08:00:38 <joehuang> #startmeeting multisite
08:00:38 <collabot`> Meeting started Thu Mar 16 08:00:38 2017 UTC.  The chair is joehuang. Information about MeetBot at http://wiki.debian.org/MeetBot.
08:00:38 <collabot`> Useful Commands: #action #agreed #help #info #idea #link #topic.
08:00:38 <collabot`> The meeting name has been set to 'multisite'
08:00:59 <pratapagoutham> why should we change the auth_strategy to noauth while mistral is working with auth_strategy "keystone"
08:01:44 <joehuang> if you develop the kingbird locally, you can use noauth to skip the authentication and no need to provide token each time
08:01:50 <May-meimei> Hi, everyone!
08:01:57 <joehuang> hi, Meimei
08:02:07 <May-meimei> so long no see
08:02:09 <pratapagoutham> https://github.com/openstack/mistral/blob/master/mistral/context.py#L35 they have handled that case
08:02:16 <pratapagoutham> hi meimei
08:02:17 <joehuang> yes, welcome back
08:02:46 <joehuang> we don't need to use mistral currently
08:03:08 <pratapagoutham> no im just referring mistral code because they also use pecan framework
08:03:29 <joehuang> will Dimitri attend the meeting? shall we wait for him for a while
08:03:43 <pratapagoutham> and trying to do something similar to that in kingbird..
08:03:48 <pratapagoutham> i think he will attend
08:04:58 <joehuang> goutham, you can refer to tricircle for noauth: https://github.com/openstack/tricircle/blob/ac26a377f19c0be7cb92f1da0e8d3f719793e2a9/tricircle/common/restapp.py#L27
08:05:25 <sorantis> hi
08:05:38 <pratapagoutham> yea it is there in kingbird as well https://github.com/openstack/kingbird/blob/master/kingbird/api/app.py#L61
08:05:41 <pratapagoutham> Hi dimitri
08:05:43 <joehuang> hi, dimitri
08:06:20 <joehuang> does it work if you configure that to "noauth"
08:06:27 <pratapagoutham> yes
08:06:30 <pratapagoutham> it worked
08:06:40 <joehuang> #topic Functest issue
08:07:35 <joehuang> hello, Dimitri, how about the functest, it seems the test cases are all still failed, can the kingbird service be accessed normally
08:07:43 <sorantis> The issue is still remaining
08:08:33 <sorantis> although haproxy does bind to the public and private ip address used for other services
08:08:50 <sorantis> firewall rules also include access to port 8118
08:09:18 <sorantis> yet still, connection to 172.16.0.3 is refused
08:09:24 <joehuang> #info functest issue is still remaining
08:10:46 <joehuang> is 172.16.0.3 ping-able
08:11:36 <sorantis> root@node-2:~# openstack endpoint list --service kingbird
08:11:37 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
08:11:39 <sorantis> | ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                          |
08:11:40 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
08:11:42 <sorantis> | 17b9779341fc497fb61823521c4e6eaf | RegionOne | kingbird     | multisite    | True    | public    | http://172.16.0.3:8118/v1.0  |
08:11:43 <sorantis> | 8311e281b7074d438d0905a794dd1ce3 | RegionOne | kingbird     | multisite    | True    | internal  | http://192.168.0.2:8118/v1.0 |
08:11:44 <sorantis> | f555468b15554f6da2722e4d8cb67857 | RegionOne | kingbird     | multisite    | True    | admin     | http://192.168.0.2:8118/v1.0 |
08:11:45 <sorantis> +----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
08:12:00 <sorantis> kingbird-api             FRONTEND       Status: OPEN        Sessions: 0    Rate: 0
08:12:00 <sorantis> kingbird-api             node-4         Status: UP/L7OK     Sessions: 0    Rate: 0
08:12:01 <sorantis> kingbird-api             BACKEND        Status: UP          Sessions: 0    Rate: 0
08:12:21 <sorantis> root@node-2:~# ping 172.16.0.3
08:12:21 <sorantis> PING 172.16.0.3 (172.16.0.3) 56(84) bytes of data.
08:12:22 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=1 ttl=64 time=0.152 ms
08:12:23 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=2 ttl=64 time=0.080 ms
08:12:24 <sorantis> 64 bytes from 172.16.0.3: icmp_seq=3 ttl=64 time=0.084 ms
08:12:42 <sorantis> root@node-2:~# curl http://172.16.0.3:8118
08:12:42 <sorantis> curl: (7) Failed to connect to 172.16.0.3 port 8118: Connection refused
08:13:10 <joehuang> the server is listen to 127.0.0.1 or 0.0.0.0
08:13:20 <joehuang> or 172.16.0.3
08:13:21 <sorantis> root@node-2:~# curl http://192.168.0.5:8118
08:13:22 <sorantis> {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}
08:13:41 <sorantis> root@node-2:~# cat /etc/haproxy/conf.d/180-kingbird-api.cfg
08:13:42 <sorantis> listen kingbird-api
08:13:43 <sorantis> bind 172.16.0.3:8118
08:13:44 <sorantis> bind 192.168.0.2:8118
08:14:03 <joehuang> this is haproxy configuration
08:14:24 <joehuang> I mean in kingbird.conf, what's host kingbird service is running
08:15:03 <joehuang> bind_host for kingbird service to run
08:15:49 <sorantis> bind_host=192.168.0.5
08:16:52 <joehuang> how about restart it and set it to 0.0.0.0
08:17:02 <joehuang> or 172.16.0.3
08:17:07 <sorantis> no
08:17:21 <sorantis> other services configred to bind on the same ip
08:17:37 <sorantis> root@node-2:~# cat /etc/haproxy/conf.d/180-kingbird-api.cfg
08:17:38 <sorantis> listen kingbird-api
08:17:39 <sorantis> bind 172.16.0.3:8118
08:17:41 <sorantis> bind 192.168.0.2:8118
08:17:42 <sorantis> http-request  set-header X-Forwarded-Proto https if { ssl_fc }
08:17:44 <sorantis> option  httpchk
08:17:45 <sorantis> http-check expect status 401
08:17:47 <sorantis> option  httplog
08:17:48 <sorantis> option  forceclose
08:17:50 <sorantis> option  http-buffer-request
08:17:51 <sorantis> timeout  server 660s
08:17:52 <sorantis> timeout  http-request 10s
08:17:53 <sorantis> server node-4 192.168.0.5:8118  check inter 10s fastinter 2s downinter 3s rise 3 fall 3
08:18:46 <joehuang> what about nova.conf, which host nova is binding
08:19:37 <joehuang> ./neutron.conf:#bind_host = 0.0.0.0
08:20:25 <sorantis> I checked neutron already
08:20:25 <sorantis> bind_host=192.168.0.5
08:20:41 <sorantis> I checked everything joe
08:20:52 <sorantis> the configuration seems to be right
08:21:09 <sorantis> yet connection is refused
08:21:16 <joehuang> curl access denied
08:21:27 <sorantis> but bind_host=192.168.0.5 is correct as it works on this ip
08:21:30 <sorantis> no
08:21:35 <sorantis> connection refused
08:21:39 <sorantis> ¨check the log above
08:22:11 <joehuang> have you checked the iptables?
08:22:36 <sorantis> :)
08:22:43 <sorantis> of course i did
08:22:59 <sorantis> root@node-2:~# iptables -S | grep 8118
08:23:00 <sorantis> -A INPUT -p tcp -m multiport --dports 8118 -m comment --comment "410 kingbird" -j ACCEPT
08:24:25 <joehuang> how about remove haproxy?
08:26:42 <sorantis> the whole thing will stop working. ALL service conf files rely on these IPs. endoints are registered on these IPs. I will not remove it. It’ll cause other issues, plus jenkins builds a new deployment every day. so all efforts will be overriden with the next build
08:27:10 <joehuang> how to access the lab? I found no information in https://wiki.opnfv.org/display/multisite/Multisite+Deployment+Environment
08:27:27 <sorantis> email jose and ask for credentials
08:28:14 <joehuang> ok, so please continue to fix the issue offline, and I'll try to contact jose about credential
08:28:35 <joehuang> #info continue to fix functest issue offline
08:29:23 <joehuang> #topic E-Release discussion and OPNFV Beijing summit prepration
08:29:40 <joehuang> hello, as D-release is close to end
08:29:50 <joehuang> it's time to discuss E-releae
08:30:12 <joehuang> during C&D release, we are mainly focusing on feature developement
08:30:34 <joehuang> after two releases, major features are almost available
08:31:03 <joehuang> it's time to discuss what's to do in E-release
08:31:21 <joehuang> I have some basic idea about E-release
08:32:00 <joehuang> 1. build general multi-site VIM infrastructure
08:32:30 <joehuang> for services which want to work in multi-region
08:32:56 <joehuang> 2. integration regarding service to specified region
08:33:22 <joehuang> 3. CI/Functest for multi-site service
08:34:26 <joehuang> and for OPNFV beijing summit, I want to demo the use case2 VNF high availability across VIM
08:34:48 <joehuang> this is my idea over these days
08:35:00 <joehuang> your thoughts?
08:36:40 <pratapagoutham> Saw your mail
08:36:50 <joehuang> thanks
08:37:17 <joehuang> meimei?
08:37:29 <May-meimei> fine for me
08:37:37 <May-meimei> I will try my best
08:37:45 <joehuang> we can do it step by step
08:38:32 <joehuang> do you have proposal for the VNF?
08:39:10 <joehuang> someone proposed to use video conference for VNF high availability across VIM, don't know how complex it will be
08:40:27 <joehuang> we have several weeks to discuss the plan for E-release
08:41:22 <May-meimei> it seems that it's difficut to find out a proper vnf, do we have a plan with out vnf?
08:41:46 <joehuang> at least we can use LVS
08:42:11 <joehuang> it's simple and easy to demonstrate the load balancer
08:42:26 <joehuang> high availability across VIM
08:42:51 <May-meimei> nice
08:42:58 <joehuang> I'll ping FuQiao to see whether their team can provide some VNFs which is suitable for the demo
08:43:25 <joehuang> #action ping HA team for VNF to run in multisite
08:44:45 <May-meimei> it will be easy to have them together
08:45:30 <joehuang> may other teams can help and be interested in building multisite infrastructure too, mutiple services want to work in multi-region environment
08:45:43 <joehuang> so we can continue work and seek for help offline
08:45:51 <joehuang> to Meimei +1
08:46:12 <pratapagoutham> all the best joe :)
08:46:22 <joehuang> #topic Open discussion
08:46:29 <joehuang> other topics?
08:47:07 <pratapagoutham> nothing from my side
08:47:18 <joehuang> I think the current kingbird functest need to restore normal before D release
08:47:51 <sorantis> you are welcome to check the mode
08:47:53 <sorantis> node*
08:48:17 <May-meimei> sorry , I can't help
08:48:23 <joehuang> I don't know how long and whether I can log on to the server for the damn firewall
08:49:07 <joehuang> Dimitri, you are our first hope
08:50:13 <joehuang> if no other topic, let's end the meeting
08:50:20 <joehuang> thank you for attending
08:50:26 <joehuang> #endmeeting