16:00:02 <rm_work> #startmeeting Octavia 16:00:02 <openstack> Meeting started Wed Jun 19 16:00:02 2019 UTC and is due to finish in 60 minutes. The chair is rm_work. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:06 <openstack> The meeting name has been set to 'octavia' 16:00:30 <cgoncalves> o/ 16:00:33 <rm_work> o/ 16:00:40 <gthiemonge> o/ 16:00:41 <johnsom> o/ 16:01:12 <rm_work> #topic Announcements 16:02:13 <rm_work> So, the TC has decided to stop tracking the health of project teams 16:02:23 <rm_work> #link http://lists.openstack.org/pipermail/openstack-discuss/2019-June/007085.html 16:02:37 <rm_work> So... I guess no more worrying about that 16:02:40 <johnsom> Yeah, probably for the best. It was a strange process anyway. 16:02:49 <cgoncalves> this is what it looked like before for Octavia 16:02:52 <cgoncalves> #link https://wiki.openstack.org/w/index.php?title=OpenStack_health_tracker&direction=prev&oldid=170660#Octavia 16:03:23 <johnsom> Yeah, the paraphrasing was, interesting 16:03:57 <johnsom> I think they only did that once anyway. 16:05:12 <rm_work> Any other announcements? 16:05:51 <johnsom> Shanghai call for papers is open and end in less than a month. 16:06:17 <johnsom> deadline: July 2, 2019 at 11:59pm PT 16:06:39 <rm_work> Ah yes. I'm not sure what we want to submit this time. 16:06:42 <johnsom> #link http://cfp.openstack.org/?_ga=2.124047753.2032053596.1560783728-1706076231.1557509450 16:06:50 <rm_work> I'm aiming to go -- who else is? 16:07:15 <cgoncalves> dulek and I submitted a proposal today on kuryr and octavia 16:07:16 <johnsom> I am planning to not attend in person, but could be available virtual. 16:07:46 <rm_work> ok, so cgoncalves you will be there?] 16:07:47 <johnsom> Happy to help folks with slides too 16:08:01 <cgoncalves> rm_work, I have no idea 16:08:04 <rm_work> Then we could maybe do one of the normal presentations... if we think it's useful 16:08:08 <rm_work> ah, hmmm 16:08:26 <rm_work> well, ok 16:08:33 <cgoncalves> having a session helps but does not guarantee a lottery ticket 16:08:41 <johnsom> It would be great if we can do the project update at least. 16:08:42 <rm_work> heh 16:08:52 <rm_work> yeah but that isn't part of the CFP 16:09:06 <rm_work> I am planning to do that 16:09:06 <johnsom> Correct, you as PTL should get an e-mail about the project update sessions 16:09:46 <rm_work> so maybe we're good enough with just that and onboarding, which they said will be part of the PTG side this time 16:10:12 <rm_work> alright, is that it for announcements? 16:11:20 <rm_work> ok 16:11:22 <rm_work> #topic Brief progress reports / bugs needing review 16:12:22 <ataraday_> I started a couple of new transition to dicts changes, and review needed for #link https://review.opendev.org/#/c/662791/ and #link https://review.opendev.org/#/c/659538/ 16:12:22 <johnsom> Log offloading is done and merged. I still want to see if I can get creative with a tempest test for that. 16:12:44 <rm_work> I've been working on multiple things recently, the biggest of which is MultiVIP support, which could use reviews: https://review.opendev.org/#/c/660239/ 16:12:50 <rm_work> #link https://review.opendev.org/#/c/660239/ 16:12:53 <johnsom> Currently I'm working on some octavia-lib enhancements and a functional test for the driver-agent. 16:13:34 <gthiemonge> I have some changes related to UDP LB that need reviews: https://review.opendev.org/#/q/status:open+project:openstack/octavia+branch:master+topic:udp_states 16:13:53 <rm_work> Also working on some changes to the member subnet plugging calculations/handling, to resolve issues plugging additional subnets on the same network 16:13:55 <rm_work> #link https://review.opendev.org/#/c/665402/ 16:14:15 <johnsom> I have also put up some patches removing references to neutron-lbaas from the neutron and neutron-lib repos. 16:15:16 <cgoncalves> I resumed work on the VIP ACL RFE side but progresses slowly. the octavia-lib patch is ready for review 16:15:17 <johnsom> And finally, I did a PoC switching ubutnu over to the -kvm kernel for the image buids. It saves ~200MB in space for the image by removing a bunch of kernel modules we don't need. I have some cleanup to do in DIB for that, but look for that soon. 16:15:19 <cgoncalves> #link https://review.opendev.org/#/q/topic:vip-acl 16:16:22 <johnsom> So comparing the old kernel to the new, size: 605397504 vs 393244160 according to glance 16:16:27 <cgoncalves> the active-standby tempest scenario patch merged. I have to go now enable the jobs also in octavia 16:16:42 <johnsom> -rw-r--r-- 1 stack stack 376M Jun 17 18:59 amphora-x64-haproxy.qcow2.kvm 16:16:43 <johnsom> -rw-r--r-- 1 stack stack 578M Jun 11 17:18 amphora-x64-haproxy.qcow2.orig 16:17:31 <rm_work> noice, now just need to make centos not huge :D 16:17:53 * johnsom hold my coffee 16:18:20 <rm_work> Ok, cool, lots of work going on 16:18:53 <cgoncalves> ah, I also propose an octavia-tempest-plugin tag release: https://review.opendev.org/#/c/666037/ 16:19:40 <rm_work> Ah, before Open Discussion, I think gthiemonge did have a topic? Guess it wasn't added to the agenda page 16:19:56 <rm_work> gthiemonge: i forgot what exactly it was, hopefully you remember :D 16:20:06 <gthiemonge> oh yes, we were talking about UDB LB that mixes IPv4 and IPv6 16:20:07 <gthiemonge> UDP 16:20:43 <gthiemonge> currently, we can create a such LB with members, but keepalived keeps crashing because it doesn't support mixing IPv4/IPV6 16:20:56 <johnsom> Ah, yeah, so LVS doesn't/didn't support mixing the VIP and member protocol versions. 16:21:00 <gthiemonge> so we want to find a good way to handle this 16:21:31 <johnsom> I thought there was a check in the API that blocked it.... Maybe that was missed. 16:21:41 <rm_work> Yeah... so... do we try to validate the members that are added? 16:21:47 <rm_work> Is that the right approach? 16:22:39 <rm_work> and how does that work with multivip? if you have both ipv4 and ipv6... do you allow both kinds of members, but only add the ones that match the address-family for each individual vip? 16:22:57 <rm_work> that could be confusing 16:23:35 <rm_work> like if you add three members, 2x IPv4 and 1x IPv6, the IPv4 VIP would balance between two of them, and the IPv6 VIP would go directly to one 16:24:09 <rm_work> seems like it's very non-intuitive 16:24:19 <johnsom> There might be a way to make it work. Someone should spend some quality time with the keepalived bug list on github and see if there is a fix or workaround. 16:24:45 <rm_work> well, I don't know if it is literally possible to route UDP cross-family 16:25:36 <johnsom> Sure, it's just the IP wrapper that needs NAT really 16:25:40 <rm_work> can LVS do the necessary packet work? 16:26:24 <johnsom> I don't know. Like I said, you may be able to work around it with some iptables NAT rules. 16:26:34 <rm_work> hmm 16:27:01 <rm_work> k, need some help probably from someone who understands the low level networking aspects of this better than I do :) 16:27:06 <johnsom> I know at the time of the UDP work it was identified as a problem, so we did a release note about it. But I don't think it was investigated at all 16:28:10 <johnsom> I'm seeing some comments that this was fixed in the kernel. So, maybe needs a re-test or test for that matter. 16:28:19 <johnsom> #link https://github.com/acassen/keepalived/issues/876 16:28:21 <rm_work> k 16:31:29 <rm_work> yep, seems like it should work 16:31:39 <gthiemonge> I will test it 16:31:49 <rm_work> so, ok. just need to fix that. I wonder if moving to a new enough keepalived will be difficult 16:31:58 <rm_work> or kernel... is cent7 still on 2.6.x? 16:32:01 <johnsom> Thank you gthiemonge. We should be able to solve it one way or another. 16:32:52 <rm_work> or did they get to 3.x yet 16:33:13 <johnsom> Pretty sure it's 3.x 16:33:36 <johnsom> Let's check the log offload.... grin 16:33:42 <cgoncalves> fully loaded with feature backports, I must add 16:34:06 <rm_work> need at least 3.18 16:34:11 <johnsom> Linux version 3.10.0-957.21.2.el7.x86_64 16:34:18 <rm_work> also i was joking but i guess maybe it still is that old, rofl 16:34:26 * rm_work dies 16:34:28 <johnsom> Yeah, but it's hard to say if that feature was backported 16:34:44 <johnsom> #link http://logs.openstack.org/29/665029/3/check/octavia-v2-dsvm-py2-scenario-centos-7/735918f/controller/logs/octavia-amphora_log.txt.gz#_Jun_19_00_28_26 16:35:08 <rm_work> rofl ok, so yes, actually ancient 16:35:14 <cgoncalves> if not, we could try to check with the kernel team if it's possible 16:35:29 <rm_work> can we immediately drop cent7 support once cent8 is ready? >_> 16:35:52 <cgoncalves> yes IMO 16:35:56 <rm_work> i guess we can check for HAVE_DECL_IPVS_DEST_ATTR_ADDR_FAMILY 16:36:22 <rm_work> in keepalived/check/libipvs.c 16:36:39 <cgoncalves> our commercial Stein-based product will be fully on RHEL 8 16:36:48 <rm_work> err or is it in the kernel's configure.ac 16:36:55 <rm_work> well anyway yeah, we can check 16:37:03 <rm_work> ubuntu should be on 4.x so no issues right 16:37:16 <rm_work> and keepalived version 1.4.5+ probably 16:37:39 <johnsom> Linux version 4.4.0-151-generic 16:37:49 <rm_work> hmm no 16:37:57 <rm_work> bionic even still has 1.3.9 16:38:13 <rm_work> disco as 2.0 .... 16:38:22 <rm_work> even cosmic is still 1.3.9 16:38:29 <rm_work> that's problematic 16:38:59 <rm_work> i wonder if it can be backported 16:39:19 <johnsom> keepalived amd64 1:1.3.9-1ubuntu0.18.04.2 16:39:49 <johnsom> Again, hard to say on what they pulled back, etc. 16:39:49 <rm_work> yeah gross 16:39:56 <rm_work> i mean 16:40:11 <johnsom> We are just too cutting edge... lol 16:40:18 <rm_work> i don't think they would have backported a ton of features from 1.4.x right? wouldn't they just... RUN 1.4.x in that case? 16:40:36 <rm_work> anywho, we can work this out 16:41:05 <rm_work> #topic Open Discussion 16:41:22 <johnsom> I gave up trying to guess that stuff a long time ago 16:43:01 <johnsom> Just a quick qeustion. For the driver-agent functional tests, I need to create real files on the filesystem. I'm currently generating unique files in /tmp for that. Is that the right approach? 16:43:25 <colin-> are their contents meaningful? 16:43:29 <johnsom> I need to open the Unix domain sockets and create a DB file for sqlite. 16:43:43 <johnsom> The test has a cleanup hook to remove them 16:44:32 <johnsom> Basically they are the live driver agent sockets the tests will use. We will be firing up a driver-agent, without the full devstack for the functional tests. 16:45:24 <cgoncalves> I think that is fine 16:45:55 <johnsom> They are all uuid'd so they won't conflict with others running the same tests, etc. 16:46:06 <colin-> i would do it in /tmp, too 16:46:31 <johnsom> Cool, I thought so, just thought I would ask. I should have something posted for review today on that. 16:49:56 <colin-> do you folks think there is anything in the 2.0 release of haproxy that we should especially be looking forward to? most of what i'm interested in is outside the scope of octavia (prometheus scraping, for example) 16:50:28 <johnsom> I'm excited about the HTTP/2 work personally. 16:50:35 <rm_work> fyi looks like newer keepalived is needed for other reasons in bionic: https://bugs.launchpad.net/ubuntu/+source/keepalived/+bug/1819074 16:50:36 <openstack> Launchpad bug 1819074 in systemd (Ubuntu) "Keepalived < 2.0.x in Ubuntu 18.04 LTS not compatible with systemd-networkd" [Undecided,Confirmed] 16:50:47 <rm_work> so... it could happen 16:51:07 <colin-> good point johnsom more streaming and fewer conn brokering is always a good thing 16:51:32 <johnsom> Yeah, they have backported newer versions of haproxy for us in the past. Just need to request it on launchpad and reference the version in a newer release. 16:51:41 <rm_work> yes, 2.0 looks quite good actually 16:51:48 <rm_work> also the dataplane api will be interesting 16:52:18 <rm_work> I made this "question" but not sure if it should just be a bug: https://answers.launchpad.net/ubuntu/+source/keepalived/+question/681490 16:52:27 <johnsom> colin- The challenge we have is that the distros won't have 2.0 for a while, so it's a decision if we want to do things that require custom built images... 16:52:50 <johnsom> rm_work In the past I have just opened a backport request bug. 16:52:51 <rm_work> 2.1 will bring UDP loadbalancing to haproxy :D 16:52:53 <colin-> ah, i see yeah 16:52:55 <johnsom> I think they have a process 16:54:24 <rm_work> but yeah, a couple new protocols will be nice, http2 especially 16:54:27 <johnsom> We had a topic about that at the last PTG. Even 1.9 brings some really useful stuff like fully functional threading. 16:54:59 <rm_work> i wonder if we could just maintain an octavia packages repo <_< 16:55:04 <rm_work> for haproxy and keepalived 16:55:06 <rm_work> lol 16:55:24 <johnsom> And the kernel... Oh, wait. 16:56:07 <johnsom> I think we just need to come up with a strategy of how we handle such things and document it. 16:56:12 <rm_work> i mean it'd be possible with periodics 16:56:31 <rm_work> we could build them in-gate and upload them to the openstack artifact store 16:56:35 <rm_work> or our own PPA 16:56:38 <johnsom> For example, if someone asks for HTTP/2 via the API but the amp we get doesn't have a compatible version of HAproxy. 16:57:34 <johnsom> We can detect that, but do we just ERROR out the object? Ignore the setting and fall back to HTTP 1.1, etc. 16:57:51 <rm_work> probably safe-fallback strategies 16:58:12 <rm_work> or the admin configures which protocols are available 16:58:20 <rm_work> based on the amp version they run 16:58:36 <cgoncalves> ERROR out at API with a suggestion to an alternative (fall back to HTTP 1.1) 16:58:39 <johnsom> How would they know? 16:58:52 <rm_work> cgoncalves: API can't know 16:58:56 <rm_work> unless admin configures it 16:58:59 <cgoncalves> ah, right 16:59:05 <johnsom> Right, things to think about. We can continue the discussion next week. 16:59:14 <rm_work> yep, good meeting everyone 16:59:30 <cgoncalves> +1 16:59:31 <rm_work> #endmeeting