Wednesday, 2018-04-11

« Tuesday, 2018-04-10 Index Thursday, 2018-04-12 »
*** Dinesh_Bhor has joined #tacker00:33
*** Dinesh__Bhor has joined #tacker00:58
*** Dinesh_Bhor has quit IRC01:00
*** binh has joined #tacker01:34
*** binh has quit IRC01:35
*** binh has joined #tacker01:35
*** dangtrinhnt has joined #tacker01:36
*** Dinesh__Bhor has quit IRC02:18
*** Dinesh__Bhor has joined #tacker02:20
*** joxyuki has joined #tacker02:43
*** dangtrinhnt has quit IRC02:52
*** gongysh has joined #tacker03:06
*** trinaths has joined #tacker04:55
*** dineshbhor__ has joined #tacker04:58
*** Dinesh__Bhor has quit IRC04:59
*** dineshbhor__ has quit IRC05:12
*** Dinesh_Bhor has joined #tacker05:12
*** gongysh has quit IRC05:12
*** links has joined #tacker05:28
*** trinaths has quit IRC05:46
*** gongysh has joined #tacker05:48
*** mardim has joined #tacker06:00
*** egonzalez_afk has joined #tacker06:11
*** trinaths has joined #tacker06:18
*** tbh has quit IRC06:30
*** Dinesh__Bhor has joined #tacker06:35
*** Dinesh_Bhor has quit IRC06:36
*** trinaths has quit IRC06:40
*** janki has joined #tacker06:54
*** trinaths has joined #tacker07:06
*** trinaths has quit IRC07:06
*** binh has quit IRC07:07
mardimgongysh, Hello07:08
gongyshhelo07:08
mardimgongysh, I updated the presentation for the Summit07:08
mardimcan you please take a look and tell me your opinion07:08
mardimplease free to add anything you want07:08
mardimfell free*07:08
mardimfeel*07:08
*** trinaths has joined #tacker07:10
gongyshok07:11
*** Dinesh__Bhor has quit IRC07:12
gongyshmardim, I think we should device a sfc to demo.07:18
mardimgongysh, what do you mean can you please explain a bit more07:19
mardim?07:19
gongyshfor example vm1 -> packet stats vnf -> fw  vnf -> target07:19
gongyshmardim, do you know how to set up snort ?07:20
gongyshif you know, we can set up an IPS/IDS sfc07:20
nguyenhaiif you can set up an IPS/IDS sfc, please share with us too, thanks :D07:22
*** Dinesh__Bhor has joined #tacker07:22
mardimgongysh, Do you want to create a sfc demo with snort ?07:23
mardimgongysh, Sorry still trying to understand what do you want to do07:23
gongyshyes, it is great if we can. if not we can use vm1 -> packet stats vnf -> fw  vnf -> target07:23
mardimcan you please setup a basic topology in google doc07:23
gongyshmardim, I mean we should have a live demo for the sfc07:24
gongyshnot just slides for concepts and tacker feature description.07:24
mardimgongysh, I think we can have a live demo but we are a bit limited on the type of VNFs that we are gonna use07:24
mardimgongysh, because07:24
mardimwe need the vxlan_tool to decapsulate the packets07:25
*** trinaths has quit IRC07:25
mardimand I only tried that with FW SFs07:25
mardimnot anything else07:25
mardimgongysh, ^07:25
gongyshmardim, why do we need vxlan_tool? in VM, the traffic is not in vxlan encapsulation.07:25
gongyshit is a normal l2/l3 packet.07:26
mardimthe vxlan_tool is for the SFs so we can decapsulate the NSH header07:26
mardimwhich is used from the SFChaining07:26
*** dangtrinhnt has joined #tacker07:27
gongyshyou are talking about odl sfc?07:27
mardimyes07:27
gongyshwe can use ovs port-pair chain.07:27
mardimI think networking sfc doesn't work right now without ODL07:27
mardimit has some bugs07:28
mardimwhich are not fixed07:28
mardimI tried to do SFC without ODL07:28
mardimand that was not possible07:28
mardimgongysh, ^07:28
egonzalez_afkmardim, in what release? its been working without odl07:29
gongysheven with odl nsh, the vnf itself does not need to know the vxlan.07:29
mardimegonzalez_afk, I think the last time I checked was Pike release07:30
mardimand it was not fixed07:30
mardimgongysh, yes you are right the vxlan_tool is the tool which decapsulates NSH07:30
mardimis not about vxlan tunneling07:31
mardimthis is just a name07:31
*** egonzalez_afk is now known as egonzalez07:31
mardimgongysh, I have a video which I was presenting in ONS summit07:32
mardimthis video is a recorded SFC demo07:32
mardimdo you think we can use that ?07:32
mardimwe recorded a sfc demo and we presented that in ONS summit07:33
gongyshmardim,  if we do not know how to set up a snort vnf, we can also set up a two vnfs chaining: src -> packets stats  vnf -> fw vnf -> dst.07:33
gongyshmardim, do you have a link for it?07:33
mardimlet me ask MAnuel Buil first so I can be sure that I can sare that video07:34
mardimgive me a minute07:34
mardimgongysh, ^07:34
mardimshare*07:35
gongyshmardim, in fact, I want more:  we are using a app monitoring on traffic for src -> dst,  which will set up a sfc src -> packets stats  vnf -> fw vnf -> dst once a suspected attach happens.07:36
gongyshthis is why I name our topic dynamic sfc.07:36
mardimgongysh, ok to understand this completely so you have a monitoring tool which monitors specific src,dst IP adresses ?07:42
mardimand then when find a specific adress instructs the traffic to go through some chain ?07:42
gongyshtacker has a feature: app monitor which use zabbix07:42
mardimgongysh, ok we use tacker-zabbix integration got that07:44
mardimgongysh, after that ?07:44
mardimI am trying to understand the demo scenario07:44
mardimsorry :(07:44
mardimgongysh, ^07:45
gongyshand then use zabbix trigger to set up a sfc.07:45
mardimwhy zabbix will trigger a sfc setup ?07:46
mardimwhy will*07:47
mardimwill it detect something which will cause that triggering of SFC ?07:47
mardimI am not so familiar with zabbix sorry07:47
mardimgongysh, ^07:48
gongyshmardim,  zabbix detect a alarm on dst vm, and then trigger an action, which is to setup a sfc.07:49
mardimgongysh, Ah ok so zabbix will detect a specific destination address and when that happens will trigger a sfc setup ?07:50
gongyshmardim, you need to get a basic knowlege about zabbix.07:50
mardimgongysh, ok I will do that07:52
*** trinaths has joined #tacker08:09
*** trinaths has quit IRC08:38
mardimgongysh, I am thinking about the demo09:03
mardimgongysh, the VNFs which will be used as SFs will be already power on and ready09:04
mardim?09:04
gongyshyes, that can be09:04
mardimand the only thing that zabbix will do is to setup a chain ?09:04
mardimok thanks09:05
gongyshcould be, be cause we support update a vnffg with vnffg classifier addition.09:05
mardimI am trying to figure out our opitons here :)09:05
mardimgongysh, yes tacker support update but ODL has bugs09:05
mardimand the VNFFG update doesn't work form ODL side09:06
mardimSo what I am thinking09:06
mardimis to have the VNFs already power on and ready to be used as SFs09:06
mardimand the zabbix when it will detect a specific traffic will trigger a VNFFG creation09:06
mardimgongysh, what do you think ? ^09:07
gongyshmardim, yes.09:08
gongyshwe can use ovs driver instead of odl driver.09:08
mardimgongysh, I think ovs driver has problem in networking-sfc side09:08
mardimhas some bugs09:09
mardimso I will not recommend09:09
gongyshwe have to test09:09
mardimok cool09:09
mardimgongysh, Regarding the SF which will work as packet stat09:10
mardimgongysh, If we use the vxlan_tool in a verbose mode and shows just the packets that are passing09:10
mardimis it acceptable09:10
mardim?09:10
mardimbecause I think we do not have many options on thsi09:11
mardimthis09:11
gongyshwhy do you need vxlan-tool?09:14
*** joxyuki has quit IRC09:15
gongyshfirst we need to decide what sfc driver we will use.09:15
gongyshodl or ovs?09:15
gongyshI think we should use ovs.09:15
gongyshI am not certain the odl integration with openstack is stable enough.09:16
mardimok I can try a devstack with ovs agent09:16
mardimbut I did it in pike release and I was not capable to create VNFFG because of networking sfc bugs09:17
mardimbut I can try again09:17
mardimthanks :)09:17
*** Dinesh__Bhor has quit IRC09:24
*** hyunsikyang has quit IRC10:06
*** openstackgerrit has joined #tacker12:04
openstackgerritCong Phuoc Hoang proposed openstack/tacker master: Support exposing Kubernetes service using Loadbalancer  https://review.openstack.org/54810912:04
openstackgerritNguyen Hai proposed openstack/tacker master: Add Module Index for Tacker docs  https://review.openstack.org/55946312:23
openstackgerritNguyen Hai proposed openstack/tacker master: Add Module Index for Tacker docs  https://review.openstack.org/55946312:23
*** bobh has joined #tacker13:01
*** hyunsikyang has joined #tacker13:21
openstackgerritTrinh Nguyen proposed openstack/tacker-specs master: Prometheus plugin for container-based VNFs monitoring specs  https://review.openstack.org/54041613:34
*** links has quit IRC13:58
*** gongysh has quit IRC14:12
openstackgerritNguyen Hai proposed openstack/tacker master: Fix incompatible requirement  https://review.openstack.org/56043214:15
openstackgerritNguyen Hai proposed openstack/tacker master: Add module index for tacker docs  https://review.openstack.org/55946314:17
*** bobh has quit IRC14:25
*** bobh has joined #tacker14:57
*** egonzalez has quit IRC15:01
*** gongysh has joined #tacker15:25
*** gongysh has quit IRC15:25
*** bobh has quit IRC15:36
*** bobh_ has joined #tacker15:36
openstackgerritNguyen Hai proposed openstack/tacker master: Add module index for tacker docs  https://review.openstack.org/55946315:46
openstackgerritMerged openstack/tacker master: Remove tox jenkins  https://review.openstack.org/55853116:06
*** bobh_ has quit IRC16:09
*** janki has quit IRC16:23
gebhey17:01
gebI am trying to play with the demo in https://github.com/openstack/kolla-ansible/blob/master/contrib/demos/tacker/ & https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html on a kolla-ansible 6.0.0 installed tacker17:02
gebWhen I try to destroy vnfs they end in deletion error17:02
phuocAre vnfs status active bebore?17:08
nguyenhaidid you delete all related using vnf such as vnffg, ns?17:10
nguyenhaiwhich version of tacker in kolla-ansible 6.0.017:10
gebJust rebuilding the installation to reproduce, I'll tell you once its ready :)17:33
openstackgerritNguyen Hai proposed openstack/tacker master: Add module index for tacker docs  https://review.openstack.org/55946317:37
gebok, so, i managed to reproduce18:12
gebthere are two different problem while launching either https://github.com/openstack/kolla-ansible/blob/master/contrib/demos/tacker/deploy-tacker-demo-sfc or https://docs.openstack.org/tacker/latest/user/vnffg_usage_guide.html which is a bit more complex18:13
gebi) tacker vnffg-create fails with Request Failed: internal server error while processing your request. on tacker vnffg-create for example in this line https://github.com/openstack/kolla-ansible/blob/master/contrib/demos/tacker/deploy-tacker-demo-sfc#L6818:15
gebii) trying to delete vnf, either manually or using https://github.com/openstack/kolla-ansible/blob/master/contrib/demos/tacker/cleanup-tacker put vnf in deletion error18:16
gebneutron port-chain-list ; neutron port-pair-group-list ; neutron flow-classifier-list (sent bu phuoc yesterday) result : https://pastebin.com/cU68yPMV18:21
gebI am a bit stuck trying to understand what could be the issue, if by any chance you are interested to help me debugging (even if its not today) that would be great :)18:22
gebI can provide ssh access if it is easier for you than to ask me to try commands, paste the output etc etc18:22
geb(Its a lab server, so sharing access is not a big issue)18:23
gebI am running a kolla ansible created install 6.0.0, so it should be queens. I can try to downgrade to 5.0.0 if you beleive it can be interesting. The install is pretty simple : https://pastebin.com/186TwfRe18:26
openstackgerritNguyen Hai proposed openstack/tacker master: Implement VNF monitoring using Mistral  https://review.openstack.org/48692418:28
gebsorry, good version of the install script https://pastebin.com/FQyBWwbR (openstack_release: "queens" and not "pike")18:28
gebif you beleive it would be worthly i can also test from devstack, I thought kolla-ansible would be more appropriate for a production-like testbed/lab, but maybe was i wrong ..18:31
gebThe tracker-server and tracker-conductor logs, don't let anything special appear. The neutron server logs let seems however to log more things, escpecially python errors https://pastebin.com/bGqXxYJ6 (L377 and following)18:53
geb2018-04-11 19:50:58.740 25 ERROR networking_sfc.services.sfc.driver_manager [req-904389a8-d8e9-4a10-8621-8a6c2585fb30 36578caec01c430aacbd87879c2ee55c d990620da62243f68c2404932565c37b - default default] 'PortChainContext' object has no attribute 'session': AttributeError: 'PortChainContext' object has no attribute 'session'18:54
*** bobh has joined #tacker19:58
gebIf you are interested to help me understand what could be the issue causing those python errors (did kolla packaged a non-fonctionnal version ?), i'll be available tomorrow starting by ~14-15h UTC+220:35
gebIf you would like to get a ssh access to perform debugging, feel free to send me requests & ssh keys at mathieu.goessens@imt-atlantique.fr ideally with pgp signature20:37
geb(I also tested with openstack vnf graph create instead of tacker vnffg-create, to be sure, same result)20:38
-openstackstatus- NOTICE: zuul was restarted to updated to the latest code; you may need to recheck changes uploaded or approvals added between 21:30 and 21:4522:31
*** bobh has quit IRC22:40
*** bobh has joined #tacker22:42
« Tuesday, 2018-04-10 Index Thursday, 2018-04-12 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!