08:00:38 <joehuang> #startmeeting multisite 08:00:38 <collabot`> Meeting started Thu Mar 16 08:00:38 2017 UTC. The chair is joehuang. Information about MeetBot at http://wiki.debian.org/MeetBot. 08:00:38 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic. 08:00:38 <collabot`> The meeting name has been set to 'multisite' 08:00:59 <pratapagoutham> why should we change the auth_strategy to noauth while mistral is working with auth_strategy "keystone" 08:01:44 <joehuang> if you develop the kingbird locally, you can use noauth to skip the authentication and no need to provide token each time 08:01:50 <May-meimei> Hi, everyone! 08:01:57 <joehuang> hi, Meimei 08:02:07 <May-meimei> so long no see 08:02:09 <pratapagoutham> https://github.com/openstack/mistral/blob/master/mistral/context.py#L35 they have handled that case 08:02:16 <pratapagoutham> hi meimei 08:02:17 <joehuang> yes, welcome back 08:02:46 <joehuang> we don't need to use mistral currently 08:03:08 <pratapagoutham> no im just referring mistral code because they also use pecan framework 08:03:29 <joehuang> will Dimitri attend the meeting? shall we wait for him for a while 08:03:43 <pratapagoutham> and trying to do something similar to that in kingbird.. 08:03:48 <pratapagoutham> i think he will attend 08:04:58 <joehuang> goutham, you can refer to tricircle for noauth: https://github.com/openstack/tricircle/blob/ac26a377f19c0be7cb92f1da0e8d3f719793e2a9/tricircle/common/restapp.py#L27 08:05:25 <sorantis> hi 08:05:38 <pratapagoutham> yea it is there in kingbird as well https://github.com/openstack/kingbird/blob/master/kingbird/api/app.py#L61 08:05:41 <pratapagoutham> Hi dimitri 08:05:43 <joehuang> hi, dimitri 08:06:20 <joehuang> does it work if you configure that to "noauth" 08:06:27 <pratapagoutham> yes 08:06:30 <pratapagoutham> it worked 08:06:40 <joehuang> #topic Functest issue 08:07:35 <joehuang> hello, Dimitri, how about the functest, it seems the test cases are all still failed, can the kingbird service be accessed normally 08:07:43 <sorantis> The issue is still remaining 08:08:33 <sorantis> although haproxy does bind to the public and private ip address used for other services 08:08:50 <sorantis> firewall rules also include access to port 8118 08:09:18 <sorantis> yet still, connection to 172.16.0.3 is refused 08:09:24 <joehuang> #info functest issue is still remaining 08:10:46 <joehuang> is 172.16.0.3 ping-able 08:11:36 <sorantis> root@node-2:~# openstack endpoint list --service kingbird 08:11:37 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+ 08:11:39 <sorantis> | ID | Region | Service Name | Service Type | Enabled | Interface | URL | 08:11:40 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+ 08:11:42 <sorantis> | 17b9779341fc497fb61823521c4e6eaf | RegionOne | kingbird | multisite | True | public | http://172.16.0.3:8118/v1.0 | 08:11:43 <sorantis> | 8311e281b7074d438d0905a794dd1ce3 | RegionOne | kingbird | multisite | True | internal | http://192.168.0.2:8118/v1.0 | 08:11:44 <sorantis> | f555468b15554f6da2722e4d8cb67857 | RegionOne | kingbird | multisite | True | admin | http://192.168.0.2:8118/v1.0 | 08:11:45 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+ 08:12:00 <sorantis> kingbird-api FRONTEND Status: OPEN Sessions: 0 Rate: 0 08:12:00 <sorantis> kingbird-api node-4 Status: UP/L7OK Sessions: 0 Rate: 0 08:12:01 <sorantis> kingbird-api BACKEND Status: UP Sessions: 0 Rate: 0 08:12:21 <sorantis> root@node-2:~# ping 172.16.0.3 08:12:21 <sorantis> PING 172.16.0.3 (172.16.0.3) 56(84) bytes of data. 08:12:22 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=1 ttl=64 time=0.152 ms 08:12:23 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=2 ttl=64 time=0.080 ms 08:12:24 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=3 ttl=64 time=0.084 ms 08:12:42 <sorantis> root@node-2:~# curl http://172.16.0.3:8118 08:12:42 <sorantis> curl: (7) Failed to connect to 172.16.0.3 port 8118: Connection refused 08:13:10 <joehuang> the server is listen to 127.0.0.1 or 0.0.0.0 08:13:20 <joehuang> or 172.16.0.3 08:13:21 <sorantis> root@node-2:~# curl http://192.168.0.5:8118 08:13:22 <sorantis> {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}} 08:13:41 <sorantis> root@node-2:~# cat /etc/haproxy/conf.d/180-kingbird-api.cfg 08:13:42 <sorantis> listen kingbird-api 08:13:43 <sorantis> bind 172.16.0.3:8118 08:13:44 <sorantis> bind 192.168.0.2:8118 08:14:03 <joehuang> this is haproxy configuration 08:14:24 <joehuang> I mean in kingbird.conf, what's host kingbird service is running 08:15:03 <joehuang> bind_host for kingbird service to run 08:15:49 <sorantis> bind_host=192.168.0.5 08:16:52 <joehuang> how about restart it and set it to 0.0.0.0 08:17:02 <joehuang> or 172.16.0.3 08:17:07 <sorantis> no 08:17:21 <sorantis> other services configred to bind on the same ip 08:17:37 <sorantis> root@node-2:~# cat /etc/haproxy/conf.d/180-kingbird-api.cfg 08:17:38 <sorantis> listen kingbird-api 08:17:39 <sorantis> bind 172.16.0.3:8118 08:17:41 <sorantis> bind 192.168.0.2:8118 08:17:42 <sorantis> http-request set-header X-Forwarded-Proto https if { ssl_fc } 08:17:44 <sorantis> option httpchk 08:17:45 <sorantis> http-check expect status 401 08:17:47 <sorantis> option httplog 08:17:48 <sorantis> option forceclose 08:17:50 <sorantis> option http-buffer-request 08:17:51 <sorantis> timeout server 660s 08:17:52 <sorantis> timeout http-request 10s 08:17:53 <sorantis> server node-4 192.168.0.5:8118 check inter 10s fastinter 2s downinter 3s rise 3 fall 3 08:18:46 <joehuang> what about nova.conf, which host nova is binding 08:19:37 <joehuang> ./neutron.conf:#bind_host = 0.0.0.0 08:20:25 <sorantis> I checked neutron already 08:20:25 <sorantis> bind_host=192.168.0.5 08:20:41 <sorantis> I checked everything joe 08:20:52 <sorantis> the configuration seems to be right 08:21:09 <sorantis> yet connection is refused 08:21:16 <joehuang> curl access denied 08:21:27 <sorantis> but bind_host=192.168.0.5 is correct as it works on this ip 08:21:30 <sorantis> no 08:21:35 <sorantis> connection refused 08:21:39 <sorantis> ¨check the log above 08:22:11 <joehuang> have you checked the iptables? 08:22:36 <sorantis> :) 08:22:43 <sorantis> of course i did 08:22:59 <sorantis> root@node-2:~# iptables -S | grep 8118 08:23:00 <sorantis> -A INPUT -p tcp -m multiport --dports 8118 -m comment --comment "410 kingbird" -j ACCEPT 08:24:25 <joehuang> how about remove haproxy? 08:26:42 <sorantis> the whole thing will stop working. ALL service conf files rely on these IPs. endoints are registered on these IPs. I will not remove it. It’ll cause other issues, plus jenkins builds a new deployment every day. so all efforts will be overriden with the next build 08:27:10 <joehuang> how to access the lab? I found no information in https://wiki.opnfv.org/display/multisite/Multisite+Deployment+Environment 08:27:27 <sorantis> email jose and ask for credentials 08:28:14 <joehuang> ok, so please continue to fix the issue offline, and I'll try to contact jose about credential 08:28:35 <joehuang> #info continue to fix functest issue offline 08:29:23 <joehuang> #topic E-Release discussion and OPNFV Beijing summit prepration 08:29:40 <joehuang> hello, as D-release is close to end 08:29:50 <joehuang> it's time to discuss E-releae 08:30:12 <joehuang> during C&D release, we are mainly focusing on feature developement 08:30:34 <joehuang> after two releases, major features are almost available 08:31:03 <joehuang> it's time to discuss what's to do in E-release 08:31:21 <joehuang> I have some basic idea about E-release 08:32:00 <joehuang> 1. build general multi-site VIM infrastructure 08:32:30 <joehuang> for services which want to work in multi-region 08:32:56 <joehuang> 2. integration regarding service to specified region 08:33:22 <joehuang> 3. CI/Functest for multi-site service 08:34:26 <joehuang> and for OPNFV beijing summit, I want to demo the use case2 VNF high availability across VIM 08:34:48 <joehuang> this is my idea over these days 08:35:00 <joehuang> your thoughts? 08:36:40 <pratapagoutham> Saw your mail 08:36:50 <joehuang> thanks 08:37:17 <joehuang> meimei? 08:37:29 <May-meimei> fine for me 08:37:37 <May-meimei> I will try my best 08:37:45 <joehuang> we can do it step by step 08:38:32 <joehuang> do you have proposal for the VNF? 08:39:10 <joehuang> someone proposed to use video conference for VNF high availability across VIM, don't know how complex it will be 08:40:27 <joehuang> we have several weeks to discuss the plan for E-release 08:41:22 <May-meimei> it seems that it's difficut to find out a proper vnf, do we have a plan with out vnf? 08:41:46 <joehuang> at least we can use LVS 08:42:11 <joehuang> it's simple and easy to demonstrate the load balancer 08:42:26 <joehuang> high availability across VIM 08:42:51 <May-meimei> nice 08:42:58 <joehuang> I'll ping FuQiao to see whether their team can provide some VNFs which is suitable for the demo 08:43:25 <joehuang> #action ping HA team for VNF to run in multisite 08:44:45 <May-meimei> it will be easy to have them together 08:45:30 <joehuang> may other teams can help and be interested in building multisite infrastructure too, mutiple services want to work in multi-region environment 08:45:43 <joehuang> so we can continue work and seek for help offline 08:45:51 <joehuang> to Meimei +1 08:46:12 <pratapagoutham> all the best joe :) 08:46:22 <joehuang> #topic Open discussion 08:46:29 <joehuang> other topics? 08:47:07 <pratapagoutham> nothing from my side 08:47:18 <joehuang> I think the current kingbird functest need to restore normal before D release 08:47:51 <sorantis> you are welcome to check the mode 08:47:53 <sorantis> node* 08:48:17 <May-meimei> sorry , I can't help 08:48:23 <joehuang> I don't know how long and whether I can log on to the server for the damn firewall 08:49:07 <joehuang> Dimitri, you are our first hope 08:50:13 <joehuang> if no other topic, let's end the meeting 08:50:20 <joehuang> thank you for attending 08:50:26 <joehuang> #endmeeting