#openstack-lbaas log

16:13:53 <johnsom> #startmeeting Octavia
16:13:53 <opendevmeet> Meeting started Wed Apr 16 16:13:53 2025 UTC and is due to finish in 60 minutes.  The chair is johnsom. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:13:53 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:13:53 <opendevmeet> The meeting name has been set to 'octavia'
16:13:59 <johnsom> Sorry we are starting late
16:14:07 <gthiemonge> \o/
16:14:51 <johnsom> #topic Announcements
16:15:15 <johnsom> Welcome to the Flamingo cycle and thank you for a successful PTG!
16:15:46 <gthiemonge> indeed, that was a good PTG!
16:16:18 <johnsom> I don't have any announcement today. Anyone else?
16:16:25 <gthiemonge> nop
16:16:44 <johnsom> #topic CI Status
16:17:18 <johnsom> I have been spending a lot of time on this recently. The stable branches all had issues (mostly due to the RBAC switch).
16:17:44 <johnsom> I have worked through 2023.2 and 2024.1 and requested releases for those. I am still working on 2024.2.
16:18:37 <johnsom> The 2023.2 release is quite large, which is not ideal, but it will get us caught up for when the unmaintained tag is applied
16:18:59 <johnsom> Otherwise I think the CI is doing ok.
16:19:28 <johnsom> #topic Brief progress reports / bugs needing review
16:19:53 <johnsom> See above for my progress report....
16:19:58 <gthiemonge> regarding the CI tkajinam has proposed 2 patches to update the octavia-tempest-plugin config:
16:20:04 <gthiemonge> https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/947110
16:20:10 <gthiemonge> https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/947491
16:20:56 <johnsom> Yes, he beat me to it on the new job. I have been working my way to that branch.
16:21:50 <gthiemonge> I've investigated this launchpad: https://bugs.launchpad.net/octavia/+bug/2097532 (it was discussed during the PTG)
16:22:02 <johnsom> Hmmm, on that second one, there seems to be an existing open patch: https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/844733?usp=search
16:23:12 <johnsom> I will check those two and mark one as duplicate as appropriate.
16:23:13 <gthiemonge> so, i think the title is not accurate, the problem is that if some rules prevent the user to create a port (with or without specifying an IP address), Octavia bypasses them, it only checks that the user has access to the network and then creates the port with the admin role
16:24:04 <johnsom> I am glad you are taking a look at that. I have been looking at the duplicate IP error message bug that  was also raised at the PTG
16:24:51 <gthiemonge> for instance in devstack, the demo user cannot create a port with an ip address on the shared network, but the user can create a LB on this network with a vip_address
16:25:05 <johnsom> Basically when we added provider driver support we ended up trashing the exception raised from neutron.
16:26:26 <johnsom> That is interesting, since the AAP port is owned by the project ID of the user, I would have expected neutron to reject it.
16:26:57 <gthiemonge> yeah the rules apply to the user and not the tenant
16:27:12 <gthiemonge> I'll add more detail to the launchpad
16:27:22 <johnsom> Ok
16:27:24 <gthiemonge> so far, i don't have a solution
16:27:43 <johnsom> Maybe we need to add an additional RBAC check to neutron
16:29:02 <johnsom> I will read through your comments on the launchpad. The initial description was a bit confusing.
16:30:25 <johnsom> Any other progress updates?
16:30:32 <gthiemonge> nop, that's all i have
16:30:48 <johnsom> #topic Open Discussion
16:30:58 <johnsom> Great, any other topics this week?
16:31:58 <johnsom> Ok then, thanks for joining!
16:32:02 <johnsom> #endmeeting