 |
| openstack | Launchpad bug 1658364 in tacker "DBReferenceError when Deploy or delete vnffg" [High,In progress] - Assigned to sajuptpm (sajuptpm) | 09:28 |
| mbuil | trinaths: yep, looks similar :) | 09:29 |
| trinaths | its in progress. | 09:30 |
| trinaths | but still propose a bug | 09:30 |
| trinaths | with u r findings | 09:30 |
| trinaths | also, can check with master branch code if any fix is available | 09:30 |
| mbuil | trinaths: After reading it, I am a bit worried because it is in progress since February. Are you guys lacking resources in tacker? | 09:31 |
| trinaths | not so. | 09:31 |
| trinaths | mbuil: please give time i will check this and update u | 09:33 |
| trinaths | tung_doan: ping | 09:33 |
| mbuil | trinaths: thank you | 09:34 |
| trinaths | mbuil: is https://hastebin.com/iroxucokuv.sql this the exact error u get ? | 09:35 |
| mbuil | trinaths | 09:35 |
| mbuil | trinaths: this link provides more information https://hastebin.com/usanajozif.py | 09:38 |
| mbuil | trinaths: I submitted the db bug ==> https://bugs.launchpad.net/tacker/+bug/1711550 | 09:43 |
| openstack | Launchpad bug 1711550 in tacker "Wrong DB table type" [Undecided,New] | 09:43 |
| mbuil | trinaths, egonzalez: Taseer and I have been investigating how to disable the verification of certificates when tacker creates a session with keystone. Do you know how to force that in tacker.conf? | 09:47 |
| egonzalez | mbuil, by sessions mean fernet_keys? | 09:48 |
| trinaths | mbuil: why do u want to disable certs | 09:50 |
| mbuil | egonzalez, trinaths: we keep getting SSLError: SSL exception connecting to https://192.168.122.3:8004/v1/b153ff63892a44e587627fd5c2ba012d/resource_types/OS%3A%3ANeutron%3A%3APort: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) | 09:53 |
| egonzalez | mbuil, you have all traffic ssl? public,internal, etc? or only public? | 09:54 |
| mbuil | egonzalez, trinaths: as a workaround we are changing the verify varialbe in lib/python2.7/site-packages/keystoneauth1/session.py as False always | 09:54 |
| trinaths | ok | 09:54 |
| egonzalez | mbuil, if only public faced is SSL through a LB, make tacker use internal endpoints with other services | 09:55 |
| mbuil | egonzalez: only public (as far as I see in endpoint list) | 09:56 |
| *** wangqwsh has quit IRC | 09:56 | |
| mbuil | egonzalez: how can I do that? THis is my tacker.conf ==> https://hastebin.com/hiwanecata.ini; can I specify that in tacker.conf? | 09:57 |
| trinaths | mbuil: why u have 2 auth_utl ? | 09:58 |
| egonzalez | mbuil, i'm looking to see if is possible with tacker, other services, when configuring clients can set endpoint_type or interface to internal | 09:58 |
| trinaths | does that make any sense | 09:58 |
| egonzalez | auth_uri and auth_url | 09:59 |
| trinaths | egonzalez: oh! i was mistaken by my eye sight | 10:00 |
| mbuil | trinaths: I used this guide to create tacker.conf ==> https://docs.openstack.org/tacker/latest/install/manual_installation.html. If you think something is wrong, please tell me. I will pay you with cookies :) | 10:01 |
| trinaths | mbuil: :) let me check and tell u | 10:01 |
| mbuil | egonzalez: I get that SSL problem when creating the vnf. Setting up the vim and submitting a vnfd works. That SSL problem appears when it tries to contact heat | 10:02 |
| egonzalez | mbuil, [tacker_heat] | 10:04 |
| egonzalez | heat_uri = <URL> | 10:04 |
| mbuil | egonzalez: and there I write the internal heat url? | 10:04 |
| egonzalez | mbuil, there are more client settings, let me generate a sample config is working for me | 10:05 |
| egonzalez | mbuil, yep | 10:05 |
| mbuil | egonzalez: the only thing is that in the endpoint list, heat internal url has a variable ==> http://172.29.236.11:8004/v1/%(tenant_id)s | 10:05 |
| egonzalez | mbuil, ocata http://paste.openstack.org/show/618754/ | 10:07 |
| trinaths | mbuil: is u r neutron server configured with networking-sfc plugin? | 10:08 |
| trinaths | mbuil: https://specs.openstack.org/openstack/tacker-specs/specs/newton/tacker-networking-sfc.html | 10:08 |
| mbuil | trinaths: yes | 10:09 |
| mbuil | trinaths: I am able to create chains using networking-sfc CLI | 10:09 |
| trinaths | mbuil: u mean neutron cli ? | 10:10 |
| mbuil | trinaths: I use commands like "openstack sfc port chain create --port-pair-group PG1 --flow-classifier FC1 PC1" | 10:11 |
| egonzalez | mbuil, pike/master http://paste.openstack.org/show/618755/ | 10:11 |
| mbuil | trinaths: those commands refer to the neutron subproject networking-sfc | 10:11 |
| trinaths | mbuil: agree | 10:11 |
| trinaths | mbuil: AttributeError: 'Client' object has no attribute 'create_flow_classifier' | 10:12 |
| mbuil | egonzalez: you don't have nfvo in the ocata conf. DOes that mean it is not supported? | 10:13 |
| trinaths | mbuil: this error specifies that, neutron client doesn't have networking-sfc configured well | 10:14 |
| mbuil | trinaths: ok... let me doublecheck that everything is correct in neutron | 10:15 |
| egonzalez | mbuil, is default value in both releases, just added in pike to be more descriptive | 10:15 |
| mbuil | trinaths: it loads correctly in neutron ==>https://hastebin.com/xoluxidita.go | 10:18 |
| mbuil | egonzalez: I tried with [tacker_heat] heat_uri = heat_uri = http://172.29.236.11:8004/v1 but it still tries to go to https://192.168.122.3:8004/v1 which is the heat public ip | 10:20 |
| trinaths | mbuil: ok good. can u user neutron CLI and create this flow classifier. not osc-cli use neutron-cli | 10:22 |
| mbuil | trinaths: works | 10:30 |
| egonzalez | mbuil, dont know if this will work, can you try this. [heat_client] | 10:31 |
| egonzalez | endpoint_type = internalURL | 10:31 |
| egonzalez | maybe we have a bug too in kolla for SSL :( | 10:31 |
| trinaths | can u check the logs at neutron for the command from tacket | 10:31 |
| mbuil | trinaths: let me copy you the last commands I tried: https://hastebin.com/akeruqeniy.rb. I also checked ODL and the SFC config is correct there, so it worked | 10:31 |
| mbuil | trinaths: neutron logs are fine. I can see calls to sfc urls ==> "POST /v2.0/sfc/port_pair_groups.json HTTP/1.1" 201 519 0.206105, "POST /v2.0/sfc/flow_classifiers.json HTTP/1.1" 201 744 0.421820 | 10:33 |
| Taseer | egonzalez: I tried with [heat_client] | 10:34 |
| Taseer | Still does not work | 10:34 |
| trinaths | mbuil: when called from tacker ? | 10:36 |
| mbuil | trinaths: no, when called from neutron | 10:36 |
| trinaths | mbuil: please check when called from tacker | 10:36 |
| mbuil | trinaths: I see nothing in neutron when called from tacker | 10:48 |
| mbuil | egonzalez: Using internalURL also does not help :(. This is my current conf ==> https://hastebin.com/ofakohazit.ini it seems as if tacker did not care about [tacker_heat] right? | 10:54 |
| trinaths | oh ok | 10:54 |
| egonzalez | mbuil, yeah, tackerclient is imported but dont know if there is a way to configure, other services (zun/heat/magnum/etc) have config for each of the services they use | 10:55 |
| egonzalez | might be tacker issue | 10:55 |
| mbuil | trinaths: I am tyring to approach the networking-sfc guys. I guess there is a bug in the integration. Hopefully they can shed some light into the problem | 10:55 |
| *** mbuil has quit IRC | 10:57 | |
| *** mbuil has joined #tacker | 10:58 | |
| mbuil | egonzalez: but you are not having the same issue in KOlla? | 11:01 |
| trinaths | mbuil: ok | 11:02 |
| egonzalez | mbuil, never used behind SSL | 11:03 |
| egonzalez | mbuil, i'm deploying ATM to verify | 11:04 |
| mbuil | egonzalez, even your public endpoints are not using https? | 11:05 |
| egonzalez | mbuil, dev environments without https, all plain | 11:06 |
| mbuil | ok thanks | 11:06 |
| *** Taseer has quit IRC | 11:46 | |
| egonzalez | mbuil, just tested and kolla with ssl does not work too | 11:58 |
| egonzalez | i'll gather info and open a bug | 11:59 |
| mbuil | egonzalez: great, thanks! | 12:16 |
| *** bobh has joined #tacker | 12:34 | |
| *** bobh has quit IRC | 12:36 | |
| *** trinaths has left #tacker | 12:38 | |
| *** diga has joined #tacker | 13:10 | |
| *** bobh has joined #tacker | 13:11 | |
| *** janki has quit IRC | 14:07 | |
| *** phuoc_ has joined #tacker | 14:32 | |
| *** diga has quit IRC | 14:36 | |
| *** vishwana_ has joined #tacker | 15:00 | |
| *** vishwanathj has quit IRC | 15:03 | |
| *** links has quit IRC | 15:10 | |
| *** egonzalez has quit IRC | 15:16 | |
| *** trinaths has joined #tacker | 15:38 | |
| *** trinaths1 has joined #tacker | 15:39 | |
| *** trinaths has quit IRC | 15:42 | |
| *** mbuil has quit IRC | 15:59 | |
| *** trinaths1 has left #tacker | 16:04 | |
| *** trinaths has joined #tacker | 16:13 | |
| *** trinaths has left #tacker | 16:16 | |
| *** trinaths-m has joined #tacker | 17:06 | |
| *** trinaths-m has quit IRC | 17:52 | |
| *** ChuckD has joined #tacker | 19:15 | |
| *** ChuckD has quit IRC | 19:20 | |
| *** ChuckD has joined #tacker | 19:43 | |
| ChuckD | I have a question about tacker - not sure if anyone has seen 'service catalog is empty' being returned back. It appears that keystone is unable to validate the token being used for OS_URL and OS_TOKEN? | 19:43 |
| ChuckD | it was issued with openstack token issue as the tacker rc file | 19:44 |
| *** ChuckD has quit IRC | 19:52 | |
| *** ChuckD has joined #tacker | 19:54 | |
| *** ChuckD has quit IRC | 19:57 | |
| *** ChuckD has joined #tacker | 20:01 | |
| *** ChuckD has quit IRC | 20:03 | |
| openstackgerrit | Tim Rozet proposed openstack/python-tackerclient master: Fixes passing boolean as string for symmetrical https://review.openstack.org/495423 | 20:25 |
| openstackgerrit | Tim Rozet proposed openstack/tacker master: save tenant_id in ACLMatchCriteria table https://review.openstack.org/423712 | 20:28 |
| *** bobh has quit IRC | 22:26 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!