#openstack-neutron log

14:03:31 <lajoskatona> #startmeeting neutron_drivers
14:03:31 <opendevmeet> Meeting started Fri Mar  4 14:03:31 2022 UTC and is due to finish in 60 minutes.  The chair is lajoskatona. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:03:31 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:03:31 <opendevmeet> The meeting name has been set to 'neutron_drivers'
14:03:33 <lajoskatona> Hi,
14:03:35 <ralonsoh> hi
14:03:35 <mlavalle> o/
14:03:47 <trident> Hi
14:04:00 <amotoki> hi
14:04:04 <obondarev> hi
14:04:14 <gibi> o/
14:05:04 <lajoskatona> ok, let's start
14:05:12 <lajoskatona> we have one topic left from last week:
14:05:15 <lajoskatona> Gratuitous ARPs are not sent during master transition: (#link https://bugs.launchpad.net/neutron/+bug/1952907):
14:05:51 <lajoskatona> the link again without extra chars: #link https://bugs.launchpad.net/neutron/+bug/1952907
14:06:34 <ralonsoh> I'll start, if you don't mind
14:06:46 <ralonsoh> I took a look at proposal 1, https://github.com/acassen/keepalived/commit/b10bbfc2a2b216487cea5a586c55765275e41253
14:07:05 <ralonsoh> since keepalived 2.0.19, this is solved in the service itself
14:07:23 <lajoskatona> thanks
14:07:26 <ralonsoh> I would like to confirm that this was the initial problem to implement https://review.opendev.org/c/openstack/neutron/+/707406
14:07:29 <trident> Damian is unfortunately on vacation. I'll try to cover it from our side.
14:07:40 <lajoskatona> this is for this patch: https://review.opendev.org/c/openstack/neutron/+/712474
14:08:06 <lajoskatona> trident: thanks, I was looking for Damian to ping him
14:09:02 <trident> The more I have looked into it the more I am wondering if we can either revert (if we are okay to require keepalived > 2.0.19) or re-work https://review.opendev.org/c/openstack/neutron/+/707406 ...
14:10:19 <obondarev> are there any issues with keepalived upgrade?
14:10:39 <trident> To be honest for more reasons than only this issue. Mainly for mixing neutron into the process of failing over. Before neutron agents did actually not have to be at a fully working condition to in fact perform a successful fail over as everything was up, plugged and ready to roll as soon as the VRRP failed over.
14:11:04 <opendevreview> yatin proposed openstack/neutron master: [DNM] Check ovn ovs experimental  https://review.opendev.org/c/openstack/neutron/+/831220
14:12:31 <ralonsoh> I think obondarev was asking if using a keepalived newer version is a problem for the L3 agent
14:13:12 <mlavalle> newer meaning 2.0.19, right?
14:13:17 <ralonsoh> yes
14:13:23 <lajoskatona> exactly
14:14:05 <ralonsoh> btw, this is the version used now in our CI with ubuntu 20.04
14:14:09 <ralonsoh> 2022-03-03 17:38:20.185329 | controller | Unpacking keepalived (1:2.0.19-2ubuntu0.2) ...
14:15:14 <trident> Yeah, 2.0.19 comes with Ubuntu 20.04 and we have run it pretty extensively and had no issues related to that version.
14:16:03 <trident> So, from that point of view I think it would be okay to revert https://review.opendev.org/c/openstack/neutron/+/707406
14:16:18 <mlavalle> trident: "run it pretty extensively" after reverting the changes in https://review.opendev.org/c/openstack/neutron/+/707406?
14:16:47 <ralonsoh> if that is the case and in sake in simplicity, I would revert the change ^^ AND add a upgrade check with a warning
14:17:02 <mlavalle> in other words, do you know that after reverting it works fine with keepalived 2.0.19?
14:17:23 <ralonsoh> that should be tested manually I think
14:17:30 <trident> No, from the general point of view that 2.0.19 works fine with l3 agents.
14:17:33 <lajoskatona> ralonsoh: but that patch is in Neutrons since ussuri, so I suppose we can't backport the revert till that
14:17:39 <ralonsoh> lajoskatona, no no
14:17:44 <mlavalle> trident: thanks for the clarification
14:17:44 <ralonsoh> revert in master only
14:17:53 <lajoskatona> ralonsoh: +1
14:18:33 <ralonsoh> and I would ask slaweq, who created the initial bug, steps to reproduce it manually
14:19:12 <trident> The issue https://bugs.launchpad.net/neutron/+bug/1859832 that called for https://review.opendev.org/c/openstack/neutron/+/707406 has been a bit hard to verify that it is gone in 2.0.19 as it's pretty intermittent. So far I have not been able to re-produce that issue with the patch reverted, but that has been in small test environments.
14:19:51 <ralonsoh> trident, yes but at least we can try it manually with different versions of keepalived
14:20:57 <lajoskatona> trident: I can help with the upgrade check if you need assistance
14:21:09 <trident> Could probably put more time into it and force the IPv6 address flush to happen after the proper local_vlan_id is set for the port to really test it.
14:21:30 <trident> lajoskatona: That would be apreciated!
14:21:34 <mlavalle> so are we saying asking trident to do some more testing for the team?
14:23:14 <trident> Yeah, if we decide on a prefered path forward, we can put some time into testing that path out a bit and look into what's needed to get tha actual fix out.
14:24:05 <lajoskatona> trident: thanks, by fix you mean the revert and using keepalived 2.0.19?
14:24:23 <trident> Yes.
14:24:31 <lajoskatona> trident: I eman revert of https://review.opendev.org/c/openstack/neutron/+/707406
14:24:34 <lajoskatona> trident: ok
14:25:31 <mlavalle> so we revisit this next week? would that be enough time for you trident?
14:26:11 <trident> mlavalle: Sounds good!
14:26:45 <mlavalle> Thanks!
14:26:46 <lajoskatona> ok, than I think we agree on the way forward, and based on the results we check the next steps, is that ok
14:26:49 <lajoskatona> ?
14:26:57 <mlavalle> +1
14:26:57 <obondarev> +
14:26:58 <ralonsoh> +1
14:27:02 <trident> +1
14:27:03 <amotoki> +1
14:27:09 <lajoskatona> +1
14:27:12 <lajoskatona> Ok, thanks
14:27:18 <mlavalle> thank you trident for helping with this
14:27:31 <trident> Thanks!
14:27:33 <mlavalle> much appreciated
14:27:41 <lajoskatona> exactly, thanks for working on this and bringing it here
14:27:53 <lajoskatona> ok, next topic
14:28:14 <lajoskatona> #topic On Demand Agenda
14:28:29 <lajoskatona> (ralonsoh): https://bugs.launchpad.net/neutron/+bug/1962465. I want to discuss the scope of this bug and the possible fix.
14:28:36 <ralonsoh> thanks
14:28:39 <ralonsoh> patch: https://review.opendev.org/c/openstack/neutron/+/819147
14:29:25 <ralonsoh> the point here is that now we allow to have, in a single node, two external networks with overlaping CIDRs
14:29:31 <ralonsoh> or the same CIDR, for example
14:29:47 <lajoskatona> The comments were mostly realted to  the question if it can happen real env that 2 public nets has the same or overlapping subnet range
14:29:52 <ralonsoh> right
14:29:56 <lajoskatona> ralonsoh: thanks exactly
14:30:23 <ralonsoh> nothing should happen, having external networks doesn't imply those networks are connected to, for example, internet
14:30:35 <ralonsoh> "external" doesn't mean "internet connection"
14:30:54 <ralonsoh> external means to be connected to an upper network, outside openstack
14:30:57 <opendevreview> Balazs Gibizer proposed openstack/neutron master: Show port MAC from binding profile for PFs  https://review.opendev.org/c/openstack/neutron/+/829247
14:31:11 <obondarev> could we name that just provider networks?
14:31:28 <ralonsoh> perfect, provider networks
14:31:52 <mlavalle> lol
14:32:06 <ralonsoh> sorry, the patch is https://review.opendev.org/c/openstack/neutron/+/831238
14:32:09 <ralonsoh> my bad
14:32:26 <ralonsoh> if, in a future, we want to limit this, that's perfect
14:32:30 <ralonsoh> now it is not limited
14:32:46 <ralonsoh> and this patch will work now and in this possible future
14:33:08 <ralonsoh> (and, IMO, we should not force this artificial limitation)
14:33:43 <obondarev> +1 the fix does not seem so complex to limit the use case
14:33:57 <ralonsoh> right
14:34:49 <mlavalle> I'm ok with ralonsoh's proposal
14:35:06 <lajoskatona> yes, we can even document it somewhere to be clear
14:35:20 <ralonsoh> I'll add a reno and documentation
14:35:48 <mlavalle> no need to impose artificial limits when we don't know who might be taking advantage of the current freedom :-)
14:35:57 <lajoskatona> ralonsoh: thanks
14:36:19 <ralonsoh> thank you all
14:36:50 <mlavalle> amotoki: you good with this?
14:37:02 <amotoki> i am fine with this
14:37:07 <mlavalle> :-)
14:37:17 <lajoskatona> liuyulong has comments on the patch, but He is not here today
14:37:30 <lajoskatona> I am ok with this, so +1
14:37:40 <mlavalle> first rule in a fight is to shoup up
14:37:46 <mlavalle> show up
14:37:57 <mlavalle> if you don't, you loose for sure
14:38:51 <lajoskatona> mlavalle: true
14:39:33 <lajoskatona> ok, if no more comments, ralonsoh can continue the patch, and we can vote on it in the review
14:39:40 <mlavalle> +1
14:39:40 <ralonsoh> thanks
14:39:57 <lajoskatona> Next topic:
14:40:02 <lajoskatona> (mlavalle): Should we backport this: https://review.opendev.org/q/c9242f9a889f4d69653de4d21bec6060f549ee7b
14:40:25 <mlavalle> saw a comment in one of the patches asking whether we should backport this
14:40:36 <mlavalle> so decided to bring it up to the team
14:41:16 <ralonsoh> I don't think so: that changes the policies of stable projects. Those changes should be done only in master, adding release notes and documentation
14:42:00 <ralonsoh> in other words: bumping a minor version should imply a policy file change (if there is no an explicit bug)
14:42:09 <ralonsoh> should not*
14:42:53 <lajoskatona> ralonsoh: agree, this is an API change even if it is not explicit like an extension
14:43:13 <mlavalle> so we are saying that changing policy is akin to an outright api change
14:44:08 <amotoki> does it change the default and existing behavior? If not, it just bringes more granular polices to operators.
14:44:46 <amotoki> I think API change usually means behaviro changes for valid authorized users.
14:45:37 <ralonsoh> RBAC for quotas was something that existed in older releases
14:45:44 <ralonsoh> but wasn't used
14:46:14 <ralonsoh> if you created, by mistake, a RBAC register before this change, the behaviour will change too
14:46:23 <ralonsoh> (if I'm not wrong)
14:48:30 <amotoki> ah, that's the only case I think. it happens someone created such rules while they are not used.
14:49:23 <mlavalle> but if it was done by mistake, should we honor it?
14:49:52 <ralonsoh> mistake or not, the user is responsible
14:50:20 <ralonsoh> so if we backport this change, the policy behaviour will change only by user decissions/operations
14:50:47 <ralonsoh> if we accept this, then we can backport it
14:51:02 <mlavalle> I think it makes sense
14:51:13 <ralonsoh> (I would add a reno in the backports, please)
14:51:20 <mlavalle> yeap
14:51:36 <mlavalle> document it in case someone made that 'mistake'
14:51:44 <ralonsoh> right
14:51:48 <lajoskatona> it was in the original patch anyway
14:52:07 <mlavalle> yes, there is a reno there
14:52:20 <ralonsoh> perfect then
14:52:48 <lajoskatona> Ok, than with documentation we agree to backport his change to ussuri and train
14:52:52 <ralonsoh> +1
14:52:56 <lajoskatona> +1
14:52:58 <mlavalle> +1
14:53:00 <amotoki> +1
14:53:07 <obondarev> +1
14:53:13 <lajoskatona> Thanks
14:53:18 <mlavalle> thanks for the time :-)
14:53:49 <lajoskatona> We have few minutes gibi, ralonsoh do you think it is enough for https://review.opendev.org/c/openstack/neutron/+/829247 ?
14:53:49 <amotoki> reagrding "RBAC for quotas was something that existed in older releases", I looked through git logs and we never had a policy named "get_quota" before the commit backported.
14:53:58 <gibi> lajoskatona: let's try :)\
14:54:19 <ralonsoh> amotoki, not in the policies but in the API, we were able to create RBACs for quotas
14:54:29 <ralonsoh> gibi, lets go
14:54:40 <lajoskatona> ok, thanks
14:55:02 * mlavalle has a meeting in 5 minutes, might have to drop out if we go over time
14:55:03 <gibi> so we are talking about https://review.opendev.org/c/openstack/neutron/+/829247/3#message-42662fa9f1788ef4031c756abb9ee12ecc4761c7
14:55:12 <gibi> it was discussed before
14:55:28 <gibi> it is about to allow mac_address to be added to the binding:profile
14:55:35 <gibi> for direct-physical ports
14:55:55 <gibi> and to change neturon to show the MAC from the binding:profile for the direct-physical ports
14:56:12 <gibi> so the port.mac_address will show the MAC from the active binding:profile if any
14:56:31 <ralonsoh> the API (get/list ports) will should the binding:profile:mac (if exists), instead of port.mac
14:56:42 <gibi> yes
14:56:48 <ralonsoh> will show*
14:57:41 <gibi> but neutron will not overwrite the DB cell behind port.mac_address
14:57:56 <gibi> with the value from the binding:profile
14:58:06 <ralonsoh> I think this is a good solution for this problem (and, btw, maybe we'll find new cases for this with HW offload and smart NICs)
14:58:21 <mlavalle> are we concerned about the discrepancy?
14:58:41 <gibi> I have limited neutron knowledge so I'm not :)
14:58:48 <mlavalle> lol
14:59:00 <mlavalle> the bliss of ignorance
14:59:05 <gibi> yepp
14:59:10 <ralonsoh> the user (Nova in this case) who binds the port is reponsible of the port binding info
14:59:16 <gibi> yes
14:59:24 <mlavalle> ralonsoh: that's my opinion
14:59:43 <obondarev> maybe should consider support that in Port OVO
14:59:57 <ralonsoh> and MAC address is tightly related to the port binding: some NICs cannot change it
15:00:06 <amotoki> If other codes in neutron refers mac_address of ports, it may affect but perhaps it can be handled in the port object
15:00:08 <ralonsoh> obondarev, correct!
15:00:31 <ralonsoh> amotoki, right
15:00:46 <gibi> obondarev, ralonsoh: if you give me some pointers where to make the OVO change then I'm happy to do that in the current patch
15:00:54 <ralonsoh> gibi, I'll help on this
15:00:58 <gibi> cool
15:01:20 <gibi> btw is somebody is interested here is the nova side populating the bindig:profile https://review.opendev.org/c/openstack/nova/+/829248
15:01:34 <lajoskatona> so am I right that the db will not change just mirror the mac from binding:profile to OVO?
15:01:59 <ralonsoh> yes
15:02:01 <obondarev> +
15:02:05 <gibi> fine by me
15:02:07 <lajoskatona> ok, +1
15:02:09 <ralonsoh> (with the active binding)
15:02:14 <ralonsoh> +1
15:02:16 <mlavalle> +1
15:02:38 <amotoki> seems voting
15:02:39 <amotoki> +1
15:02:50 <lajoskatona> amotoki: thanks :-)
15:03:05 <lajoskatona> ok, so with this we finished all the topics for today
15:03:07 <gibi> I plugged a -W to the neutron patch
15:03:09 <ralonsoh> busy Friday!
15:03:14 <gibi> :)
15:03:15 <lajoskatona> Thanks everybody
15:03:17 <gibi> thanks!
15:03:18 <lajoskatona> Bye
15:03:22 <obondarev> o/
15:03:22 <ralonsoh> have a nice weekend
15:03:24 <amotoki> o/
15:03:25 <gibi> o/
15:03:26 <lajoskatona> #endmeeting