#openstack-lbaas log

16:00:20 <gthiemonge> #startmeeting Octavia
16:00:20 <opendevmeet> Meeting started Wed Nov 22 16:00:20 2023 UTC and is due to finish in 60 minutes.  The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:20 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:20 <opendevmeet> The meeting name has been set to 'octavia'
16:00:25 <gthiemonge> hi
16:00:28 <johnsom> o/
16:00:31 <tweining> o/
16:00:51 <oschwart> o/
16:01:29 <gthiemonge> #topic Announcements
16:01:41 <gthiemonge> no announcements from me, do you have any?
16:02:21 <johnsom> Milestone 1 was last week
16:02:41 <gthiemonge> right
16:02:48 <tweining> nothing from me
16:02:50 <johnsom> Otherwise I don't think I have anything
16:03:49 <gthiemonge> #topic CI Status
16:03:59 <QG> o/
16:04:15 <gthiemonge> Reminder, we have some patches in review for the DB deadlock issue
16:04:19 <gthiemonge> https://bugs.launchpad.net/octavia/+bug/2038798
16:04:23 <gthiemonge> https://review.opendev.org/c/openstack/octavia/+/899662
16:04:27 <gthiemonge> https://review.opendev.org/c/openstack/octavia/+/899663
16:05:53 <opendevreview> Pierre-Yves Jourel proposed openstack/octavia master: Add possibility to Resize a Load Balancer  https://review.opendev.org/c/openstack/octavia/+/890215
16:06:24 <gthiemonge> #topic Brief progress reports / bugs needing review
16:08:01 <johnsom> I am working on this bug: https://bugs.launchpad.net/octavia/+bug/2043582
16:08:31 <gthiemonge> +1
16:08:34 <johnsom> Handling certs with empty subject fields. I plan to have a patch today, hopefully a test as well
16:08:51 <gthiemonge> I've been working on health-monitor issues
16:09:03 <gthiemonge> there are 2 bugs:
16:09:12 <gthiemonge> 1. Bug with HTTP/HTTPS HMs on pools with ALPN
16:09:16 <gthiemonge> https://review.opendev.org/c/openstack/octavia/+/901435
16:09:21 <gthiemonge> 2. Bug with TLS-HELLO HMs
16:09:24 <gthiemonge> https://review.opendev.org/c/openstack/octavia/+/901524
16:10:31 <tweining> I assume the reason why https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/893066/16 still has V-1 is that https://review.opendev.org/q/I700c65fb17bad28b2b922e03d9c94c4716de9cbe hasn't been merged yet, right?
16:11:26 <gthiemonge> yeah probably
16:11:28 <oschwart> right, I was about to write about it
16:13:49 <oschwart> noop api u/s jobs fail because they could not find the new noop certificate manager
16:14:01 <pyjou> Also I respond to comments in my RFE https://review.opendev.org/c/openstack/octavia/+/885490
16:14:15 <gthiemonge> pyjou: thanks
16:15:01 <pyjou> And I've made a new patchset for this change https://review.opendev.org/c/openstack/octavia/+/890215
16:15:08 <gthiemonge> pyjou: the flavor cannot be updated with PUT
16:15:08 <johnsom> There was some interest in this spec on the mailing list this week
16:18:59 <pyjou> gthiemonge: I had a discussion about PUT vs POST on this comment: https://review.opendev.org/c/openstack/octavia/+/890215/comment/60969576_6795c5f5/
16:20:40 <gthiemonge> pyjou: sorry I was replying to your comment in https://review.opendev.org/c/openstack/octavia/+/885490
16:21:04 <gthiemonge> I'm looking for a way to revert the resize
16:21:16 <gthiemonge> without having to create flavor/flavorprofile for the default nova flavor
16:22:27 <johnsom> Revert inside the flow?
16:23:15 <gthiemonge> nop, for instance, I resize the LB with an Octavia flavor that uses a nova flavor "amphora-big", then I change my mind, I want to use the default flavor
16:23:21 <johnsom> I think my advice was to keep things a bit more simple such that if the user wanted to revert they just resize again.
16:24:05 <gthiemonge> how do i switch back to my "amphora-default" flavor?
16:24:32 <johnsom> The same way you switched to amphora-big IMO
16:24:52 <gthiemonge> yeah so we need octavia flavors/flavorprofiles for the default flavor
16:25:07 <gthiemonge> not a huge issue if it's documentetd
16:25:23 <oschwart> so a resize revert would require 2 failovers?
16:25:39 <johnsom> Ah, I see what you are saying, resize to flavor None
16:25:42 <pyjou> A revert solution was proposed. Then I followed Johnsom's advice to remove the revert because users can just resize again to revert.
16:26:25 <gthiemonge> pyjou: yeah I think it's acceptable
16:26:56 <gthiemonge> pyjou: it would be great to have a admin doc that explains this feature
16:27:34 <gthiemonge> maybe here https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html
16:27:57 <pyjou> gthiemonge: No problem at all
16:30:02 <gthiemonge> cool
16:30:24 <gthiemonge> #topic Open Discussion
16:31:58 <QG> is it the housekeeping that is supposed to renew the certificates used between the amphorae and the workers?
16:32:18 <johnsom> Yes
16:32:32 <johnsom> Housekeeping is the periodic job engine
16:33:46 <QG> if the worker certificate is renewed (before it expires) will housekeeping renew it?
16:34:09 <johnsom> Housekeeping will only renew the certificates issued to the amphora
16:34:10 <gthiemonge> pyjou: maybe the resize feature could be described there: https://docs.openstack.org/octavia/latest/admin/flavors.html
16:34:35 <pyjou> gthiemonge: Ack
16:36:45 <QG> because for some reason the certificate on the worker side have been renewed, and the worker can no longer talk to amphora, and i was thinking may be the housekeeping can renew the amphora certif when it doesn't correspond anymore to the worker one
16:38:00 <johnsom> The control plane side needs to be manually renewed. This is usually done with the deployment tooling, so it can do a rolling update across the controllers.
16:38:26 <johnsom> We also tend to use lengthy validity periods for the control plane side.
16:39:06 <QG> ok thanks johnsom for the infos !
16:39:11 <johnsom> #link  https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html#rotating-cryptographic-certificates
16:39:25 <tweining> lengthy = 10 years AFAIR :)
16:39:59 <johnsom> Yeah, we typically do 50 for the CA, then 10 for the control plane, then 1 year for the amphora. If I remember right
16:43:43 <gthiemonge> any other topics?
16:43:55 <tweining> no
16:44:12 <oschwart> nothing from me
16:44:15 <opendevreview> Lê Minh Thư proposed openstack/octavia master: Fix duplicate specified VIP among load balancers  https://review.opendev.org/c/openstack/octavia/+/901595
16:44:45 <tweining> did have a look at the spec from nova about health endpoints?
16:44:55 <tweining> I forgot/had no time to read it
16:45:09 <gthiemonge> nop, I didn't
16:50:03 <tweining> o/
16:50:14 <gthiemonge> ok, I guess that's it!
16:50:22 <gthiemonge> thank you guys
16:50:29 <gthiemonge> #endmeeting