#openstack-meeting log

14:00:12 <slaweq> #startmeeting neutron_drivers
14:00:13 <openstack> Meeting started Fri Aug 21 14:00:12 2020 UTC and is due to finish in 60 minutes.  The chair is slaweq. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:14 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:14 <slaweq> hi
14:00:16 <openstack> The meeting name has been set to 'neutron_drivers'
14:00:24 <dosaboy> o/ hi
14:00:50 <pprincipeza_> Hello.
14:00:57 <dosaboy> slaweq: im @hopem (from lp 1892200) fwiw
14:00:59 <openstack> Launchpad bug 1892200 in neutron "Make keepalived healthcheck more configurable" [Wishlist,New] https://launchpad.net/bugs/1892200
14:01:15 <mlavalle> o/
14:01:15 <haleyb> hi
14:01:21 <amotoki> hi
14:01:25 <slaweq> welcome dosaboy :)
14:01:31 <pprincipeza_> slaweq, and I'm pprincipeza from lp 1891334. :)
14:01:32 <openstack> Launchpad bug 1891334 in neutron "[RFE] Enable change of CIDR on a subnet" [Wishlist,New] https://launchpad.net/bugs/1891334
14:01:38 <slaweq> welcome pprincipeza_ :)
14:01:58 <slaweq> hi mlavalle haleyb and amotoki
14:02:02 <slaweq> :)
14:02:12 <slaweq> ralonsoh and njohnston are on pto this week
14:02:23 <slaweq> so lets just wait 2 more minutes for yamamoto
14:02:51 <pprincipeza_> ACK!
14:04:35 <slaweq> ok, lets start
14:04:48 <slaweq> even without yamamoto we have quorum so we should be good to go
14:04:56 <slaweq> #topic RFEs
14:05:02 <slaweq> we have 2 RFEs today
14:05:04 <slaweq> first one:
14:05:11 <slaweq> #link https://bugs.launchpad.net/neutron/+bug/1891334
14:05:12 <openstack> Launchpad bug 1891334 in neutron "[RFE] Enable change of CIDR on a subnet" [Wishlist,New]
14:07:05 <pprincipeza_> I submitted that on behalf of a customer, who would like to have the ability to expand the subnet currently in use.  He has implemented the alternative alread (new subnets), his wish would be to avoid creating these distinct subnets, and keep the servers under a single subnet (even though this is completely virtual and internal to OpenStack).
14:08:07 <pprincipeza_> I understand the limitations that this would imply, as in having to repopulate existing Instances with new IP/Mask/GW information, and this would definitely need downtime. :/
14:10:09 <pprincipeza_> I'd imagine this would be less "painful" on subnets with DHCP allocation, as this info *should* come with the lease renewal?
14:10:21 <dosaboy> i assume this would only be expected to work as increase and not decrease of size
14:10:49 <pprincipeza_> dosaboy, yes.
14:11:55 <dosaboy> pprincipeza_: is there a particular use-case? would just adding an extra subnet to the network now solve the issue?
14:12:05 <dosaboy> s/now/not
14:12:32 <haleyb> technically, it should be able to scale-down a subnet if number of ports is small enough, just don't know why you'd want to do that
14:12:43 <slaweq> but how You want to force changes of e.g. mask in the existing instances?
14:13:18 <pprincipeza_> dosaboy, the use-case is more on a "systems management" side than in functionality.  He has implemented other subnets, and everything is working fine.
14:14:51 <pprincipeza_> slaweq, my only thought there would be on doing the change with instances down, as I imagine the new information from subnet would come in upon the lease renewal?
14:14:59 <pprincipeza_> (And I expect that to happen at boot time?)
14:15:13 <haleyb> slaweq: scaling-up by just changing the mask might not cause a big disruption, but i can't see being able to do that if pools are being used, would need to change to a new subnet, bleck
14:15:23 <mlavalle> so the system manager wants to save himself / herself manag ement work and instead have the users reconfigure thier vms?
14:15:36 <dosaboy> haleyb: i guess either way i worry about the number of places that update would have to be applied to
14:16:52 <pprincipeza_> mlavalle, yes, it sounds not much reasonable when thinking of end-users of the Cloud. :/
14:17:29 <pprincipeza_> And the change on lb-mgmt for Octavia would also be a use-case, I believe?
14:17:49 <haleyb> i can see how this change would help with certain deployers too, for example where the undercloud was made too small, but don't know how the cloud admin could do this successfully, for a tenant it seems more doable
14:18:28 <haleyb> pprincipeza_: so is the use case more the end-user/tenant?
14:18:58 <mlavalle> I understood the opposite, but I migh be wrong
14:19:26 <slaweq> on neutron's side it would be change in the dhcp agent and neutron db, right? other things are on user who needs to e.g. reboot vms or force renew of lease, is that correct or am I missing something here?
14:19:46 <dosaboy> if its octavia lb-mgmt net then its the case where it runs out of addresses for amphora vms etc
14:19:47 <pprincipeza_> haleyb, ^ thanks, slaweq.  that sums it up.
14:20:08 <haleyb> mlavalle: it's not clear to me
14:20:09 <mlavalle> pprincipeza_: you also mention Octavia, which is not mentioned in the RFE. Is there an aditional conversation going on that we haven't seen in this meeting?
14:21:20 <pprincipeza_> mlavalle, this was a use-case not initially added to the RFE I submitted, but discussing this with dosaboy, that use-case came up as an addition.
14:21:35 <dosaboy> mlavalle: tbh we've seen the octavia issue with older deployments before we switched to using v6 networks for the lb-mgmt net
14:21:49 <pprincipeza_> mlavalle, I can certainly add that mention to the LP Bug, if that's needed.
14:22:06 <dosaboy> but i havent yet tested if adding an extra subnet could fix that, planning to try that
14:22:59 <johnsom> Octavia also has an rfe to add multiple subnets for the lb-mgmt-net. It just hasn’t come up that anyone needed it, so is low priority.
14:23:13 <dosaboy> i don't know if that's pprincipeza_ original use-case though
14:23:22 <dosaboy> johnsom: oh interesting i was not aware of that
14:24:55 <mlavalle> but pprincipeza_'s aim is to avoid adding subnets, isn't it?
14:24:55 <slaweq> I'm still not really convinced for that rfe and if we should implement something what may be in fact painful for users later
14:25:21 <amotoki> I had a trouble in internet connection and am just following the discussion. As you already discussed, expanding a subnet CIDR leads to a subnet mask change. It sometimes leads to a problem between an existing vm and a new booted vm if the exsting vm does not update the mask. If all communications happen between gateway and VMs, we will hit less problems.
14:25:51 <pprincipeza_> mlavalle, yes, that's my initial aim.
14:26:25 <mlavalle> in that case, the Octavia RFE mentioned above is not related, if I understand correctly
14:27:37 <haleyb> amotoki: and it might be you can't just change the mask, but need a new cidr due to overlap, right?
14:27:57 <pprincipeza_> Yes.
14:28:03 <amotoki> haleyb: yes
14:28:27 <johnsom> In fact, using the AZ code in Ussuri Octavia allows for multiple lb-mgmt-nets today.
14:28:28 <haleyb> so then it's new subnet and live migration, etc
14:28:32 <amotoki> haleyb: I think overlapping case can be covered by the API side. we can check overlapping of CIDR
14:29:53 <haleyb> amotoki: right, i was just thinking the simple case of changing from /26 to /24, same cidr, which causes little disruption, otherwise it's reboot everything
14:30:10 <mlavalle> right
14:30:33 <amotoki> haleyb: thanks. I am in a same page.
14:30:57 <pprincipeza_> And if rebooting is needed, it is needed, I don't see that feature being added without some "pain" for the Instances. :)
14:32:25 <mlavalle> f and the RFE refers to "changing the CIDR of a subnet", so it's not just going from /26 to /24
14:32:42 <haleyb> pprincipeza_: if you need to reboot, is a new subnet with new instances easier?  no downtime if these instances are part of a pool?
14:33:16 <slaweq> mlavalle: exactly, how it would be if You would e.g. changed from 10.0.0.0/24 to 192.168.0.0/16 ?
14:33:26 <pprincipeza_> haleyb, the new subnet with new instances is already in place as a functional way out of the "expansion" limitation.
14:33:29 <slaweq> that may be much harder :)
14:34:37 <haleyb> this has a ripple effect through security groups as well
14:35:03 <pprincipeza_> mlavalle, slaweq, my initial use-case beared a minor /26 to /24 scenario, but the bigger change (CIDR) was requested, utmostly.
14:36:03 <slaweq> personally I can imaging that we are allowing extend of the cidr, so old cidr has to be inside new, bigger one
14:36:08 <amotoki> does it work if the RFE is rephrased from "changing" to "expanding"?
14:36:12 <slaweq> but other use cases I'm not sure
14:36:49 <mlavalle> amotoki: so the /26 to /24 case?
14:36:54 <amotoki> mlavalle: yes
14:37:12 <amotoki> * with limitations
14:40:03 <slaweq> so should we vote on that rfe or do You want some more clarifications and discuss that again next week?
14:40:05 <haleyb> amotoki: it's more reasonable if just expanding, but i guess there will still be connectivity issues since the gateway will have changed?
14:40:23 <mlavalle> haleyb: I think so
14:40:54 <amotoki> haleyb: the gateway address is alreaedy assigned so I don't think we need to change the gateway address.
14:40:59 <slaweq> haleyb: if we will just expand, why gateway need to be changed?
14:42:17 <haleyb> slaweq: i just didn't know if the expansion changed the ".1" address to be different. i.e. 2.1 to 0.1 or something
14:42:48 <haleyb> or the gateway stays the same...
14:43:30 <amotoki> I thought the gateway stasy the same. In my understanding, the current logic is applied only when a gateway is not specified.
14:43:47 <slaweq> amotoki: I think the same
14:44:46 <haleyb> amotoki: yes, i was just thinking out loud, shouldn't be an issue after thinking about it
14:45:18 <amotoki> haleyb: thanks. we are careful enough :)
14:45:55 <slaweq> so are we ok to approve this rfe as "expansion of subnet's cidr" and discuss details in the review of the spec?
14:46:19 <amotoki> +1 for expanding a subnet CIDR. This operation may require additional workaround including instance reboot as we discussed. it is worth documenting in the API ref or some.
14:46:36 <rafaelweingartne> If it is just about expanding CIDRS, +1
14:47:07 <slaweq> pprincipeza_: will that work for You?
14:47:29 <pprincipeza_> slaweq, it works for me.
14:47:39 <pprincipeza_> Thank you very much for considering it!
14:47:40 <mlavalle> +1 from me, then
14:47:52 <slaweq> haleyb ?
14:48:43 <haleyb> +1 from me
14:48:57 <slaweq> thx, so I will mark this rfe as approved
14:49:05 <slaweq> with note about "expanding cidr" only
14:49:16 <slaweq> ok, lets quickly look into second rfe
14:49:23 <slaweq> #link https://bugs.launchpad.net/neutron/+bug/1892200
14:49:24 <openstack> Launchpad bug 1892200 in neutron "Make keepalived healthcheck more configurable" [Wishlist,New]
14:49:27 <pprincipeza_> Awesome, thank you very much slaweq haleyb mlavalle!
14:49:38 <dosaboy> ok so,
14:49:43 <dosaboy> 1892200 is related to an issue that we have recently observed in an env using l3ha
14:49:47 <dosaboy> the conditions to hit the issue are somewhat protracted and described in the LP but
14:49:50 <dosaboy> long story short is that while the check was failing for a valid reason, the result of it failing ended up causing more problems
14:49:53 <dosaboy> and since the original cause of the test failure was transient, there was no real need to failover
14:49:56 <dosaboy> therefore a slightly more intelligent test than simply doing a single ping would be preferable
14:50:03 <dosaboy> in terms of solutions I know that protocols like BFD are much better at dealing with this kind of thing and are available in OVN
14:50:06 <dosaboy> but this is really for those users that will be stuck with L3HA for the forseeable
14:50:09 <dosaboy> so adapting what we e.g. just trying more pings before we declare a failure, would be better than what we have imho
14:50:12 <dosaboy> on top of that, the suggestion to move the current code to use a template seems like a good idea
14:50:17 <dosaboy> right now the healthcheck script is entirely built from code
14:50:20 <dosaboy> if we used a template it would also provide the opportunity to make the path to the template configurable
14:50:24 <dosaboy> thus allowing for it to be modified without changing neutron code
14:50:28 <dosaboy> I've not looked to deeply into this yet but was thinkig something along the lines of a jinja template
14:50:31 <dosaboy> thoughts?
14:52:52 <slaweq> dosaboy: I was thinking about jinja2 too :)
14:52:58 <rafaelweingartne> The idea of a customizable template looks great, as long as there is a default one already in place.
14:53:26 <slaweq> rafaelweingartne: yes, my idea here was that we should basically provide default template which will be the same as what we have now
14:53:27 <dosaboy> rafaelweingartne: yeah absolutely, default that can be overriden via config path
14:53:29 <mlavalle> I think that is the idea, rafaelweingartne
14:53:55 <dosaboy> slaweq: yep
14:54:54 <amotoki> generally templating it sounds great. it potentially makes our bug triage complex. my question is whether we will keep current configurations (though I haven't checked if we have them).
14:54:58 <dosaboy> so i guess there's two way to look at the request, either we "improve" the existing default test and/or make it templatised to allow user-override
14:55:35 <dosaboy> amotoki: the only config currently iirc is the interval i.e. how often to run the check
14:55:37 <slaweq> amotoki: are You asking about configuration for specific process which is spawned for router?
14:55:41 <dosaboy> that can remain
14:56:09 <dosaboy> slaweq: no process here fwiw, the check is run directly by keepalived
14:56:26 <amotoki> slaweq: what i mention is keepalived config
14:56:33 <dosaboy> neutron generates the keepalived conf with the test enabled and a path to the test
14:56:43 <haleyb> slaweq: i like your thought on keepalived options for a router, maybe an extension?  instead of adding more config options?  or were you thinking something else?
14:57:01 <haleyb> that was in the bug comments
14:57:27 <dosaboy> haleyb: this isnt really about how keepalived drives the test though, not in my experience anyway
14:57:38 <dosaboy> our problem was really the test itself
14:57:54 <slaweq> currently when neutron-l3-agent is configuring new router, it generates keepalived config file through https://github.com/openstack/neutron/blob/master/neutron/agent/linux/keepalived.py
14:58:16 <slaweq> and this config file is storred somewhere in /var/lib/neutrin/ha_confs/<router_id> (IIRC)
14:58:31 <dosaboy> ... that fails when a single icmp reply is missed within 1s
14:58:56 <slaweq> and my idea here was that we can somehow change clases in this module that it will generate keepalived config file based on some template
14:58:56 <dosaboy> slaweq: correct
14:59:06 <dosaboy> right
14:59:10 <slaweq> so it will still set correct interface names, ip addresses and other variables
14:59:41 <slaweq> but user will be able to prepare in template other things like some timeouts, etc.
14:59:52 <dosaboy> im totally +1 on that and make the path to the template configurable so that users can modify it and put it somewhere else
14:59:56 <slaweq> I hope that it is clear and I hope it is correct with what dosaboy wants :)
14:59:59 <haleyb> slaweq: per-router or per-cloud?
15:00:08 <haleyb> i.e. admin-controlled template
15:00:15 <slaweq> haleyb: template would be "per l3 agent" in fact
15:00:16 <dosaboy> slaweq: yeah i think thats it
15:00:29 <slaweq> but in practice it should be per cloud
15:00:31 <dosaboy> yep per l3agent
15:00:40 <dosaboy> thats enough for us anyways
15:00:51 <slaweq> as You shouldn't have different configs on different network nodes
15:01:41 <amotoki> I am +1 for introducing template (and also we can keep better default configs)
15:01:41 <slaweq> ok, we are out of time today
15:01:41 <dosaboy> slaweq: yeah sorry im confusing things, it would be the same everythere but thats just cause we would configure all l3-agents the same
15:01:51 <dosaboy> ok thanks for reviewing
15:01:51 <slaweq> I think we need to get back to this next week
15:01:52 <haleyb> it now makes sense to me
15:02:10 <slaweq> or is it clear for You and You want to vote now on that quickly ?
15:02:47 <haleyb> what about others?
15:02:59 <haleyb> i don't think there's a meeting right after us...
15:02:59 <mlavalle> it makes sense to me
15:03:33 <mlavalle> i'm comfortable casting a +1
15:03:38 <slaweq> ok, so it seems that mlavalle amotoki haleyb and I are ok to approve it now
15:03:40 <slaweq> right?
15:03:49 <amotoki> I think so
15:04:33 <slaweq> haleyb: you ok with that proposal, right?
15:04:36 <haleyb> yes, i'd +1, seems useful for cloud admins
15:04:42 <slaweq> ok, thx a lot
15:04:48 <slaweq> so I will mark this one as approved too
15:04:54 <slaweq> thx for proposing it dosaboy
15:05:07 <dosaboy> thanks guys, much appreciated
15:05:08 <slaweq> and sorry that I keept You here longer than usually :)
15:05:17 <slaweq> have a great weekend and see You all next week
15:05:19 <slaweq> o/
15:05:23 <slaweq> #endmeeting