#openstack-lbaas log

16:00:23 <gthiemonge> #startmeeting Octavia
16:00:23 <opendevmeet> Meeting started Wed Nov  2 16:00:23 2022 UTC and is due to finish in 60 minutes.  The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:23 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:23 <opendevmeet> The meeting name has been set to 'octavia'
16:00:31 <johnsom> o/.
16:00:33 <tweining> o/
16:00:35 <matfechner> o/
16:00:50 <strigazi> o/
16:01:04 <gthiemonge> Hi everyone
16:02:28 <gthiemonge> #topic Announcements
16:02:40 <gthiemonge> well, no announcement for this week
16:02:45 <gthiemonge> unless I missed something?
16:03:42 <johnsom> Two weeks from MS1, but otherwise I don't have anything this week
16:04:16 <gthiemonge> yes
16:05:10 <gthiemonge> #topic CI Status
16:05:23 <gthiemonge> a quick update on the FIPS job:
16:05:58 <gthiemonge> during the PTG we talked about it because it fails with timeouts
16:06:52 <gthiemonge> we mentioned that we could split the job into 2 jobs, or that we could reduce the number of tests (tls_barbican only)
16:07:08 <johnsom> yep
16:07:09 <gthiemonge> we already have a FIPS job with only tls_barbican (in the check pipeline, non-voting)
16:07:14 <gthiemonge> #link https://opendev.org/openstack/octavia/src/branch/master/zuul.d/projects.yaml#L69-L71
16:07:18 <gthiemonge> and the CI looks good
16:07:22 <gthiemonge> #link https://zuul.openstack.org/builds?job_name=octavia-v2-dsvm-tls-barbican-fips&skip=0
16:07:33 <gthiemonge> 1. do you think it is enough and that we should remove the octavia-v2-dsvm-scenario-fips job?
16:07:45 <gthiemonge> 2. should we split the octavia-v2-dsvm-scenario-fips job into 2 jobs?
16:08:12 <johnsom> I think the barbican tests are probably good enough for FIPS coverage
16:10:47 <gthiemonge> ok
16:11:04 <gthiemonge> I will propose a patch to remove the periodic job
16:12:50 <gthiemonge> #topic Brief progress reports / bugs needing review
16:13:23 <tweining> the vertical scaling optimization patches are now ready for review
16:13:28 <tweining> https://review.opendev.org/q/topic:amp-cpu-pinning
16:14:15 <gthiemonge> tweining: ok cool
16:14:23 <tweining> the nohz_full and SSL cache patches are non-essential
16:14:51 <gthiemonge> I have worked on supporting the zookeeper backend for jobboard in devstack
16:14:56 <johnsom> I am working on Barbican secrets consumers, i.e. registering that a cert/key is in use with Barbican. The proposed patches for Barbican have some bugs, but I am able to move forward with it. I hope to have a patch posted this week.
16:14:58 <tweining> well, not non-essential, but not that important
16:15:08 <gthiemonge> #link https://review.opendev.org/c/openstack/octavia/+/862671
16:15:20 <gthiemonge> it is almost ready, but grenade is failing because of a stupid issue, I have to fix it
16:15:36 <gthiemonge> the new octavia-v2-dsvm-scenario-amphora-v2-zookeeper job (non-voting) will replace octavia-v2-dsvm-scenario-amphora-v2 which is a duplicate of octavia-v2-dsvm-scenario
16:15:53 <johnsom> Nice
16:16:07 <johnsom> I think OSA wants to use zookeeper instead of Redis
16:18:05 <gthiemonge> it looks less hackish than the redis backend
16:18:23 <johnsom> But it brings Java
16:18:34 <gthiemonge> yeah
16:18:34 <johnsom> There are trade offs both ways IMO
16:20:32 <gthiemonge> #topic Open Discussion
16:23:40 <gthiemonge> Any other topics today?
16:24:02 <tweining> I have nothing today
16:24:37 <danfai> I would have some (support) questions regarding a specific setup, but we can have that after the meeting.
16:24:37 <gthiemonge> ok
16:25:04 <gthiemonge> danfai: yeah np, we can do that now
16:25:24 <danfai> I am trying to create an Octavia deployment on a flat network and like to only use one interface on the amphoras. Is there an easy way to do that by creating the nova instance and not care about vips?
16:26:15 <johnsom> Well, if you don't specify a subnet when adding members, it will use the VIP interface to access the backend member servers.
16:26:54 <danfai> So far I was able to patch out every netns call and spawn an haproxy on the same interface as the lb-mgmt port, but I had hoped there would be an easier way
16:27:02 <johnsom> But, the amphora driver always needs an lb-mgmt-net, so the amp will always have at least two interfaces. One outside the netns, one inside
16:28:25 <johnsom> Yeah, that just wasn't part of the design of the driver. The need for the lb-mgmt-net was based on the fact that Octavia can deploy in private tenant networks where there are no routes out.
16:28:36 <danfai> ok, then maybe another question. Would it be possible to specify the VIP at the time the listener is created?
16:29:56 <johnsom> Again, that was not part of the design of the amphora driver, so, no, not with the current code.
16:30:01 <johnsom> Curious though, why?
16:31:02 <danfai> Its a problem in the specific setup, because of dependencies we need the nova instance before the VIP...
16:32:04 <johnsom> Well, technically that is how it works. The nova instance boots with the lb-mgmt-net interface, then later in the LB create process we hot-plug the VIP interface in the netns.
16:32:35 <johnsom> But all of that happens inside the one API call for LB create.
16:34:34 <danfai> yes, for two IPs that works. I had hoped to have only one, but the order of the driver goes the other way around
16:35:26 <johnsom> Yeah, if you want to have an amp with only one port attached, you are looking at writing a new provider driver.
16:36:20 <danfai> ok thanks for the clarification, i had the same conclusion so far, that these are the options: 2 Ips or own provider driver
16:36:59 <johnsom> Yep. It's just a different use case than the amphora provider is targeting.
16:40:06 <strigazi> thanks for the input johnsom (I'm working with danfai)
16:40:30 <johnsom> Sure, NP
16:41:37 <gthiemonge> anything else? or we can close the meeting
16:42:37 <tweining> let's close it then
16:42:43 <gthiemonge> ok ;-)
16:42:47 <gthiemonge> thank you Folks!
16:42:54 <gthiemonge> #endmeeting