Friday, 2022-08-26

« Thursday, 2022-08-25 Index Saturday, 2022-08-27 »
opendevreviewZhouHeng proposed openstack/neutron master: [api]adds port_forwarding id when list floatingip  https://review.opendev.org/c/openstack/neutron/+/84056500:46
opendevreviewMerged openstack/neutron stable/xena: [OVN] Remove session check in ``update_network_postcommit``  https://review.opendev.org/c/openstack/neutron/+/85423401:47
opendevreviewSlawek Kaplonski proposed openstack/neutron master: DNM Just test of the Centos 9 stream periodic job  https://review.opendev.org/c/openstack/neutron/+/85419107:21
slaweqralonsoh lajoskatona ykarel obondarev hi, can You check https://review.opendev.org/c/openstack/neutron/+/851733 when You will have few minutes?07:49
slaweqthx in advance07:49
ralonsohsure07:49
lajoskatonaslaweq: yes07:50
ykarelack07:50
slaweqthx guys07:50
opendevreviewMerged openstack/neutron master: Allow operator to disable usage of random-fully  https://review.opendev.org/c/openstack/neutron/+/85404108:42
lajoskatonaralonsoh, slaweq, bcafarel: Could you please check the stein fix patches: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/853794 & https://review.opendev.org/c/openstack/neutron/+/85360808:51
ralonsohsure, let me check08:51
bcafarellajoskatona: sure thing!08:51
lajoskatonaralonsoh, slaweq, bcafarel: the devstack fix/backport from slaweq is merged08:51
bcafarellajoskatona: just a nit on DNM test comment https://review.opendev.org/c/openstack/neutron/+/853608/8/neutron/common/constants.py#16 else nice to see zuul happy with it!08:57
slaweqlajoskatona please address bcafarel09:00
slaweq*bcafarel's comment and I will +2 Your neutron patch :)09:00
opendevreviewGregory Thiemonge proposed openstack/ovn-octavia-provider master: Fix create_vip_port prototype based on octavia-lib  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/85476409:06
lajoskatonabcafarel: thanks, I forgot about that line :-)09:27
opendevreviewLajos Katona proposed openstack/neutron stable/stein: Stein only: Make CI green again  https://review.opendev.org/c/openstack/neutron/+/85360809:28
opendevreviewMerged openstack/neutron stable/xena: [OVN] Remove ACLs with remote SG during deletion of SG  https://review.opendev.org/c/openstack/neutron/+/85455909:54
opendevreviewDr. Jens Harbott proposed openstack/neutron master: Update NDP proxy documentation  https://review.opendev.org/c/openstack/neutron/+/85435010:10
opendevreviewMerged openstack/neutron-tempest-plugin master: Stein: fix failing jobs  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/85379410:28
opendevreviewSlawek Kaplonski proposed openstack/neutron master: DNM Just test of the Centos 9 stream periodic job  https://review.opendev.org/c/openstack/neutron/+/85419111:01
*** sean-k-mooney1 is now known as sean-k-mooney11:47
opendevreviewMerged openstack/neutron stable/stein: Stein only: Make CI green again  https://review.opendev.org/c/openstack/neutron/+/85360813:07
opendevreviewDavid Hill proposed openstack/neutron stable/yoga: Allow operator to disable usage of random-fully  https://review.opendev.org/c/openstack/neutron/+/85479513:17
opendevreviewMerged openstack/neutron stable/yoga: [OVN] Remove session check in ``update_network_postcommit``  https://review.opendev.org/c/openstack/neutron/+/85423313:24
lajoskatona#startmeeting neutron_drivers14:00
opendevmeetMeeting started Fri Aug 26 14:00:11 2022 UTC and is due to finish in 60 minutes.  The chair is lajoskatona. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'neutron_drivers'14:00
lajoskatonao/14:00
ralonsohhello14:00
amorin_hello14:00
*** amorin_ is now known as amorin14:00
slaweqhi14:00
njohnston_o/14:01
lajoskatonamlavalle can't join today14:02
mlavalleo/14:03
* mlavalle in another meeting14:03
lajoskatonawe have four drivers today, but we need at least 5 as I count14:04
obondarev_hi14:04
lajoskatona5 :-)14:04
*** dasm|off is now known as dasm14:04
haleybhi14:04
*** obondarev_ is now known as obondarev14:04
lajoskatonaLet's start :-)14:04
lajoskatonaWe have 2 RFEs which are related to each other as I see:14:05
lajoskatona[RFE] Add DSCP mark 44 (#link https://bugs.launchpad.net/neutron/+bug/1987378 )14:05
ralonsohThis one is easy, I think14:05
lajoskatonaIn comment slaweq already added that perhaps no need for a formal RFE for this14:05
slaweqTBH, for me it doesn't seems like real RFE even14:05
*** njohnston_ is now known as njohnston14:05
lajoskatona+114:05
ralonsoh(I added the RFE just in case)14:05
slaweqthis seems like minor and obvious change (addition)14:06
njohnston+1 14:06
ralonsohI have just one question related, now you are here14:06
lajoskatonaralonsoh: please14:06
ralonsohthis feature implies to add a new DSCP mark, that implies changing the API14:06
ralonsohbut14:06
ralonsohthe API values can be consulted via API too14:06
ralonsohexample14:07
ralonsohhttps://review.opendev.org/c/openstack/neutron-tempest-plugin/+/854369/1/neutron_tempest_plugin/api/test_qos.py14:07
ralonsohso I don't think we need an extension, because those values can be consulted via API (these values = DSCP accepted values, per driver)14:07
ralonsohright?14:08
slaweqfor me this sounds good14:08
slaweqwe can discover values acceptable in the cloud using that existing API14:08
ralonsohexactly14:08
obondarevmakes sense14:08
njohnstonagreed14:08
ralonsohthanks a lot, that's all from me related to this feature14:09
lajoskatona+114:09
haleyb+1 from me14:09
njohnstonI would just say that we should make sure that discoverabiluty method is in the api ref - I don't see it when I look at the DSCP api14:10
ralonsohit is in the rule-type API14:10
ralonsohI'll send you the link14:10
ralonsohhttps://docs.openstack.org/api-ref/network/v2/index.html?expanded=list-qos-rule-types-detail,show-qos-rule-type-details-detail#show-qos-rule-type-details14:11
njohnstonperhaps we add an example there that shows the DSCP details, none of the examples demonstrate that14:11
ralonsohnjohnston, I'll add it14:12
njohnston+1 thanks!14:12
lajoskatonagood idea14:12
lajoskatonaok, I think we can move on14:12
lajoskatona[RFE] Add a port extension to set/define the switchdev capabilities (#link https://bugs.launchpad.net/neutron/+bug/1987093 )14:12
ralonsohthe goal of this RFE is to avoid exposing/modifying the port bindings from Neutron (or a Neutron user)14:13
ralonsohport binding should be read-only always14:13
ralonsohand only Nova should change that14:13
ralonsohso, in order to create a HW offloaded port, I'm proposing this new extension14:14
ralonsohwhy? a non-admin user, with the needed policies, can change a port binding PCI address14:14
ralonsohpointing, for example, to the compute node hard drive PCI address14:14
ralonsohthat means when you boot the VM, this compute nodes dies14:14
ralonsohthat's a possible security issue14:15
slaweqfor backward compatybility will this value be still exposed in binding profile, as it is now?14:15
ralonsohyes14:15
slaweqso there will be no changes on nova required14:15
ralonsohit will14:15
slaweqok, sounds good for me14:15
lajoskatonaagree, as I see it is nova who has all the knowledge for the profile, let it do its best :-)14:16
ralonsoh(and btw, that was something proposed by a Nova folk, sean-k-mooney )14:16
ralonsohso we'll have full support from Nova side14:16
lajoskatona:-)14:16
obondarevshould we try make it consistent with direct ports (SRIOV)?14:16
ralonsohyes, that's the goal14:17
obondarevok cool14:17
lajoskatonaOk, it was also easy14:18
lajoskatonaWe have no more RFEs, but:14:18
lajoskatona#topic On Demand Agenda14:19
lajoskatona(amorin): Add new novaplug mechanism driver14:19
amorinHey14:19
lajoskatonahttps://bugs.launchpad.net/neutron/+bug/198696914:19
lajoskatonahttps://review.opendev.org/c/openstack/neutron/+/85455314:19
amorinI can explain a little bit the context14:19
sean-k-mooneyo/14:19
amorinhey sean-k-mooney 14:19
sean-k-mooneythis the trusted vf changes14:20
sean-k-mooneyor hardware offloaed ovs14:20
ralonsohsean-k-mooney, it is approved, yes14:20
sean-k-mooneyfor the swtichdev capablity nova should set that on our side14:20
ralonsohwe are talking about other bug now14:20
sean-k-mooneyfro trustedVF a new extstion on the neutron side14:20
sean-k-mooneywoudl be ideal14:20
lajoskatona sean-k-mooney:  for this one: https://bugs.launchpad.net/neutron/+bug/1987093 ?14:21
sean-k-mooneywe should not  do that14:21
sean-k-mooneyat least not as the tital states14:21
sean-k-mooneynova can detect if the VF has that capablity and set it14:22
sean-k-mooneyno if we want to allow user to schdule to a shost that has hardawr offloaed ovs14:22
sean-k-mooneyhaving an extion to request that via a triat or somthing would be nice14:22
sean-k-mooneybut setting the capablit is somethign we shoudl fix in nova14:22
sean-k-mooneythe trusted VF feature ahs a simiar problem however14:22
sean-k-mooneythat can only be fixed in neutorn14:23
sean-k-mooneyit also requires a vaule to be set in the profile to use14:23
sean-k-mooneythat shoudl be done differntly14:23
ralonsohbut this is other feature, not related14:23
ralonsohwe can address it in other bug14:23
sean-k-mooneyyes but i don tthink you shoudl try to adress https://bugs.launchpad.net/neutron/+bug/1987093 in nova14:23
sean-k-mooney* in neutron14:24
ralonsohok, now I'm lost14:24
lajoskatoname too :-)14:24
sean-k-mooneythe binding profie is ment to be used to pass info form nova to the network backend14:24
lajoskatonaok, let's go back to https://bugs.launchpad.net/neutron/+bug/1987093 ([RFE] Add a port extension to set/define the switchdev capabilities )14:24
sean-k-mooneyright so i am not conviced we shoudl do ^14:25
sean-k-mooneynova does not use the  "{"capabilities": ["switchdev"]}" for anything today14:25
lajoskatonado we need a spec on nova side also to be in sync?14:26
sean-k-mooneyand the enduer has no idea if the VF supports it14:26
ralonsohand how should we ask for a HWOL port?14:26
sean-k-mooneyjust vic type = direct14:26
sean-k-mooneyno special request14:26
ralonsohand if we have SRIOV + OVS?14:27
ralonsohwhat driver should attend this request?14:27
sean-k-mooneyif we want to suppot that we shoudl have a custom trait14:27
sean-k-mooneybut just adding  "{"capabilities": ["switchdev"]}"14:27
sean-k-mooneywill not allow you to chosee today14:27
sean-k-mooneythe nova spec to implemnt the checking based on that was not finished14:27
sean-k-mooneyralonsoh: you wote the code may years ago but we never merged it14:27
ralonsohthis is the way we have now to discriminate if this port is for OVS (HW offload) or SRIOV (not HWOL)14:28
sean-k-mooneynope14:28
ralonsohin Neutron yes14:28
sean-k-mooneythe bug fix that enforect that requriemtn was wrong14:28
sean-k-mooneyits check by ovs but that check is useless14:28
ralonsoh        if (vnic_type == portbindings.VNIC_DIRECT and14:28
ralonsoh                'switchdev' in capabilities):14:28
ralonsoh            LOG.debug("Refusing to bind due to unsupported vnic_type: %s "14:28
ralonsoh                      "with switchdev capability", portbindings.VNIC_DIRECT)14:28
ralonsoh^^ SRIOV14:28
ralonsohand the opposite in OVS14:28
sean-k-mooneyyep14:28
sean-k-mooneythat check is pointless14:29
sean-k-mooney you have no idea if that port is conencted to a VF that is in swtichdev mode14:29
ralonsohOk, let's do this14:29
ralonsohlet's move this discussion out of this meeting14:29
sean-k-mooney+114:29
ralonsohbetween you and me14:29
ralonsohand we can continue with amorin bug14:29
sean-k-mooneywell with anyone that is interested14:29
amorinok14:29
sean-k-mooneybut sure14:29
ralonsoh(I'll update the bug in LP)14:29
lajoskatonathanks, let's do that14:30
lajoskatonaralonsoh, sean-k-mooney: thanks14:30
amorinwe have customers using neutron api from terraform, they create port with a device_id, which endup NOT beeing attached to the instance14:30
amorinso, to solve this on our side, we will add a custom mech-driver (novaplug)14:30
sean-k-mooneyah this im glad im here :)14:30
amorinafter a discussion with sean-k-mooney 14:31
amorinit seems that the best would be to set device_id to be an admin only thing14:31
ralonsoh(BTW, the goal of https://bugs.launchpad.net/neutron/+bug/1986969 was not to create a new mech driver, but to document the current behaviour)14:31
amorinbecause nova will never approve plugging a port outside of a regular nova attache14:31
amorinralonsoh, yes true14:32
amorinI just wanted to share what we will do downstream14:32
amorinI dont want to bring our solution upstream, I just want to fix the issue at the end14:32
amorinI created this in nova: https://review.opendev.org/c/openstack/nova/+/85462714:32
sean-k-mooneyyep so form a nova point of view detaching or attaching a port via neuton is not supported 14:33
sean-k-mooneyand we dont want to supprot that in the future14:33
ralonsohright, you shouldn't14:33
sean-k-mooneyso we would prefer i fthe device_id and devie_oweer filed were admin/service user ownly for post/put14:33
sean-k-mooneyallowing normaly users readonly access is fine14:34
sean-k-mooneybut only nova/ironic/zun shoudl set them14:34
sean-k-mooneyas part of there internal interface attach workflows14:34
sean-k-mooneywell or neuton in the case of l3 router ports ecrta14:34
lajoskatonasounds logical14:35
amorin+114:35
slaweqok, but if we will change that API and allow it only to the admin, we may break someone's usecase potentially if e.g. someone uses this field now for some custom ports14:35
sean-k-mooneyyes that is possible14:36
obondarevfor device_owner I think many users might use it14:36
amorinmaybe we can add an extra option in neutron.conf to change this behavior>14:36
amorin?14:36
slaweq(I don't know about such uses cases in real world, just thinking loud now)14:36
sean-k-mooneywell it can be contoled by custom policy14:36
ralonsohthis is part of the port binding14:36
sean-k-mooneyi know of one incorrect  use today14:36
amorincustom policy is not an option here, if it's available, our customer expects to use it14:37
sean-k-mooneythe shfit on stack team were considering using the id to reserve ip for contianer 14:37
ralonsohso another reason to make the port binding read only14:37
slaweqralonsoh port binding?14:38
slaweqdon't we talk about device_id and device_owner fields?14:38
obondarev these are separate fields14:38
ralonsohsorry, no, this is not part of the port binding info14:38
sean-k-mooneyyes are seperate yes14:38
ralonsohmy bad14:38
lajoskatonaslaweq: I thought the same14:38
slaweqok14:38
sean-k-mooneynova sets them during port attch at the same time it binds the port14:38
sean-k-mooneybut they are seperate14:38
sean-k-mooneybut that is just use minimisng the api calls not14:39
slaweqok, so I would like to clarify one thing as I'm not sure I'm following all the discussion here14:39
slaweqwhat is the proposal to discuss: document current behaviour on Neutron side or add new mechanism driver in neutron as amorin proposed already in gerrit or maybe something else?14:40
slaweqlike changing current default API policies?14:40
opendevreviewsean mooney proposed openstack/neutron master: Revert "ovs mech: bind only if user request switchdev"  https://review.opendev.org/c/openstack/neutron/+/85479614:40
sean-k-mooneyi was suggesting changing the default api policy14:40
lajoskatonaTo document is the minimum as I see14:40
amorindocument +114:41
sean-k-mooneydocumenting is alwasy good14:41
amorinchanging it to admin only14:41
lajoskatonabut changing the policies that can be risky as you said with current unknown users14:41
sean-k-mooneythe issue is right now if you set the device-id to a nova server uuid you will start currptiong the nova db14:41
amorinmoreover, you can set it to a device_id which does not belong to the same tenant14:41
amorinnova does nothing about it14:41
amorinbut openstack port list --server uuid14:42
amorinas admin14:42
amorinwill print it14:42
sean-k-mooneyreally thats not nice14:42
obondarevshould nova distinguish real interfaces from such manually created ones?14:42
amorinvery confusing for admins14:42
sean-k-mooneythe curent api contarct is that the device-id should be set to the entity that consumes the port14:43
sean-k-mooneyentiy being nova instnace, ironic server or zun contianer14:43
sean-k-mooneythe device-owner field is not used for filtering 14:43
slaweqso as sean-k-mooney said, we can change default API policies, document it and write "big" release note that this behaviour changed and if You want to use it in old way, You need to change Your API policies14:43
amorin+114:44
sean-k-mooneyyep 14:44
lajoskatonayeah, as it wa never an official "feature"14:44
lajoskatona+114:44
sean-k-mooneyby the way the usecase the opensfhit had was creating port to reservice ips for there use14:44
sean-k-mooneyso i also feel like that could be adress as its won feature another way14:44
sean-k-mooneyi.e. provide a way to reserve ips without having to create unattached ports14:45
amorinbut you can create ports without device_id, why do they need a device_id?14:45
sean-k-mooneybaicaly like creating flotating ip but form a normal subnet14:45
slaweq^^ that would be another, bigger RFE IMO14:45
sean-k-mooneyamorin: they wanted to track that the ip is used by that vm14:46
sean-k-mooneyor rahter a contianer on that vm14:46
amorinack14:46
sean-k-mooneyslaweq: yes it would 14:46
amorinwere they aware that a reboot hard of the VM would actually attached it?14:46
sean-k-mooneynope14:46
sean-k-mooneyand we were not either14:47
sean-k-mooney(nova team)14:47
amorinok14:47
sean-k-mooneyi dont thin that used to happen14:47
ralonsohit works, yes14:47
sean-k-mooneyi think its a side effect of the network info cahce healing i added a few cycle ago14:47
lajoskatonado we have to handle that case? I mean hard reboot ? 14:47
amorintrue14:47
sean-k-mooneyits not ment ot work because it does not actully set thing up in our db properly14:47
amorin(for the healing side effect)14:47
obondarevso should we disallow device_id only or device_owner is also required?14:47
amorinboth I think14:48
sean-k-mooneynova likely need to have its own bug for this and figure out hwo we want to move forward14:48
lajoskatonaperhaps a good discussion for the PTG :-)14:48
sean-k-mooneyyep perhaps14:49
sean-k-mooneylikely we shoudl jsut reject the external event and not populate it in the netowrk info cache and complain loadly14:49
sean-k-mooneythe probalem is to who14:49
lajoskatonaok, so today and from Neutron perspective we agree that we have to document this behaviour and change the default policies for dev_id and dev_owner, am I right?14:50
ralonsohI think so, this should be the first step14:50
obondarevwell, the issue described is only related to device_id, so not sure device_owner is required here also14:50
lajoskatonaok, thanks14:50
lajoskatonano it mentions owner also, let's see it in the review, I would say :-) 14:51
obondarevless potential "broken" users is better I think14:52
ralonsohright14:52
slaweq++14:52
lajoskatonathat is a good point14:52
obondarev+ for continue in review14:53
lajoskatonaOk, so documentation and policy change for device_id for now14:53
amorinok14:53
lajoskatonaDo you have anything more to discuss today?14:53
lajoskatonaIf nothing we can close the meeting for today14:54
slaweqnothing from me14:54
lajoskatona#endmeeting14:55
opendevmeetMeeting ended Fri Aug 26 14:55:24 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:55
opendevmeetMinutes:        https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-26-14.00.html14:55
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-26-14.00.txt14:55
opendevmeetLog:            https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-08-26-14.00.log.html14:55
obondarevthanks, bye14:55
ralonsohhave a nice weekend14:55
lajoskatonaHave a nice weekend14:55
slaweqhave a great weekend14:55
slaweqo/14:55
amorinsee you, thanks14:59
opendevreviewRodolfo Alonso proposed openstack/neutron-tempest-plugin master: Retrieve the DSCP valid marks from the API  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/85436915:14
opendevreviewMerged openstack/neutron master: Bump revision number of objects when description is changed  https://review.opendev.org/c/openstack/neutron/+/85173316:17
opendevreviewMerged openstack/ovn-octavia-provider stable/ussuri: Ensure members without subnet belong to VIP subnet or fail  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/85099618:55
opendevreviewMerged openstack/neutron stable/yoga: Allow operator to disable usage of random-fully  https://review.opendev.org/c/openstack/neutron/+/85479519:43
opendevreviewMerged openstack/neutron master: Update NDP proxy documentation  https://review.opendev.org/c/openstack/neutron/+/85435020:51
*** dasm is now known as dasm|off21:07
« Thursday, 2022-08-25 Index Saturday, 2022-08-27 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!