16:02:17 #startmeeting Octavia 16:02:17 Meeting started Wed Mar 31 16:02:17 2021 UTC and is due to finish in 60 minutes. The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:02:18 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:02:20 The meeting name has been set to 'octavia' 16:02:41 should have run when i had the chance 16:02:41 Hi everyone 16:02:52 hi 16:02:52 Yeah, got distracted commenting on a story 16:03:04 #topic Announcements 16:03:19 RC2 release today - Should be the final release for Wallaby 16:03:27 Any comments on the RC2 release? 16:03:32 I will post it right after the meeting 16:03:43 +1 16:03:53 lgtm 16:04:15 PTG (virtual and free) registration is open 16:04:24 #link https://www.openstack.org/ptg/ 16:04:36 gthiemonge set up the PTG etherpad 16:04:43 #link https://etherpad.opendev.org/p/xena-ptg-octavia 16:04:59 Please note if you plan to join and add any topics you think we should discuss 16:05:11 Any other announcements this week? 16:05:59 #topic Brief progress reports / bugs needing review 16:06:14 I have been mostly focused on getting the patches merged for RC2. 16:06:41 I fixed the bug with older amphora and the new pools ALPN feature. This will be included in RC2 16:07:45 Currently I am looking into why the tempest tests for pool re-encryption are failing now. It looks like the floating IP (test created) is not passing traffic for some reason. Not sure if that is a known neutron issue or not 16:07:52 I've been working on some updates in the Octavia integration in tripleo 16:09:00 and I'm still looking at the ipv6+tcp+least_connection+allowed_cidrs scenario test that fails randomly 16:09:18 and i've been working on the ovn-provider and some downstream gate issues 16:09:21 Thanks, that is annoying 16:10:08 #topic Open Discussion 16:10:12 Any other topics today? 16:11:18 yep 16:11:20 one question 16:11:28 Just in time, lol 16:11:57 a user reported on the ML that not configuring "heartbeat_key" breaks the heartbeat message encryption 16:12:22 when not setting heartbeat_key, the default is None 16:12:53 in the amp we encrypt using "str(heartbeat_key)" while in the hm we decrypt using "heartbeat_key" 16:13:12 so in the case of None, str(None) != None 16:13:26 i'm assuming this review was from that, https://review.opendev.org/c/openstack/octavia/+/784022 16:13:32 hmmm, I would have expected that to be marked "required" in config.py as well.. 16:13:39 my question is: should we fix it? or should we set another default value for heartbeat_key 16:14:01 ah, reminds me of https://review.opendev.org/c/openstack/octavia/+/595578/1/octavia/common/config.py@196 16:14:48 cgoncalves Yeah, good point 16:15:19 https://opendev.org/openstack/octavia/src/branch/master/octavia/certificates/common/local.py#L32-L33 16:15:32 ^ we already have insecure defaults for some other config settings 16:16:18 Well, that is different. That key is only used for internal to the controller content, not stuff that goes over the wire. 16:16:46 It's a poorly named setting IMO 16:18:02 Hmm, yeah, the heartbeat key is an interesting one. There is no harm in setting it even if the amphora drivers are not used. 16:18:33 It is bad to have that content unprotected by allowing None 16:18:48 But we also shouldn't fail like it is 16:18:50 it's encrypted, but the key is None ;-) 16:19:12 It's actually not encrypted, but it's signed 16:19:45 the heartbeat_key was missing in the install-ubuntu doc, and there's a patch to add it 16:20:24 but I think we also need to have a working default value 16:20:39 Or require it be set to something 16:21:24 yeah that could be a good fix 16:21:36 with the fix in the doc 16:22:16 I'll propose a patch 16:23:26 Ok. It is a bit cheesy to require it even for providers that don't use it, but that might just be simpler 16:26:11 Ok, anything else today? 16:27:20 Ok, thanks everyone 16:27:24 #endmeeting