16:00:20 #startmeeting Octavia 16:00:20 Meeting started Wed Nov 22 16:00:20 2023 UTC and is due to finish in 60 minutes. The chair is gthiemonge. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:20 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:20 The meeting name has been set to 'octavia' 16:00:25 hi 16:00:28 o/ 16:00:31 o/ 16:00:51 o/ 16:01:29 #topic Announcements 16:01:41 no announcements from me, do you have any? 16:02:21 Milestone 1 was last week 16:02:41 right 16:02:48 nothing from me 16:02:50 Otherwise I don't think I have anything 16:03:49 #topic CI Status 16:03:59 o/ 16:04:15 Reminder, we have some patches in review for the DB deadlock issue 16:04:19 https://bugs.launchpad.net/octavia/+bug/2038798 16:04:23 https://review.opendev.org/c/openstack/octavia/+/899662 16:04:27 https://review.opendev.org/c/openstack/octavia/+/899663 16:05:53 Pierre-Yves Jourel proposed openstack/octavia master: Add possibility to Resize a Load Balancer https://review.opendev.org/c/openstack/octavia/+/890215 16:06:24 #topic Brief progress reports / bugs needing review 16:08:01 I am working on this bug: https://bugs.launchpad.net/octavia/+bug/2043582 16:08:31 +1 16:08:34 Handling certs with empty subject fields. I plan to have a patch today, hopefully a test as well 16:08:51 I've been working on health-monitor issues 16:09:03 there are 2 bugs: 16:09:12 1. Bug with HTTP/HTTPS HMs on pools with ALPN 16:09:16 https://review.opendev.org/c/openstack/octavia/+/901435 16:09:21 2. Bug with TLS-HELLO HMs 16:09:24 https://review.opendev.org/c/openstack/octavia/+/901524 16:10:31 I assume the reason why https://review.opendev.org/c/openstack/octavia-tempest-plugin/+/893066/16 still has V-1 is that https://review.opendev.org/q/I700c65fb17bad28b2b922e03d9c94c4716de9cbe hasn't been merged yet, right? 16:11:26 yeah probably 16:11:28 right, I was about to write about it 16:13:49 noop api u/s jobs fail because they could not find the new noop certificate manager 16:14:01 Also I respond to comments in my RFE https://review.opendev.org/c/openstack/octavia/+/885490 16:14:15 pyjou: thanks 16:15:01 And I've made a new patchset for this change https://review.opendev.org/c/openstack/octavia/+/890215 16:15:08 pyjou: the flavor cannot be updated with PUT 16:15:08 There was some interest in this spec on the mailing list this week 16:18:59 gthiemonge: I had a discussion about PUT vs POST on this comment: https://review.opendev.org/c/openstack/octavia/+/890215/comment/60969576_6795c5f5/ 16:20:40 pyjou: sorry I was replying to your comment in https://review.opendev.org/c/openstack/octavia/+/885490 16:21:04 I'm looking for a way to revert the resize 16:21:16 without having to create flavor/flavorprofile for the default nova flavor 16:22:27 Revert inside the flow? 16:23:15 nop, for instance, I resize the LB with an Octavia flavor that uses a nova flavor "amphora-big", then I change my mind, I want to use the default flavor 16:23:21 I think my advice was to keep things a bit more simple such that if the user wanted to revert they just resize again. 16:24:05 how do i switch back to my "amphora-default" flavor? 16:24:32 The same way you switched to amphora-big IMO 16:24:52 yeah so we need octavia flavors/flavorprofiles for the default flavor 16:25:07 not a huge issue if it's documentetd 16:25:23 so a resize revert would require 2 failovers? 16:25:39 Ah, I see what you are saying, resize to flavor None 16:25:42 A revert solution was proposed. Then I followed Johnsom's advice to remove the revert because users can just resize again to revert. 16:26:25 pyjou: yeah I think it's acceptable 16:26:56 pyjou: it would be great to have a admin doc that explains this feature 16:27:34 maybe here https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html 16:27:57 gthiemonge: No problem at all 16:30:02 cool 16:30:24 #topic Open Discussion 16:31:58 is it the housekeeping that is supposed to renew the certificates used between the amphorae and the workers? 16:32:18 Yes 16:32:32 Housekeeping is the periodic job engine 16:33:46 if the worker certificate is renewed (before it expires) will housekeeping renew it? 16:34:09 Housekeeping will only renew the certificates issued to the amphora 16:34:10 pyjou: maybe the resize feature could be described there: https://docs.openstack.org/octavia/latest/admin/flavors.html 16:34:35 gthiemonge: Ack 16:36:45 because for some reason the certificate on the worker side have been renewed, and the worker can no longer talk to amphora, and i was thinking may be the housekeeping can renew the amphora certif when it doesn't correspond anymore to the worker one 16:38:00 The control plane side needs to be manually renewed. This is usually done with the deployment tooling, so it can do a rolling update across the controllers. 16:38:26 We also tend to use lengthy validity periods for the control plane side. 16:39:06 ok thanks johnsom for the infos ! 16:39:11 #link https://docs.openstack.org/octavia/latest/admin/guides/operator-maintenance.html#rotating-cryptographic-certificates 16:39:25 lengthy = 10 years AFAIR :) 16:39:59 Yeah, we typically do 50 for the CA, then 10 for the control plane, then 1 year for the amphora. If I remember right 16:43:43 any other topics? 16:43:55 no 16:44:12 nothing from me 16:44:15 Lê Minh Thư proposed openstack/octavia master: Fix duplicate specified VIP among load balancers https://review.opendev.org/c/openstack/octavia/+/901595 16:44:45 did have a look at the spec from nova about health endpoints? 16:44:55 I forgot/had no time to read it 16:45:09 nop, I didn't 16:50:03 o/ 16:50:14 ok, I guess that's it! 16:50:22 thank you guys 16:50:29 #endmeeting