14:03:00 #startmeeting Kuryr 14:03:01 Meeting started Mon Dec 3 14:03:00 2018 UTC and is due to finish in 60 minutes. The chair is dulek. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:03:02 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:03:05 The meeting name has been set to 'kuryr' 14:03:40 Hello there! dmellado is feeling sick today, so he won't be with us, but let's start. 14:04:23 o/ 14:04:52 Hi! 14:04:57 celebdor, yboaron_, aperevalov, maysams? 14:05:06 o/ 14:06:48 o/ 14:06:56 o/ 14:07:02 I guess we can skip announcements if nobody has anything general? 14:07:09 #topic kuryr-kubernetes 14:07:32 dulek: I don't 14:07:48 Okay, so maybe I can start with quick update. 14:07:59 CRI-O support patches are up for reviews! 14:08:19 Here's the list: https://review.openstack.org/#/q/status:open+project:openstack/kuryr-kubernetes+topic:bp/crio-support 14:08:47 Or even better list: https://review.openstack.org/#/q/topic:bp/crio-support 14:09:10 This still has no support for Fedora/CentOS and OpenShift, but I guess it's a good step towards support of different container engine. 14:09:19 s/engine/engines 14:09:24 Reviews welcome! 14:10:00 I've also fixed a minor bug raised by SonicSong, regaring kuryr-daemon and hostnames with capital letters. 14:10:00 dulek, Q: what container engines do we plan/want to support in addition to docker? 14:11:01 yboaron_: It's CRI-O (+ podman as tool used in DevStack) at the moment. I don't really have resources to test any other. 14:12:00 dulek, OK, cool! 14:12:12 Regarding kuryr-daemon bug - here's the patch: https://review.openstack.org/#/c/621188/ 14:12:36 If you ever see that kuryr-daemon doesn't notice pods, it might be this issue. 14:13:19 I think that's it from me, this week I'll probably work on CRI-O on Fedora/CentOS and integration with OpenShift. 14:15:24 I have a question regarding nested DPDK support. https://review.openstack.org/#/c/559363/ anybody in charge of rebasing it? Gary is not here, but if you don't have objection I can rebase it, of course I'll try to contact with him. 14:15:29 dulek: I failed your https://review.openstack.org/#/c/620045/5 on a small thing 14:15:53 that you forgot quotes (which also demands changing [*] into [@] 14:16:03 aperevalov: Seems like garylong is on #openstack-kuryr? 14:16:44 dulek: oh, ok. Lets talk with him there ) 14:16:46 celebdor: Ha, that's funny, I've tested `echo ${command[*]}` and it looked good. 14:16:56 celebdor: I'll take a look again, thanks. 14:17:16 dulek: that will work too, but shellcheck linting will complain about not "" your vars 14:17:35 Also I'm preparing tempest test for SR-IOV, I found it has common parts with npwg test (NAD creation). So I try to generalize it. 14:18:11 NAD? 14:18:14 celebdor: linter in my IDE definitely ignores that, but whatever. ;) 14:18:16 networkattachmentdevice 14:18:18 of course 14:18:22 dulek: :-) 14:18:31 aperevalov: sounds good 14:19:18 dulek: https://review.openstack.org/#/c/621188/1 should be backported, did you backport? 14:19:45 Also I little bit stuck with credentials for tempest test to connect to devstack. 14:19:46 celebdor: Was waiting for master first. 14:20:10 celebdor: But if you insist - here you go: https://review.openstack.org/#/c/621588/ 14:20:45 aperevalov: Why is that? Tempest should give you a client that can connect. 14:21:18 dulek, was not another bug forcing it to get it from socket all the time instead of env var? 14:21:34 aperevalov: did you enable our tempest plugin devstack in your local.conf? 14:22:12 dulek, ahh, only on kuryr-controller for leader election... nevermind... 14:22:22 yes, I installed it with local.conf which I got from local.conf.sample. 14:23:15 aperevalov: Okay, so to use `openstack command` just do `source /opt/stack/devstac/openrc admin admin`. 14:23:51 aperevalov: And in Tempest I don't think you need anything else than the predefined Tempest methods. 14:24:34 aperevalov: Such methods: https://github.com/openstack/kuryr-tempest-plugin/blob/0db1f300850094127815ff9597949270a2814719/kuryr_tempest_plugin/tests/scenario/base.py#L567-L569 14:25:12 aperevalov: And to connect to K8s API just use the clients defined here: https://github.com/openstack/kuryr-tempest-plugin/blob/ffbd59d79213fc66d91e0fb17fe76c7841d84026/kuryr_tempest_plugin/tests/base.py#L32-L36 14:25:22 aperevalov: I'm not sure what else is needed? 14:25:22 there wasn't problem here with admin account ) Tempest was able to create new users (it does it in dynamic credential provider). Newly created users havn't enough rights. 14:25:50 aperevalov: Why do you want a new user then? 14:26:10 aperevalov: Let's do a step back and try to understand what test are you trying to write. 14:27:02 lets discuss it later after meeting ;) 14:28:22 Okay! 14:28:27 Anyone else has a report? 14:29:06 I want 14:29:36 I'm working in giving support to mach expressions in the NP 14:29:53 https://review.openstack.org/#/c/620572/ 14:30:09 would really appreciate any more reviews 14:31:00 or any additional ideas on how to approach it 14:31:56 also, I'm aiming to add tempests tests to the readiness quota check 14:32:02 cool 14:32:13 maysams: How do we plan to test that in Tempest. 14:32:21 * dulek has no immediate idea of a useful test. 14:33:22 dulek: Fetch the quota assigned to sg 14:33:30 create more than should 14:33:41 fetch status of kuryr controller 14:34:06 maysams: Hm… I wonder if readiness probes are run periodically or only on pod start? 14:34:19 periodically 14:34:38 dulek: from what I've seen 14:34:38 dulek, maysams: actually, one of the frequent failures on the gates is fips quota... 14:34:59 dulek, maysams: not sure if that quota checking was added though 14:35:26 maysams: Okay, then that makes perfect sense! 14:37:45 maysams, how the user will be notified that the reason for Kuryr-controller failure was Openstack quota? 14:38:09 yboaron_: It will be marked as not ready 14:38:10 and 14:38:15 maysams, and how restarting kuryr-controller will solve that? 14:38:17 the user can look into the logs 14:38:35 maysams, we should expect loop of restarts , right? 14:39:09 yboaron_: No. We should wait for the user to cleanup resources 14:39:29 then the controller will be marked as ready again 14:39:41 and will be able to receive traffic 14:41:02 yboaron_: That's the idea, readiness probe doesn't trigger restarts. 14:41:14 yboaron_: That's why we're adding those checks there. 14:41:57 maysams, dulek - OK!, thanks for the clarification - I missed this pieace of information 14:42:12 yboaron_: np! :-) 14:42:50 ALso one more clarification - failing on readiness probe doesn't stop kuryr-controller from handling requests. 14:43:21 As there's really no way to do that through K8s mechanisms (we could just stop watcher internally, but we don't do that). 14:43:57 But Kuryr pod being not ready it's a bit better indication than it was before. 14:44:21 And there's no way of propagating exact failure message to the user on `kubectl describe` level 14:44:30 At least when I've checked, maybe missed something. 14:44:34 dulek, what was the previous solution? trigger pod restart? 14:45:42 dulek: I've checked that as well 14:46:17 The previous solution result in controller restart loop, right? 14:46:26 dulek: from what I saw k8s do not provide this(the logging at 'describe' level) 14:46:43 yboaron_:yes 14:47:05 maysams, 10x 14:47:14 yboaron_: It was triggered because pod has had high number of failures IIRC. And that was probably kuryr-daemon restarts. 14:47:16 Not controller. 14:47:26 But I'm not sure without digging the code more. :P 14:48:56 Okay, anything else folks? 14:52:03 #endmeeting