#openstack-lbaas log

16:01:10 <johnsom> #startmeeting Octavia
16:01:11 <openstack> Meeting started Wed Feb  3 16:01:10 2021 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:01:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:01:15 <openstack> The meeting name has been set to 'octavia'
16:01:20 <johnsom> #chair rm_work
16:01:21 <openstack> Current chairs: johnsom rm_work
16:01:29 <gthiemonge> hi
16:01:29 <haleyb> o/
16:01:30 <johnsom> Hi everyone
16:01:31 <cgoncalves> o/
16:02:03 <johnsom> #topic Announcements
16:02:14 <johnsom> My weekly nag about the upcoming feature freeze:
16:02:22 <johnsom> Final client release is first week in March
16:02:28 <johnsom> Feature freeze for everything else is the second week in March
16:02:38 <johnsom> #link https://releases.openstack.org/wallaby/schedule.html
16:02:50 <johnsom> Any other announcements this week?
16:03:37 <johnsom> #topic Brief progress reports / bugs needing review
16:04:13 <johnsom> I am mostly focused on TripleO things currently, so a bit distracted. Mostly just doing reviews and helping folks with questions, etc.
16:04:15 <gthiemonge> Hey, FYI I cleaned up and have updated the Priority Review list
16:04:23 <gthiemonge> #link https://etherpad.opendev.org/p/octavia-priority-reviews
16:04:39 <johnsom> Oh, nice!
16:05:38 <johnsom> Yep, quite the list, but we have done it before!
16:06:12 <gthiemonge> lots of merge conflicts, I don't know whether the owners will update their patches
16:06:18 <johnsom> Thank you gthiemonge!
16:06:44 <johnsom> Feel free to ask folks on IRC.
16:06:55 * johnsom notes he probably has a few in that category as well
16:08:20 <johnsom> Any other updates this week?
16:09:46 <johnsom> #topic vip_subnet_id access bug (gthiemonge)
16:09:52 <johnsom> You have the floor....
16:09:57 <gthiemonge> thanks
16:10:51 <gthiemonge> So a bug was reported this week: a user can create a load balancer plugged into the subnet of another user, by using the subnet UUID
16:11:21 <gthiemonge> there was an attempt to fix it in the past, but only the vip_network_id and vip_port_id were fixed
16:11:51 <gthiemonge> I have a small patch that fixes this issue: https://review.opendev.org/c/openstack/octavia/+/773798
16:12:19 <gthiemonge> basically it verifies that the user provided vip_subnet_id belongs to the user
16:12:41 <gthiemonge> but this patch triggers an interesting bug in octavia-tempest-plugin
16:12:45 <johnsom> Thank you for the patch
16:13:11 <gthiemonge> octavia-tempest-plugin uses a private subnet that is owned by the admin user for its IPv6 VIP test
16:13:24 <gthiemonge> #link https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/tests/test_base.py#L328-L329
16:13:43 <gthiemonge> so now, tempest is failing because it cannot create an IPv6 LB
16:14:08 <gthiemonge> I would like to have your opinion about that
16:14:21 <gthiemonge> if someone sees a way to fix or to work around this issue
16:14:48 <johnsom> Ah, yeah, we preference the IPv6 subnet that the tempest framework creates. I think this is because tempest also makes sure that subnet is routable (but I might be remembering that part wrong).
16:14:52 <haleyb> gthiemonge: can we do the obvious and create an ipv6 subnet owned by the user?
16:15:23 <gthiemonge> haleyb: yeah this is what I was thinking about
16:15:29 <johnsom> Yeah, that might be the right answer
16:15:47 <gthiemonge> haleyb: we can create it in the octavia-tempest-plugin's devstack plugin.sh file
16:15:56 <johnsom> No
16:16:10 <gthiemonge> it needs to be routable
16:16:26 <johnsom> It should be created in the tempest plugin setup so it is removed correctly and is present for runs outside of devstack.
16:16:35 <haleyb> can we create it right there in that code?  just rip-out the private check?
16:17:04 <johnsom> it would go in here:
16:17:04 <gthiemonge> but we need to add a route from the tempest controller to the ipv6 subnet
16:17:06 <johnsom> #link https://github.com/openstack/octavia-tempest-plugin/blob/master/octavia_tempest_plugin/tests/test_base.py#L143
16:17:27 <johnsom> Yeah, that is going to be the tricky part really.
16:17:41 <johnsom> It may require a change in tempest proper
16:18:02 <gthiemonge> yes that's not easy
16:18:28 <johnsom> The question is really, should tempest be setting that IPv6 subnet to "shared"
16:18:55 <gthiemonge> johnsom: the name of the network is "private"
16:18:56 <johnsom> In that case the user would have access
16:19:11 <johnsom> Yeah, but private networks can be marked as "shared" too....
16:19:57 <gthiemonge> yes, but I guess the intent is to have a non-shared private network :D
16:20:02 <johnsom> Is there a "public" ipv6 we should be using instead?
16:20:38 <johnsom> I vaguely remember there was a tempest bug that caused only that private network to be routable, so the tests failed when using public
16:20:45 <gthiemonge> there is a public ipv6 network
16:22:05 <johnsom> So, maybe give that a go and see if it works, if so, public is probably the right answer anyway. I think we use public for the IPv4 test VIPs
16:22:31 <gthiemonge> ok, I'm going to try the public network
16:22:37 <gthiemonge> anyways
16:22:46 <haleyb> there is an ipv6-public-subnet by default in devstack, but it's not directly viewable by a user
16:23:02 <gthiemonge> it will probably fix the tests in devstack, but octavia-tempest-plugin might start failing with other deployment tools
16:23:03 <haleyb> shared=False
16:24:02 <haleyb> i still don't understand why we can't just create a lb_member_vip_ipv6_subnet, someone will have to hit me with the clue bat
16:24:24 <haleyb> we already create an ipv4 one...
16:24:50 <gthiemonge> haleyb: we are sending requests to the VIP address from the devstack node, so the ipv6 address have to be routable
16:25:03 <gthiemonge> haleyb: it would require an explicity 'ip route add' call
16:25:07 <gthiemonge> explicit
16:25:29 <haleyb> oh, because the ipv4 one is for floating IPs?
16:25:42 <gthiemonge> yes, we have FIPs for ipv4
16:25:43 <johnsom> Our plugin should not be messing with the test host routes, that should be managed by tempest, etc.
16:27:12 * haleyb has smoke coming out his ears trying to think about an IPv6 fix
16:28:12 <johnsom> Well, if the public subnet doesn't work, maybe take the root of that issue to the qa team for ideas.
16:28:34 <johnsom> public is supposed to be reachable from the tempest tests
16:29:16 <gthiemonge> ok Guys, I will explore the many options we have listed here
16:29:20 <gthiemonge> thank you
16:29:30 <johnsom> +1
16:29:36 <gthiemonge> I'll probably ping haleyb ;-)
16:29:43 <johnsom> #topic Open Discussion
16:29:47 <haleyb> just don't ask for floating IPv6 :)
16:29:49 <johnsom> Any other topics today?
16:30:04 <johnsom> haleyb That is easy, it's a no-op. grin
16:30:07 <gthiemonge> nothing here
16:31:17 <haleyb> nothing from me
16:32:24 <johnsom> Ok then, thanks for joining and the conversation. Have a great week!
16:32:31 <johnsom> #endmeeting