#openstack-lbaas log

16:00:18 <gthiemonge> #startmeeting Octavia
16:00:18 <opendevmeet> Meeting started Wed Feb  2 16:00:18 2022 UTC and is due to finish in 60 minutes.  The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:18 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:18 <opendevmeet> The meeting name has been set to 'octavia'
16:00:24 <gthiemonge> Hi everyone
16:00:38 <noonedeadpunk> o/
16:01:15 <johnsom> o/
16:02:13 <gthiemonge> #topic Announcements
16:02:28 <gthiemonge> I don't have any announcements today. johnsom maybe?
16:03:11 <johnsom> Just that pip 22 broke many of the test jobs.
16:03:34 <johnsom> The fix in devstack merged today and is working it's way through the stable branches
16:04:41 <gthiemonge> yes, the gates for our stable/train & stable/ussuri branches, and for octavia-tempest-plugin are broken
16:06:27 <gthiemonge> #topic Brief progress reports / bugs needing review
16:06:59 <gthiemonge> Hey Folks I have 2 commits that need review for centos 9 stream support
16:07:06 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia/+/816370
16:07:18 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia/+/826769
16:07:31 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/816369
16:07:34 <gthiemonge> ok 3 commits!
16:08:43 <gthiemonge> I also have an old fix that already received a CR+2 (thanks johnsom)
16:08:48 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia/+/805955
16:09:49 <gthiemonge> It fixes some members in ERROR that can be seen as ONLINE during a configuration change
16:14:00 <tweining> I have two tiny, related changes about the draining operating state for members.
16:14:23 <tweining> #link https://review.opendev.org/c/openstack/octavia/+/826897
16:14:30 <tweining> #link https://review.opendev.org/c/openstack/octavia-dashboard/+/826905
16:15:18 <gthiemonge> tweining: thanks for your contribution ;-)
16:15:23 <tweining> octavia did not process HAProxy's weight value correctly and octavia-dashboard didn't display that state
16:15:38 <tweining> :)
16:16:51 <tweining> I remember now that during my initial testing I saw the same issue with UDP as well. That issue is still unsolved.
16:17:23 <gthiemonge> I think the weight parameter is untested with UDP
16:19:37 <gthiemonge> #topic Centos FIPS as voting jobs
16:20:19 <gthiemonge> Folks, there's one proposal to have a FIPS job for centos 8 stream
16:20:30 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia/+/798151
16:21:19 <gthiemonge> (basically with FIPS, the default params for cryptography are hardened)
16:21:37 <gthiemonge> I would like to discuss 2 things:
16:21:56 <gthiemonge> - should a FIPS-enabled centos 8 stream job replace the centos 8 stream job we already have?
16:22:36 <gthiemonge> - should it be a voting job? (our c8s job is non-voting)
16:22:54 <johnsom> I think they could be combined without issue.
16:23:44 <gthiemonge> a "basic" c8s would be useless, right?
16:25:19 <johnsom> Yeah, duplicate at least. The FIPS changes just puts additional restrictions on the OS. So, it's a more restrictive environment
16:26:20 <gthiemonge> I don't want to have too many jobs, I would prefer to remove the "normal" c8s job if we have a FIPS job
16:26:32 <johnsom> +1
16:26:46 <gthiemonge> then I'm not sure about the voting status
16:27:36 <gthiemonge> maybe we could make it voting in a follow-up patch
16:27:53 <johnsom> Yeah, c8s is on the PTI for yoga, we should have a voting job for that. However I know centos has been troublesome.
16:28:28 <johnsom> If it has stabilized I think we should make it voting, but if the OS is still too slow or causing problems we should keep it non-voting.
16:28:43 <johnsom> I am good with a phased approach
16:29:20 <gthiemonge> yes, I agree, I will ask the author of the change to make it non-voting, then we can revisit our decision in a few weeks
16:31:40 <gthiemonge> any other opinion?
16:32:16 <tweining> sounds sensible to me
16:34:45 <gthiemonge> ok thank you
16:34:51 <gthiemonge> #topic Open Discussion
16:35:04 <gthiemonge> any other topics you want to chat about?
16:35:33 <tweining> https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/824999 maybe?
16:36:22 <gthiemonge> tweining: sure, go ahead
16:36:41 <tweining> in particular the comments about the configurable IP and the POOL_MEMBERS enum need some clarification I think.
16:37:25 <gthiemonge> line 239
16:38:07 <gthiemonge> johnsom: do you think 192.0.2.0/24 could be routable? (this is a subnet for doc)
16:39:02 <johnsom> Ah, so tempest gets run in real environments to test upgrades, etc. It is quite likely that some clouds may be using that address space for internal needs. We have had feedback to this in the past.
16:39:51 <johnsom> I know we have this in other places as well, but I was raising the comment that maybe we should make those configuration items so if there is a conflict that causes artificial failures, the user can override them.
16:40:24 <johnsom> It's a minor comment
16:40:47 <gthiemonge> could we create a subnet with this CIDR? the amphora would not route the packets outside of our testing env
16:42:14 <johnsom> Yeah, maybe. But just making a config setting might be simpler
16:42:33 <johnsom> The test requires those to not respond
16:43:06 <tweining> is there a config file that I could use for that already, or should I use an environment variable for that instead?
16:43:21 <johnsom> Yes, the config setup already exists
16:43:28 <gthiemonge> tweining: https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/config.py
16:43:36 <johnsom> Yep, that
16:43:46 <tweining> thanks
16:43:53 <johnsom> They go in tempest.conf
16:44:14 <johnsom> But we can just set the default to be the 192.0.2.x addresses
16:45:11 <gthiemonge> sounds good
16:45:29 <tweining> ok, I would rather do that then.
16:46:48 <gthiemonge> I guess the 2nd question is: should we have a test that doesn't use a HM (for providers that don't support HM)?
16:46:51 <johnsom> +1 It's just a nice thing for our users to have an option
16:47:51 <tweining> the original intention behind this enum is to allow reusing the test for testing with the OVN provider.
16:48:01 <johnsom> Well, "in my opinion" a load balancer without health monitoring is useless, so....
16:48:37 <gthiemonge> does it support it now?
16:48:55 <johnsom> I don't know the status of the OVN driver
16:49:24 <gthiemonge> i don't know either
16:49:53 <johnsom> I was just calling out that having a test set with and a test set without is ...  a large matrix
16:50:27 <johnsom> If we think we need it, ok. I just wanted to ask the question.
16:50:31 <gthiemonge> https://opendev.org/openstack/octavia-tempest-plugin/src/branch/master/octavia_tempest_plugin/config.py#L256
16:50:46 <gthiemonge> ^ we could use this config flag
16:50:58 <johnsom> All of those should be removed IMO
16:51:11 <johnsom> I don't know if they even do anything anymore.
16:51:53 <johnsom> Could the test fall back to no HM if the create fails with a "unsupported feature" error?
16:52:19 <gthiemonge> yeah that could be a solution
16:52:38 <johnsom> All of those garbage "feature enabled" configs can be removed as the tests now "skip" when a driver doesn't support a feature.
16:53:02 <gthiemonge> yeah you're right
16:53:57 <johnsom> It's my bad that I got side tracked and didn't finish removing those. I think I was waiting on the IPv6 patch to land.
16:54:19 <tweining> ok, then I'll remove the enum again and use a bool for the fully_populated option like in my original implementation and add code for handling the unsupported feature case.
16:54:44 <gthiemonge> +1
16:55:05 <johnsom> +1 thanks
16:55:33 <tweining> thanks for the good discussion
16:55:33 <gthiemonge> tweining: ping me if you need more details
16:55:45 <johnsom> Same
16:55:54 <gthiemonge> anything else Folks?
16:57:04 <gthiemonge> ok
16:57:08 <gthiemonge> Thanks everyone!
16:57:11 <gthiemonge> #endmeeting