Tuesday, 2019-07-02

« Monday, 2019-07-01 Index Wednesday, 2019-07-03 »
openstackgerritMerged openstack/nova stable/queens: Fix live-migration when glance image deleted  https://review.opendev.org/66215400:25
*** hamzy has quit IRC00:35
*** gyee has quit IRC00:37
*** ccamacho has quit IRC01:00
*** ccamacho has joined #openstack-nova01:02
*** takashin has joined #openstack-nova01:02
*** lbragstad has quit IRC01:08
*** imacdonn has quit IRC01:10
*** imacdonn has joined #openstack-nova01:11
*** hongbin has joined #openstack-nova01:16
*** redrobot has quit IRC01:17
openstackgerritMerged openstack/nova master: Drop pre-cinder 3.44 version compatibility  https://review.opendev.org/62106101:20
openstackgerritMerged openstack/nova master: Remove mox in virt/test_block_device.py  https://review.opendev.org/56615301:20
openstackgerritpengyuesheng proposed openstack/python-novaclient master: Add Python 3 Train unit tests  https://review.opendev.org/66839501:36
*** ircuser-1 has joined #openstack-nova01:43
openstackgerritBrin Zhang proposed openstack/nova master: Specify availability_zone to unshelve  https://review.opendev.org/66385101:52
*** ccamacho has quit IRC01:57
*** ccamacho has joined #openstack-nova01:58
*** ccamacho has quit IRC01:58
*** ccamacho has joined #openstack-nova01:59
openstackgerritTakashi NATSUME proposed openstack/python-novaclient master: Add a guide to add a new microversion support  https://review.opendev.org/66700202:07
openstackgerritya.wang proposed openstack/nova-specs master: Re-propose the spec to allow specifying a list of CPU models  https://review.opendev.org/64203002:09
*** ccamacho has quit IRC02:21
*** ccamacho has joined #openstack-nova02:22
*** ccamacho has quit IRC02:31
*** ccamacho has joined #openstack-nova02:31
*** ccamacho has quit IRC02:36
*** ccamacho has joined #openstack-nova02:38
*** ccamacho has quit IRC02:48
*** ccamacho has joined #openstack-nova02:51
*** Kevin_Zheng has joined #openstack-nova02:55
*** ccamacho has quit IRC02:55
*** ccamacho has joined #openstack-nova02:56
openstackgerritMerged openstack/nova stable/queens: Move get_pci_mapping_for_migration to MigrationContext  https://review.opendev.org/66157103:00
openstackgerritMerged openstack/nova stable/queens: Allow driver to properly unplug VIFs on destination on confirm resize  https://review.opendev.org/66157203:00
*** ccamacho has quit IRC03:06
*** hamzy has joined #openstack-nova03:18
*** ccamacho has joined #openstack-nova03:29
*** ccamacho has quit IRC03:35
*** psachin has joined #openstack-nova03:37
*** whoami-rajat has joined #openstack-nova03:42
*** igordc has quit IRC03:51
*** bhagyashris_ has joined #openstack-nova04:05
*** udesale has joined #openstack-nova04:14
*** hongbin has quit IRC04:21
*** amodi has quit IRC04:22
*** ricolin has joined #openstack-nova04:25
*** dansmith has quit IRC05:04
*** Luzi has joined #openstack-nova05:12
openstackgerritya.wang proposed openstack/nova-specs master: Re-propose the spec to allow specifying a list of CPU models  https://review.opendev.org/64203005:16
*** boxiang has joined #openstack-nova05:16
*** dansmith has joined #openstack-nova05:22
openstackgerritMerged openstack/nova-specs master: fix the spelling mistakes  https://review.opendev.org/66624405:23
*** yaawang has quit IRC05:24
openstackgerritMerged openstack/python-novaclient master: Add Python 3 Train unit tests  https://review.opendev.org/66839505:26
*** guozijn has joined #openstack-nova05:26
*** udesale has quit IRC05:35
*** udesale has joined #openstack-nova05:36
*** ratailor has joined #openstack-nova05:42
*** guozijn has quit IRC06:01
*** spatel has joined #openstack-nova06:02
*** yaawang has joined #openstack-nova06:04
*** spatel has quit IRC06:06
*** artom has joined #openstack-nova06:16
*** luksky has joined #openstack-nova06:17
*** artom is now known as artom|gmtplus306:19
*** belmoreira has joined #openstack-nova06:24
*** slaweq has joined #openstack-nova06:30
*** yaawang has quit IRC06:34
*** yaawang has joined #openstack-nova06:35
*** dpawlik has joined #openstack-nova06:49
*** ivve has quit IRC06:52
*** cdent has joined #openstack-nova06:55
*** damien_r has joined #openstack-nova07:04
*** damien_r has quit IRC07:04
*** xek has joined #openstack-nova07:12
*** tssurya has joined #openstack-nova07:13
*** tesseract has joined #openstack-nova07:15
*** helenafm has joined #openstack-nova07:20
*** maciejjozefczyk has joined #openstack-nova07:27
openstackgerritYongli He proposed openstack/nova master: Add server sub-resource topology API  https://review.opendev.org/62147607:30
*** ricolin_ has joined #openstack-nova07:35
openstackgerritJosephine Seifert proposed openstack/nova-specs master: Spec for the Nova part of Image Encryption  https://review.opendev.org/60869607:35
*** belmoreira has quit IRC07:37
*** ricolin has quit IRC07:37
*** evrardjp is now known as evrardjp_on_holi07:40
*** ttsiouts has joined #openstack-nova07:40
*** evrardjp_on_holi is now known as evrardjp_away07:40
*** ociuhandu has joined #openstack-nova07:42
*** ivve has joined #openstack-nova07:48
*** ricolin__ has joined #openstack-nova07:49
*** ricolin_ has quit IRC07:51
*** ttsiouts has quit IRC07:52
*** ttsiouts has joined #openstack-nova07:53
*** rpittau|afk is now known as rpittau07:54
*** belmoreira has joined #openstack-nova07:56
*** ttsiouts has quit IRC07:57
*** takashin has left #openstack-nova08:00
*** pcaruana has joined #openstack-nova08:01
*** ralonsoh has joined #openstack-nova08:02
*** luksky has quit IRC08:04
*** udesale has quit IRC08:05
*** udesale has joined #openstack-nova08:06
*** ratailor_ has joined #openstack-nova08:08
*** ratailor has quit IRC08:10
*** trident has quit IRC08:10
*** maciejjozefczyk has quit IRC08:12
*** trident has joined #openstack-nova08:13
*** yasemin has joined #openstack-nova08:14
yaseminhi08:14
yaseminwe cannot start instances after server reboot, and the error is http://paste.openstack.org/show/753740/08:15
yasemindo you help me ?08:15
openstackgerritBoxiang Zhu proposed openstack/nova master: Make evacuation respects anti-affinity rule  https://review.opendev.org/64996308:15
openstackgerritArtom Lifshitz proposed openstack/nova master: Add neutron-tempest-iptables_hybrid job to experimental queue  https://review.opendev.org/66715408:17
openstackgerritArtom Lifshitz proposed openstack/nova master: Revert resize: wait for events according to hybrid plug  https://review.opendev.org/66717708:17
openstackgerritArtom Lifshitz proposed openstack/nova master: Remove finish_revert_migration() signature try/catch  https://review.opendev.org/66863108:17
*** maciejjozefczyk has joined #openstack-nova08:18
*** ttsiouts has joined #openstack-nova08:19
*** luksky has joined #openstack-nova08:19
*** tkajinam has quit IRC08:26
*** yasemin has quit IRC08:27
*** yasemin has joined #openstack-nova08:28
yaseminhi, i cannot  start instances after server reboot, and the error is http://paste.openstack.org/show/753740/ do you help me ?08:29
lyarwoodyasemin: I've got no idea what `16.0.13` is but make sure you have https://review.opendev.org/#/q/Iae2962bb86100f03fd3ad9aac3767da876291e7408:40
*** boxiang has quit IRC08:42
*** boxiang has joined #openstack-nova08:42
yasemin<lyarwood> the bug is 2017. does it related to my problem ?08:43
*** boxiang has quit IRC08:43
*** boxiang has joined #openstack-nova08:44
*** boxiang_ has joined #openstack-nova08:46
*** boxiang has quit IRC08:46
*** belmoreira has quit IRC08:52
lyarwoodyasemin: if you're using QEMU > 2.10 then maybe08:56
lyarwoodyasemin: `16.0.13` isn't a released version of openstack-nova upstream AFAICT, it should contain that patch as it was included in actual early releases but I obviously can't tell08:56
lyarwoodyasemin: feel free to open a bug https://launchpad.net/nova/ listing your versions of QEMU, Libvirt and where you got this version of openstack-nova.08:57
*** ricolin_ has joined #openstack-nova09:04
*** tetsuro has joined #openstack-nova09:04
*** ricolin__ has quit IRC09:07
*** jaosorior has joined #openstack-nova09:13
*** priteau has joined #openstack-nova09:18
*** belmoreira has joined #openstack-nova09:20
*** ricolin_ is now known as ricolin09:33
*** udesale has quit IRC09:35
jrosserlyarwood: i think that is the 16.0.13 release of openstack-ansible which pulls in this SHA of nova https://github.com/openstack/openstack-ansible/commit/f678b3d9a237a0cad229cad6cbc5fd9254b5a6f4#diff-78907cb9f0dc957a6642505f5b9c135cR15009:36
*** udesale has joined #openstack-nova09:36
*** ratailor_ has quit IRC09:38
*** ratailor has joined #openstack-nova09:40
*** whoami-rajat has quit IRC09:42
lyarwoodjrosser: ack thanks09:43
lyarwoodyasemin: ^ so you should have that fix, 09593628fda7a6cb947fff34c725e3ef29889dc7 includes https://review.opendev.org/#/q/Iae2962bb86100f03fd3ad9aac3767da876291e7409:43
*** ricolin_ has joined #openstack-nova09:47
*** ricolin has quit IRC09:49
*** priteau has quit IRC09:57
*** bhagyashris_ has quit IRC09:58
*** tetsuro has quit IRC10:04
*** priteau has joined #openstack-nova10:07
*** psachin has quit IRC10:08
*** tetsuro has joined #openstack-nova10:10
*** boxiang_ has quit IRC10:10
openstackgerritBrin Zhang proposed openstack/nova master: Specify availability_zone to unshelve  https://review.opendev.org/66385110:14
yaawangHello, could anyone review these spec? It's about expose auto-converge/post-copy and vcpu model selection :) https://review.opendev.org/651681 https://review.opendev.org/64203010:17
kashyapstephenfin: You back?10:18
kashyapstephenfin: What is the problem in this rST snippet on the said line: http://paste.openstack.org/show/753749/10:18
* stephenfin looks10:19
stephenfinand yes, back and not _too_ sunburnt10:19
kashyapHehe10:19
kashyap(Hope you had a good time)10:20
kashyapThe literal block, where do I put it on line-306?  Why rST, why you do this to me...10:20
stephenfin306 needs to be indented more10:20
stephenfinand 303 needs to take the form '(a)', I think10:20
stephenfinsince it's not smart enough to realize that the '3.' refers to the above point10:21
* kashyap curses under his breath10:21
stephenfinthough you can force the HTML to render that way, of course10:21
kashyapIt "worked" :-(10:21
kashyapLet me fiddle10:21
stephenfinIn general, I'm learning that even if it looks better in raw form with 2 or 3 spaces, you're better off using four spaces for all indentation since it's more predictable10:22
kashyapYeah, I hear you10:23
*** brinzhang has quit IRC10:37
*** udesale has quit IRC10:54
kashyapstephenfin: Another error I don't understand :-( -- http://paste.openstack.org/show/753750/10:54
kashyapI compared with another spec, and the indentation and bullets in the "History" section look exactly same10:55
kashyapOh, I think I'm missing the "Introduced" keyword10:56
cdentefried: can you point me to a quick and dirty example of cleanly retrying a set_inventory_for_provider that's gets a generation conflict and that is being called independently . I'd like to cargo cult^w^wlearn by example if possible.10:56
stephenfinkashyap: Yeah, you're missing the description bullet point for the 'Train' release10:57
stephenfin* - Train10:57
stephenfin  - Introduce10:57
stephenfin*d10:57
kashyapstephenfin: Yep, figured as much.  Done.10:57
kashyapThanks, and sorry for bothering with these trivialities.10:57
*** udesale has joined #openstack-nova11:00
*** udesale has quit IRC11:13
openstackgerritKashyap Chamarthy proposed openstack/nova-specs master: Add "Secure Boot support for KVM & QEMU guests" spec  https://review.opendev.org/50672011:22
openstackgerritHuachang Wang proposed openstack/nova-specs master: We'd like to propose a way to create instance to take using of PCPU and VCPU resource in one instance.  https://review.opendev.org/66865611:22
kashyapjohnthetubaguy: As promised yesterday, reworked: Add "Secure Boot support for KVM & QEMU guests" spec  https://review.opendev.org/50672011:26
*** ratailor has quit IRC11:26
kashyapjohnthetubaguy: I added a short changelog in the Gerrit with what I addressed.11:26
kashyapSee if that matches our conversation from our past review.11:26
* kashyap bbiab; lunch11:27
openstackgerritHuachang Wang proposed openstack/nova-specs master: Use PCPU and VCPU in one instance  https://review.opendev.org/66865611:31
*** yasemin has quit IRC11:38
alex_xustephenfin: so we won't support to request PCPU for the instance without numa topo in standard cpu resource tracking spec, right?11:39
sean-k-mooneyalex_xu: that is the same as it has always been11:39
stephenfinalex_xu: I wasn't planning to uncouple the two features, no11:39
alex_xuthanks, that is what I'm expecting11:40
*** psachin has joined #openstack-nova11:40
*** priteau has quit IRC11:41
*** jaosorior has quit IRC11:42
*** sapd1_x has joined #openstack-nova11:55
*** spatel has joined #openstack-nova11:58
*** spatel has quit IRC12:03
openstackgerritMartin Midolesov proposed openstack/nova master: Implementing graceful shutdown.  https://review.opendev.org/66624512:09
*** maxbahosh3 has joined #openstack-nova12:09
maxbahosh3hi there, i have problem with numa and my flavors.12:10
maxbahosh3i have 2 socket servers and 4 socket servers, and i want to set numa to user all socket for memory12:10
maxbahosh3i set hw:numa_nodes='2' for 2 socket server and hw:numa_nodes='4' for 4 socket12:10
maxbahosh3is it any way to configure one flavor to use for both type of servers?12:10
*** ganso has quit IRC12:15
*** ganso has joined #openstack-nova12:16
sean-k-mooneymaxbahosh3: no12:16
sean-k-mooneyyou need two flavors or just use hw:numa_nodes=2 for all of them12:16
sean-k-mooneymaxbahosh3: well that or just dont set hw:numa_nodes at all12:17
sean-k-mooneybut that also means you cant use cpu pinning or hugepages12:17
maxbahosh3if i use numa nodes 2, just use 2 socket and and oom maybe occur12:18
maxbahosh3if not set, does it use all of socket?12:18
sean-k-mooneyif not set it uses all soceckt12:19
sean-k-mooneywhat oom errors are you seeing12:19
sean-k-mooneyyou shoudl not see the kernel killing instances12:20
sean-k-mooneyyou may not be able to fit a vm but that would just be beacuse of the normal ttris problem12:20
maxbahosh3i see oom kiiler error cause of it use one instance, use one socket12:21
maxbahosh3so, i use numa node to use two socket12:21
sean-k-mooneythat means you have not correctly reserved memoyr per numa node12:21
maxbahosh3how can i reserved memory?12:22
maxbahosh3do you mean reserved_host_memory_mb ?12:22
sean-k-mooneythe oom killer runs per numa node and will be trigered whenever the kernel needs memroy on a specific numa node even if there is memory free on a different hode12:22
sean-k-mooney*node12:22
sean-k-mooneythe best way to avoid this is to use hugepages12:23
sean-k-mooneyreserved_host_memory_mb is not enough. you also neeed to use cgroups to limit the memoy available to qemu/libvirt so that it cannot use all memory on each indivigual node12:24
maxbahosh3mmm, i didnt ahave any configuration for hugepages ...12:24
sean-k-mooneyif you use vm with hugepages it will both improve teh performace of the vms and prevent the OOM issues12:24
maxbahosh3do you have good tuning link for it? (i'm going to search on google)12:25
maxbahosh3sean-k-mooney12:31
maxbahosh3https://www.openstack.org/assets/presentation-media/performance-rhosp-summit-rmahroua2.pdf12:31
maxbahosh3i found this, i think it's a good point to start this tuning. thanks a lot12:32
*** jaosorior has joined #openstack-nova12:39
*** eharney has quit IRC12:43
*** udesale has joined #openstack-nova12:43
*** jaypipes has joined #openstack-nova12:46
*** tetsuro has quit IRC12:47
*** ricolin_ is now known as ricolin12:56
*** priteau has joined #openstack-nova12:58
*** luksky has quit IRC13:02
sean-k-mooney gibi alex_xu just responded to https://review.opendev.org/#/c/662264/5 ill respin in an hour or two and adress the issue you raised, let me know if the repsoces make sense or if you have other question and ill adress them all as part of the respin. thanks for reviewing :)13:04
gibisean-k-mooney: ack13:05
gibisean-k-mooney: your responses looks good to me13:08
sean-k-mooneyok ill leave it as is for people to leave more feedback if the chose too and ill resping as i said in an hour or so13:08
gibisean-k-mooney: cool13:09
sean-k-mooneyin general are you ok with the feature? include the seperate RPs to make reshap simpler in the future?13:09
openstackgerritBalazs Gibizer proposed openstack/nova master: Stabilize unshelve notification sample tests  https://review.opendev.org/66867513:10
gibiefried, mriedem: super simple test only change ^^13:10
*** tbachman has quit IRC13:12
sean-k-mooneyi need to read the commit but how is this sablising the test?13:12
openstackgerritKashyap Chamarthy proposed openstack/nova-specs master: Add "Secure Boot support for KVM & QEMU guests" spec  https://review.opendev.org/50672013:13
*** priteau has quit IRC13:13
*** ccamacho has joined #openstack-nova13:13
kashyaplyarwood: Hey, when you get 10-ish minutes, want to have a gander at ⮭13:13
*** priteau has joined #openstack-nova13:14
kashyap(You looked at it previously.)  I've also included a short changelog of all the things I addressed, based on johnthetubaguy's feedforward.13:14
*** mriedem has joined #openstack-nova13:14
lyarwoodkashyap: ack will do13:16
efriedsean-k-mooney: Thanks for pointing out that MKTME spec. I was expecting it to show up, but didn't see it come in for some reason, possibly because it's proposed to backlog/ and I'm focused on train/.13:16
sean-k-mooneyoh i totally missed that13:17
sean-k-mooneyi thought it was for train13:17
efriedcdent: Unfortunately set_inventory_for_provider retry isn't "clean" because it goes through a dozen layers of the periodic update in the resource tracker13:17
efriedgibi: ack13:17
sean-k-mooneyin that case im less worried about the scope/alingment with the current sev spec13:18
mriedemlyarwood: melwitt: i replied about the conflicts in this queens backport https://review.opendev.org/#/c/662471/13:18
gibisean-k-mooney: yes, those test could fail if the timing is unlucky13:18
sean-k-mooneyya i just figured out how this fixes it13:18
efriedcdent: oh, actually, snot so bad. set_inventory_for_provider called by update_from_provider_tree (both in report client) called by _update_to_placement (in resource tracker)13:18
efriedcdent: _update_to_placement has the retry decorator on it.13:19
sean-k-mooneygibi: we are setting up the verifies but the test could end before the notificaion is sent13:19
efriedcdent:13:19
efried    @retrying.retry(stop_max_attempt_number=4,13:19
efried                    retry_on_exception=lambda e: isinstance(13:19
efried                        e, exception.ResourceProviderUpdateConflict))13:19
mriedemlyarwood: sean-k-mooney: is stephenfin around this week?13:19
sean-k-mooneymriedem: he was on eairlier13:19
sean-k-mooneymriedem: and he does not have PTO in our team calander so i think so13:20
gibisean-k-mooney: yes, to core of the issue is that instance.vm_state is set ACTIVE before the the end notification is emitted but the test only waits for the ACTIVE state13:20
sean-k-mooneyhe might be at the gym at the moment13:20
mriedemok looking for answers on this queens numa live migration change https://review.opendev.org/#/c/629597/13:20
sean-k-mooneymriedem: ya i was planning to bug him about that chagne today too13:20
sean-k-mooneymriedem: your trying to do a queens release soon right13:21
stephenfinmriedem: I'm here, yeah13:21
sean-k-mooneyi would like to include that in the next queens release if we can13:21
stephenfinmriedem: Saw comments on a queens backport in the scrollback. I'll get to that once I've finished with this mountain of email :'(13:22
efriedyaawang: If you like, I can update the cpu_models spec real quick13:23
mriedemsean-k-mooney: yes i'm flushing for a queens release13:24
*** lbragstad has joined #openstack-nova13:24
mriedemnearly there https://review.opendev.org/#/q/status:open+project:openstack/nova+branch:stable/queens+label:Code-Review=213:24
*** eharney has joined #openstack-nova13:26
openstackgerritya.wang proposed openstack/nova-specs master: Re-propose the spec to allow specifying a list of CPU models  https://review.opendev.org/64203013:27
efriedalex_xu, stephenfin, gibi: I'm +2 on ^ if one of you wants to push it.13:31
*** tbachman has joined #openstack-nova13:31
efriedkashyap: Are you convinced enough of the use case to accept this being implemented? ^13:31
stephenfinefried: The spec? Has kashyap looked through that again?13:31
stephenfinJinx :)13:31
stephenfinI'd like to look through that again myself. Can we hold off until tomorrow at least? If I don't get to it by then, carry on13:32
efriedkashyap: note that under the latest design proposal, existing confs will continue to work, so the load on the deployer isn't as great.13:32
sean-k-mooney ill quickly re reivew it too now but i was ok with the usecase in the past i think13:32
* gibi holds of +2 on cpu_modles till kashyap responds13:32
kashyapefried: Will look once I address gibi's comments in my own spec13:33
kashyapstephenfin: ^13:33
efriedstephenfin, gibi, sean-k-mooney: ack, no big hurry I guess. Thanks kashyap.13:33
sean-k-mooneyefried: its proably one of the spec we should be able to close out on today as part of the review day13:34
kashyapgibi: On the Secure Boot thing, fixing your remarks.  My eyes are glazing over from looking at my own text.  Note that the "firmware descriptor files" from QEMU are nice-to-have, but doesn't block Train13:34
kashyap I'll add notes there.13:34
efriedsean-k-mooney: yeah, that was my hope :)13:34
gibikashyap: ack13:34
sean-k-mooneyefried: by the way do you have the link handy to the dashboard you created13:34
kashyapsean-k-mooney: I was not OK with the spec, and actually abandoned it13:34
efriedsean-k-mooney: https://etherpad.openstack.org/p/nova-spec-review-day13:34
sean-k-mooneyefried: thanks13:34
kashyapBut it was re-opened, and I want to see if I can convince myself again13:34
efriedsean-k-mooney: front matter has a couple of gerrit dashboard links.13:34
* kashyap is talking about the CPU models thingie13:34
stephenfinIs today a review day?13:35
* stephenfin missed that mail13:35
stephenfin*spec review day13:35
sean-k-mooneystephenfin: yes13:35
sean-k-mooneyi think the final one for train13:35
stephenfinCrap. Ugh. Too much to do13:35
efriedstephenfin: http://lists.openstack.org/pipermail/openstack-discuss/2019-June/007381.html13:35
efriedI should have sent a reminder last night, mahbad.13:35
sean-k-mooneyspec freeze is july 25th i think so thusday 3 weeks13:36
stephenfinI'll try schedule that for this evening so. Feck the emails13:36
openstackgerritTheodoros Tsioutsias proposed openstack/nova-specs master: Add PENDING vm state  https://review.opendev.org/64868713:37
alex_xusean-k-mooney: you want to use the min and max of inventory for the fixed size cache,right?13:38
sean-k-mooneysorry yes min max and step size should all be set to the same13:39
sean-k-mooneyto prevent the fragmenation13:39
sean-k-mooneynot just step size13:39
lyarwoodsean-k-mooney: just posted some addition nits in the pqos spec if you're going over it still13:40
sean-k-mooneylyarwood: i was going to leave them build up until 1600 then adress them all13:40
alex_xucool, sounds cool for me13:41
sean-k-mooneybut yes im checking it every so often13:41
lyarwoodsean-k-mooney: ack13:41
sean-k-mooneyalex_xu: woudl you prefer to manage the min/max/step size via the placmenet api as i was propsoeing or should i update the spec to have a config option13:42
kashyapgibi: I'd need your re-ACK as I'm fixing the two other broken sentences, and add a note on the QEMU dep for nice-to-have.13:43
efriedIs /servers/{server_id}/action Create Image (createImage Action) aka "snapshot"?13:44
gibikashyap: just ping me13:44
*** luksky has joined #openstack-nova13:44
gibikashyap: when you are ready13:45
kashyapalex_xu: Are you convinced of that CPU models thing?  WheN I explained this spec to two QEMU maintainers, they said "don't do that" (the CPU models as list).  But rather allow them setting via flavor properties, if you want13:45
kashyapgibi: Yep, juggling multiple things13:45
alex_xusean-k-mooney: I prefer to have config option. otherwise, I'm thinking how do we deal with the update_provider_tree and the user update13:45
*** liuyulong has joined #openstack-nova13:45
*** BjoernT has joined #openstack-nova13:45
kashyapalex_xu: I'll comment in full, once I flush existing content to my brain's disk13:45
sean-k-mooneyefried: the create image action i think is snapshot yes13:45
sean-k-mooneyalex_xu: for update provider tree i planned to have nova only set them if it creating the inventory initailly13:46
alex_xukashyap: as my understand, that spec doesn't helpful for your flaw mitigation case, but that spec aims to live migration case13:46
sean-k-mooneyso update provider tree would not modify them but ill add the config option in the next version so since that is simple13:46
kashyapalex_xu: Yeah, I do see the use case, though.  Not denying that13:46
efriedlooks like snapshot may also be used for shelve13:47
kashyapalex_xu: Just weighing the costs, and if it'll come to bite us in a different scenario -- as it's hard to think through _all_ the cases that might be affected here.13:47
sean-k-mooneyefried: yes when we shelve we snapshot the root disk13:47
sean-k-mooneybut im not sure if we only do that for shelve offload13:48
sean-k-mooneyor if it happens on shelve13:48
*** Luzi has quit IRC13:50
*** Jeffrey4l_ has joined #openstack-nova13:50
*** BjoernT_ has joined #openstack-nova13:52
openstackgerritsean mooney proposed openstack/nova master: [DNM] testing bug/1813789 revert resize events  https://review.opendev.org/66444213:53
openstackgerritArtom Lifshitz proposed openstack/nova master: [DNM] testing bug/1813789 revert resize events  https://review.opendev.org/66444213:53
*** mlavalle has joined #openstack-nova13:53
sean-k-mooneyjinx13:54
*** Jeffrey4l has quit IRC13:54
*** BjoernT has quit IRC13:55
*** helenafm has quit IRC13:56
artom|gmtplus3Dammit, 11 seconds13:57
sean-k-mooneyi did it via the gerrit ui14:00
sean-k-mooneygiven the gate lag time it makes no difference :)14:01
*** maxbahosh3 has quit IRC14:05
gibisean-k-mooney: replied in https://review.opendev.org/#/c/66867514:05
kashyapgibi: A small heads-up: I've also fixed two more small things related to content moving.  I'll append a short summary of changes for convenience, once the docs compile locally.14:07
gibikashyap: OK, I will look at the diff14:07
sean-k-mooneygibi:  oh wiat thost are not test they are test helper functions because they are prefixed wtih _14:08
gibisean-k-mooney: yeah, they are steps of a biiig test case14:08
sean-k-mooneyso _test_shelve_and_shelve_offload_server is beeing invoked elsewhere14:08
sean-k-mooneyah ok in that case your change makes sense i missed that14:09
gibisean-k-mooney: it is invoked exactly before _test_unshelve_server()14:09
sean-k-mooneyi was wondering why you were doing extra work when you did not need too14:09
openstackgerritKashyap Chamarthy proposed openstack/nova-specs master: Add "Secure Boot support for KVM & QEMU guests" spec  https://review.opendev.org/50672014:09
gibisean-k-mooney: this is the test case https://review.opendev.org/#/c/668675/1/nova/tests/functional/notification_sample_tests/test_instance.py@34214:09
sean-k-mooneywell in that case i dont think you need to do the unshelve right?14:10
sean-k-mooneyyou are doing an extra unchelve and shelve that are not needed14:10
kashyapgibi: When you can: done.  Posted the shortlog as well.14:10
openstackgerritStephen Finucane proposed openstack/nova stable/stein: Ignore hw_vif_type for direct, direct-physical vNIC types  https://review.opendev.org/66735414:10
openstackgerritStephen Finucane proposed openstack/nova stable/rocky: Ignore hw_vif_type for direct, direct-physical vNIC types  https://review.opendev.org/66735514:11
openstackgerritStephen Finucane proposed openstack/nova stable/rocky: Ignore hw_vif_type for direct, direct-physical vNIC types  https://review.opendev.org/66735514:11
sean-k-mooneygibi: if _test_shelve_and_shelve_offload_server left it shelved and _test_unshelve_server required a shelved server it would speed up the test case14:11
gibisean-k-mooney: I could skip that but then instance would be in SHELVED case between the steps and that would ruin the generic pre-condition of the test steps enforced in https://review.opendev.org/#/c/668675/1/nova/tests/functional/notification_sample_tests/test_instance.py@38414:12
*** _alastor_ has joined #openstack-nova14:12
gibisean-k-mooney: I could combine the two test step14:13
sean-k-mooneyi see14:13
gibikashyap: ack14:13
kashyapThanks a ton.14:13
* kashyap now looks at the CPU model spec14:13
sean-k-mooneyinto a _test_shelve_shelve_offload_unshelve_server14:13
sean-k-mooneyya that would be more efficent14:14
*** helenafm has joined #openstack-nova14:14
sean-k-mooneyand it would not violate the pre/post condition that the server is active between all steps14:15
sean-k-mooneygibi: that said, these are fucntional tests14:16
sean-k-mooneyso we are not actully snapshoting the server and uploading it to glance and then restoring it14:16
gibikashyap: I'm +2 on the secure boot14:16
sean-k-mooneyso what you have is proably fine for the fake driver/fake libvirt whichever we are actully using14:16
kashyapgibi: Thank you.  And FWIW, I'm giving a "semi-strong +1" to to the CPU models thing, with a note.14:16
gibikashyap: thanks14:17
kashyapAs I don't want to block it any further, and we can hash out the details in the implementation.14:17
gibikashyap: ack14:18
*** maxbahosh has joined #openstack-nova14:21
openstackgerritMatt Riedemann proposed openstack/nova stable/queens: Fail to live migration if instance has a NUMA topology  https://review.opendev.org/62959714:25
openstackgerritMatt Riedemann proposed openstack/nova stable/queens: fix up numa-topology live migration hypervisor check  https://review.opendev.org/64893914:25
mriedemlyarwood: can you hit https://review.opendev.org/#/c/629597/ ?14:26
*** maxbahosh has quit IRC14:29
mriedemcoreycb: can you ack this? https://review.opendev.org/#/c/668680/14:30
*** redrobot has joined #openstack-nova14:33
efriedkashyap: Did you forget to hit save or are you still composing?14:41
kashyapefried: Forgot to hit save, bad me.  A sec14:42
kashyapOh, I went noting some grammar nit, and then two other people pinged and got distracted14:42
kashyapefried: Done.14:43
efriedthanks kashyap14:43
kashyapWe can hash out the technical details (and surely we'd want to do some some robust functional testing _and_ post the results in the review for posterity/record)14:43
kashyap... in the implementation.14:44
kashyapIt's a +0.8.14:44
kashyapefried: If you feel like fixing the grammar edit & re-ACK it; if you don't want to bother, also fine.14:46
efriedkashyap: I'm not being that picky anymore.14:47
kashyapCan fully understand.  It's just my OCD.14:48
kashyapThat's why I never -1 such things (unless it hampers reading, or is too sloppy).14:48
*** _alastor_ has quit IRC14:52
*** zbr has quit IRC14:53
efriedkashyap: I've started blithely posting patch sets on other people's changes to correct grammar before I review for content.14:53
kashyapefried: So you wanted to amend that behaviour? :-)14:54
kashyapCan understand14:54
efriedalex_xu: if you're around, would you like the +W on https://review.opendev.org/#/c/642030/ ? Else I'll push it in a bit.14:54
*** zbr has joined #openstack-nova14:54
*** _alastor_ has joined #openstack-nova14:55
kashyapyaawang: Hi, please copy me on the impl of that 'cpu_models' thing.  Happy to work out the details.14:55
* kashyap might miss it in the sea of notifications14:55
* gibi has a notification for the word notification :D14:55
kashyapLOL14:57
kashyap(Sorry)14:57
*** evrardjp_away has quit IRC14:58
*** evrardjp has joined #openstack-nova14:59
*** edmondsw_ has joined #openstack-nova15:04
*** spatel has joined #openstack-nova15:04
spatelsean-k-mooney: morning15:04
sean-k-mooneyspatel: o/15:04
*** gyee has joined #openstack-nova15:04
spatelI have testing my new openstack cloud, i have spun vm-1 but i am not seeing any live migration option in drop down menu15:05
gibikashyap: it is the remains of time I worked on versioned notifications a lot15:05
sean-k-mooneyspatel: that sound like a horizon issue15:05
spatelhmm!15:06
sean-k-mooneyim not sure how that is displayed but i would not expect horizon to be able to tell if live migration is uspported15:06
sean-k-mooneywe do not have a api you can query to discover that15:06
kashyapgibi: Yeah, guessed as much :-)15:07
sean-k-mooneywe just have teh endpoint to do a migration which can succeed or fail wehn you call it15:07
kashyapsylvainb: Quite active discussion on that 'mdevctl' thread on libvirt upstream thread15:07
kashyapErr, bauzas:15:07
kashyap(I see that you wanted to try it, 'mdevctl' in Nova.   Haven't caught up with the rest of the KM-long thread there, though.)15:08
spatelsean-k-mooney: oh wait, when i logged in as admin i can see live migration15:09
sean-k-mooneyspatel: yes live migration is admin only15:09
spatelits not available for end-user15:09
sean-k-mooneyspatel: yep the only action an endupser can do that might casue a migration to happen is resize15:10
spatelyes they do have re-size option but not live, i think this is good because we don't want end user do live migration without understanding15:11
sean-k-mooneyyep15:11
spatelsean-k-mooney: how do i evacuate single VM? is it something only available in command line?15:12
sean-k-mooneyproably. yes15:13
sean-k-mooneyyou have to use the nova cli instead of opentasck one15:13
openstackgerritBalazs Gibizer proposed openstack/nova master: Stabilize unshelve notification sample tests  https://review.opendev.org/66867515:13
gibiefried, mriedem: reported bug and fixed up the commit message ^^15:15
efriedgibi: +2, thanks.15:15
gibiefried: thank you15:15
efriedyahyoubetcha15:15
*** tbachman has quit IRC15:16
*** ivve has quit IRC15:17
*** liuyulong has quit IRC15:22
spatelsean-k-mooney: let me try and see.. i am running test on cpu-pining live migration using evacuate15:23
*** cdent has quit IRC15:24
*** sapd1_x has quit IRC15:28
*** ttsiouts has quit IRC15:31
sean-k-mooneyspatel: it should just be "nova evacuate <server>" and optioncally you can also proved a host as teh last postional arg.15:32
sean-k-mooneysince you are on shared stoarge however you need to ensure the vm is stoped and the compute service is disabled before you do the evacuate15:33
spateloh wait compute service disabled?15:37
*** tbachman has joined #openstack-nova15:38
sean-k-mooneyyou cant evacuate form a host where the compute service is enabled15:38
sean-k-mooneyspatel: if the compute node is healty then you should jsut do a cold migration15:38
sean-k-mooneycold migration wtih cpu pinning works as intended15:39
spateland cold migration support CPU-pining and hugepage15:39
sean-k-mooneyyep15:39
sean-k-mooneyfor cold migration we generate a new xml on the destintion node so it works correctly15:39
*** tssurya has quit IRC15:40
sean-k-mooneythe bug for livemigration is while we caulate a new toplogy for the destination node we dont regenerate teh xml so we move teh vm bug still pin it as if it was on the souce node as we are using the xml form the source node instead of generating a new one for the destination node15:41
*** helenafm has quit IRC15:52
*** cdent has joined #openstack-nova15:54
*** artom|gmtplus3 has quit IRC15:56
*** wwriverrat has quit IRC16:09
*** gyee has quit IRC16:12
*** BjoernT_ is now known as BjoernT16:16
*** rpittau is now known as rpittau|afk16:21
*** gyee has joined #openstack-nova16:25
adriancHi, any chance I can bother one of the fine cores here for a review for a FUP https://review.opendev.org/#/c/659101/ , already has a +2 from stephenfin :)16:35
openstackgerritMatt Riedemann proposed openstack/nova master: Clean up test_virtapi  https://review.opendev.org/66741916:36
openstackgerritMatt Riedemann proposed openstack/nova master: Add VirtAPI.update_compute_provider_status  https://review.opendev.org/66870616:36
openstackgerritMatt Riedemann proposed openstack/nova master: libvirt: manage COMPUTE_STATUS_DISABLED for hypervisor connection  https://review.opendev.org/66870716:36
*** spatel has quit IRC16:45
efriedadrianc: done16:45
efriedexcept for the "fine" part16:45
openstackgerritMerged openstack/nova-specs master: Re-propose the spec to allow specifying a list of CPU models  https://review.opendev.org/64203016:47
*** priteau has quit IRC16:48
*** udesale has quit IRC16:49
sean-k-mooneyjaypipes: hehe that was an old pull request :)16:51
*** luksky has quit IRC16:53
jaypipessean-k-mooney: lol, doing some housecleaning :)16:56
*** tesseract has quit IRC17:01
efriedjroll: you back today?17:02
*** ricolin_ has joined #openstack-nova17:05
*** ricolin has quit IRC17:07
openstackgerritsean mooney proposed openstack/nova-specs master: add libvirt pqos spec  https://review.opendev.org/66226417:08
sean-k-mooneylyarwood: ^ is the updated versions17:08
*** belmoreira has quit IRC17:09
sean-k-mooneyhum looks like i need to fix the diagram17:13
jrollefried: yep, hi!17:14
efriedjroll: Wanna talk TPM?17:14
jrollefried: gimme 15, in a meeting atm17:14
*** ricolin_ has quit IRC17:14
efriedsho17:14
openstackgerritBalazs Gibizer proposed openstack/nova master: nova-manage: heal port allocations  https://review.opendev.org/63795517:14
efriedI await thy ping17:14
*** ociuhandu_ has joined #openstack-nova17:14
*** ociuhandu_ has quit IRC17:15
*** ociuhandu has quit IRC17:18
gibiefried, mriedem: I think I'm done with the heal port allocation rework based on your comments. (except two change in a followup)17:20
efriedack17:20
* gibi has left the building17:21
openstackgerritsean mooney proposed openstack/nova-specs master: add libvirt pqos spec  https://review.opendev.org/66226417:24
sean-k-mooneyok fixed the ascii diagram17:24
openstackgerritMerged openstack/nova master: Un-safe_connect and publicize get_providers_in_tree  https://review.opendev.org/66806217:28
jrollefried: am free now17:30
efriedo/17:31
efriedSo what do you know about this "reboot required" business? I was able to confirm that from several sources.17:31
sean-k-mooneyim going to go have food so ill be away for the next hour or so. ill be back later17:31
sean-k-mooneyefried: reboot requried?17:31
efriedAnd are you caught up with what penick was saying about "oh, just leave it to us to manage the state of the TPM"17:31
efriedsean-k-mooney: talking to jroll about TPM stuff. Go do your food thing :)17:32
jrollefried: I wasn't aware a hypervisor reboot was required until you were. and I think I'm caught up with penick?17:33
sean-k-mooneyoh im guessing after a guest has finished using a tpm and we delete teh guest the TPM is unaviaoble until after a reboot? and yep its time for breakfest/lunch/dinner brb17:33
*** ociuhandu has joined #openstack-nova17:33
efriedcorrect sean-k-mooney. Either unavailable, or still has the old VM's secrets in it.17:33
efriedjroll: So what penick is saying, IIUC, is that we should blindly pass the TPM through, and worry about the orchestration layer to know what's on it at any given time. I.e. nova doesn't do any prep or checking or clearing or ownership assigning.17:34
efriedThat sounds like a pretty big security risk to me. Kind of doubt it's going to fly, design-wise, with the Nova maintainers.17:35
dansmithhow is that not a terrible idea?17:35
efriedyeah17:35
dansmithI mean, I get that it's the minimum required effort to get what you want, but...17:35
dansmithdoesn't seem like a smart decision at all17:35
jrollright, it seems like our use case would be long-running VMs17:36
sean-k-mooneyefried: that is not too unsuerpising. older gpus had the same issue. unless the uefi firmware is specificlay coded to handel it pci passthou deveice can become unusable until they are reset ususally that reuires a host reboot.17:36
jrolland/or these hosts would only be accessible by this tenant17:36
sean-k-mooneyand now that i have my phone back to cooking17:36
jrollI'm not sure I agree that we should just let nova blindly land stuff on a TPM without checking it, fwiw17:37
*** ociuhandu has quit IRC17:38
jrollI haven't thought through what it would take to have nova track if a TPM is 'usable' or not17:38
efriedRight. That's Nova abdicating a pretty serious burden of responsibility to the unknown upper layer. I mean, we have trust models in place that are a certain shape and this really seems to be breaking outside of that shape.17:38
efriedso given that that approach is likely to be -many, unless there's some other place we can go with this, we're probably going to have to declare it dead in the water. (aka "downstream it if you really need it")17:38
dansmithI'd like to see more uses for it17:39
jrollI assume assigning some sort of TPM_DIRTY trait isn't going to fly, right?17:39
dansmithwhile I feel for the situation of trying to push people to vms by providing things that look like hardware, the "single long-lived vm per host" use case doesn't hold much weight for me17:40
efriedjroll: If we were going to remove it from service via placement-ism, we would probably use the reserved=total trick.17:40
efriedrather than a trait17:40
jrolldansmith: that's fair. the reason we would do this on a VM instead of bare metal is for neutron security groups, boot from volume, etc17:41
efried(and btw, implied in your question and my response is: one RP per TPM)17:41
dansmithbut we also need to know how to clean it and I think that depending on placement as a persistence mechanism for something like this is an abuse.. it'd be too easy for an operator to just delete that allocation not knowing why it's there, only to have us hand the tpm to something else17:41
jrollor rather, that's why the "single long-lived vm per host" is a somewhat valid use case for us17:42
*** ralonsoh has quit IRC17:42
*** bbowen has quit IRC17:42
jrollefried: I guess I'm not deep enough in nova to offer suggestions on how to manage this, I'll have to dig around some and maybe come back and talk about it17:45
jrollunless "tracking the state of the hyp" is 100% not going to happen for something like this17:45
efriedjroll: We would have to do it with an external file of some kind.17:46
efriedunless there's a way to know by querying the device17:46
efriedor sysfs or whatever17:46
jrollhmm ok17:46
efriedbut sysfs is unlikely to track instance UUID for us17:47
dansmithefried: I think you mean the database17:47
dansmithefried: we don't need to introduce a new persistence mechanism on the host for this as a one-off thing17:47
efrieddansmith: Yeah, that would work :)17:47
dansmithsysfs is ephemeral, so it's definitely not going to help us here :)17:48
efried there would have to be some kind of db manage command to manually clear the state17:48
efriedbecause, like, we can't assume it's clear on a reboot or a compute service startup or whatever.17:48
dansmithit's specifically not supposed to be clear on reboot17:49
efriedit's supposed to be: purge, reboot, now it's clear so manually say it's clear.17:49
dansmithand if you're suggesting that we hand out tpms to an instance, and then when that instance is deleted, we're stuck until the operator manually clears the tpm and then frees it up with a manage command,17:49
dansmiththat's crazypants17:49
efriedyup, it would have to be that.17:49
efriedAnd I agree.17:49
dansmiththat's implementing half a feature because some guy asked for it and is fine with the manual cleanup17:49
dansmithI'm -5 on that17:49
efried(my earlier estimate of -many wasn't too far off then)17:50
efriedyeah, the right way to do this is vTPM17:50
efriedbut as currently implemented that's not secure because the Master Key is stored on the hypervisor's disk.17:50
dansmithyeah, solving it properly is making that more reasonable I think17:51
dansmithwhich seems quite doable17:51
efriedThey're figuring out some way around that in qemu, but it hasn't happened yet, so this was an attempt to work around it until that's available.17:51
dansmithmmhmm17:51
*** gyee has quit IRC17:52
efriedSo jroll, it's really looking like this isn't going to happen, upstream, in this way. If there's enough $motivation$ to make it happen downstream anyway, let me know and I can advise a bit on the nova-isms and placement-isms that would need to be hacked together.17:53
jrollefried: thanks17:54
*** amodi has joined #openstack-nova17:55
efriedadrianc: whoops, https://review.opendev.org/#/c/659101/ is in merge conflict now. Since you're going to need a new PS anyway, want to take care of those couple of nits?17:56
*** gyee has joined #openstack-nova18:06
*** luksky has joined #openstack-nova18:08
openstackgerritStephen Finucane proposed openstack/nova-specs master: Add 'flavor-extra-spec-image-property-validation-extended' spec  https://review.opendev.org/63873418:09
* cdent giggles every time he sees "Master Key"18:09
stephenfinefried: Tackled those comments on the extra spec validation spec. Lemme know if what I want to do wrt key validation is not clearer now18:13
*** igordc has joined #openstack-nova18:13
* stephenfin -> 🏉18:14
efriedack18:14
*** cdent has quit IRC18:17
*** markguz_ has joined #openstack-nova18:22
markguz_hi all. Anyone out there got any experience with using NPIV and pci passthrough for share Fiber Channel HBAs amongst vms?18:22
markguz_i want to share the VFs but am not really clear on how it might be done.18:23
markguz_most if not all of the docs seem to focus on networking virtual functions18:23
markguz_there is a type=VF but i'm not clear how to share the vport18:28
openstackgerritEric Fried proposed openstack/nova-specs master: Add PENDING vm state  https://review.opendev.org/64868718:34
openstackgerritLee Yarwood proposed openstack/nova master: libvirt: Add a rbd_connect_timeout configurable  https://review.opendev.org/66742118:38
*** hongbin has joined #openstack-nova18:44
openstackgerritEric Fried proposed openstack/nova master: [FUP] Follow-up patch for SR-IOV live migration  https://review.opendev.org/65910118:52
efriedadrianc: ftfy ^18:54
efriedstephenfin: if you're still around, trivial re+A ^18:54
*** xek has quit IRC19:08
openstackgerritMerged openstack/nova-specs master: Add PENDING vm state  https://review.opendev.org/64868719:09
openstackgerritMatt Riedemann proposed openstack/nova master: Update COMPUTE_STATUS_DISABLED from set_host_enabled compute call  https://review.opendev.org/66874319:14
mriedemdansmith: could use another opinion here https://review.opendev.org/#/c/668743/1/nova/compute/manager.py@504719:20
dansmithmriedem: do I need to read it or can I just give you an opinion?19:23
mriedemlike, cats > dogs?19:23
mriedemsure19:23
dansmithpizza > cookies19:24
mriedemi'd agree with that19:24
mriedemhttps://sallysbakingaddiction.com/chocolate-chip-cookie-pizza/19:24
mriedema love child19:24
*** panda has quit IRC19:27
dansmithmriedem: okay I'm not sure I get it19:28
dansmithwe have this set_host_enabled call already yeah?19:28
dansmithand the base virt driver does what when you call it? raise not implemented?19:29
mriedemyes, only used by the os-hosts api which was deprecated in 2.43 and only implemented by the xenapi driver19:29
mriedemyes19:29
*** maciejjozefczyk has quit IRC19:29
dansmithoh, I see, different from service disable yeah?19:29
mriedemyes,19:29
dansmithright right, okay19:29
mriedembut i'm going to use it for service disable/enable in the api change19:29
dansmithyeah19:29
dansmithso,19:29
*** panda has joined #openstack-nova19:30
dansmiththe thing you're concerned about is replicating the 501 "this thing doesn't support that" case for libvirt and v2.1?19:30
mriedemit's a minor concern, but yeah19:30
dansmithI guess I'm not sure why that matters.. the fact that libvirt does or doesn't support the thing has nothing to do with microversion 2.1 (or any version)19:30
mriedemthe version really only matters b/c the api no longer works with 2.43+19:31
mriedemfor any driver19:31
dansmithokay but.. why does it matter if someone calls it with v2.1 on libvirt and it works?19:31
mriedembecause it's a behavior change...19:31
dansmithit's not19:31
dansmithit's an implementation detail19:31
dansmithif the thing (which the user can't see) supports it, it works, and if not it's 50119:32
mriedemor 400 if i just return None19:32
dansmiththey can't see that libvirt didn't support it before, got a 501, and that either now it does support it, or some other driver is being used19:32
mriedemin this case the user == admin anyway,19:33
mriedemso another reason why it's a minor concern for me19:33
dansmithright, but this is not necessarily an admin user that has visibility into the hypervisor details19:33
*** _mlavalle_1 has joined #openstack-nova19:33
dansmiththis could be a level-1 lab monkey that needs to disable a host to go blow dust out of the fans or something19:34
dansmithanyway, just saying I don't think we should tie behavior of a microversion to a version of the implementation underneath when the behavior and semantics haven't changed19:34
mriedemsure. if you don't think anything needs to change that's fine with me. would appreciate a comment in the review for if/when someone comes along saying it's a change.19:35
mriedemalso note the api ref is pretty clear to not use that api https://developer.openstack.org/api-ref/compute/?expanded=update-host-status-detail#update-host-status19:35
dansmithwill19:35
*** mlavalle has quit IRC19:37
*** ivve has joined #openstack-nova19:40
openstackgerritLee Yarwood proposed openstack/nova master: libvirt: Remove unreachable native QEMU iSCSI initiator config code  https://review.opendev.org/66875019:46
*** factor__ has joined #openstack-nova19:54
*** bnemec has quit IRC19:54
*** icarusfactor has quit IRC19:56
*** mmethot has quit IRC20:04
*** mmethot has joined #openstack-nova20:05
openstackgerritMatt Riedemann proposed openstack/nova master: Add placement request pre-filter compute_status_filter  https://review.opendev.org/66875220:07
*** bnemec has joined #openstack-nova20:07
*** factor__ has quit IRC20:14
*** eharney has quit IRC20:15
*** factor has joined #openstack-nova20:16
*** factor has quit IRC20:18
*** factor has joined #openstack-nova20:24
*** tssurya has joined #openstack-nova20:37
openstackgerritMatt Riedemann proposed openstack/nova master: Refactor HostAPI.service_update  https://review.opendev.org/66875620:42
*** psachin has quit IRC20:42
melwittefried, jroll, dansmith: fwiw, an idea we had when I chatted with penick about the TPM thing was tracking the "TPM availability" outside of placement using a scheduler filter and a new compute stat. the compute stat would be something like 'tpm_project_id' and defaults to None. and the scheduler filter passes a host only if 'tpm_project_id' is None or matches project_id [if a tpm is requested]. and then in nova-compute, set20:50
melwitt 'tpm_project_id' compute stat to the project_id when a tpm request lands on the host. and the 'tpm_project_id' stat gets cleared during init_host20:50
*** evrardjp has quit IRC20:51
efriedmelwitt: Except for that last bit. Having restarted the compute service does *not* mean the TPM is clear and ready for use by someone else. The only way we can know that bit is if the admin tells us so.20:51
melwittthe only caveat I was thinking here is that init_host doesn't guarantee a reboot happened20:52
efriedjust so20:52
melwittyeah20:52
efriedand a reboot doesn't guarantee the TPM was cleared.20:52
*** evrardjp has joined #openstack-nova20:52
melwittoh, ok, I didn't know that or misunderstood20:52
sean-k-mooneyis there any reason we cant wipe the tpm directly when we delete a vm that is using it20:52
efrieda reboot is required, but not sufficient. You had to have done some kind of purgey command prior20:53
melwittsean-k-mooney: from what penick said, that is not possible20:53
melwittefried: I see20:53
sean-k-mooneyefried: is a reboot requried or can we do a device reset20:53
sean-k-mooneyi have not looked into it but i know fo bios based gpus a reboot was required20:53
efriedI don't know whether "purgey command" is "device reset" or what, but you have to reboot the host for it to be reusable.20:54
sean-k-mooneyfor uefi based gpus a deivce reset was enough20:54
sean-k-mooneyit could depend on the type of tpm you have20:54
sean-k-mooneythere are several diffeerent tpm types20:54
efriedhow would we know?20:54
sean-k-mooneythat are connect over different buses20:54
*** ttsiouts has joined #openstack-nova20:55
mriedemsure sounds like hardware management that nova shouldn't be doing...20:56
sean-k-mooneyim not sure https://en.wikipedia.org/wiki/Trusted_Platform_Module#TPM_implementations20:56
sean-k-mooneyi think descret tp0ms and maybe the integrated tpm in the intel chips set can be passthed through20:57
sean-k-mooneythe firware and software one obviosly cant be20:57
efriedmriedem, melwitt: in case y'all weren't silently following along, here's the earlier conversation with jroll and dansmith: http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-07-02.log.html#t2019-07-02T17:30:5620:57
mriedemefried: i saw it20:57
mriedemand agreed with the -5 comment20:58
efriedk20:58
*** mmethot has quit IRC20:58
melwittefried: yeah, I mentioned what I did bc I read it20:58
efriedk20:58
efriedthanks for the followup20:58
melwittat the very least for any potential downstream-only endeavor20:58
*** pcaruana has quit IRC20:58
*** mmethot has joined #openstack-nova20:58
*** eharney has joined #openstack-nova20:59
sean-k-mooneyi takeign booting windows to run the clear-tpm powershell commadn is not a thing we cand do :) https://docs.microsoft.com/en-us/powershell/module/trustedplatformmodule/clear-tpm?view=win10-ps20:59
sean-k-mooneyits rare that all the hits i get in google are for windows21:00
melwittif there were a way we could query the tpm device to know whether it's clear/ready, then IMO it seems similar enough to pci passthrough and not so bad21:00
melwittbut since there's not, then I agree it doesn't fit21:00
sean-k-mooneyapparent there is a tpm_clear command21:01
mriedemwe have also done a poor job at times of tracking allocated pci devices21:01
sean-k-mooneyjust reading https://resources.infosecinstitute.com/linux-tpm-encryption-initializing-and-using-the-tpm/#gref21:02
openstackgerritMerged openstack/nova stable/rocky: libvirt: Rework 'EBUSY' (SIGKILL) error handling code path  https://review.opendev.org/66743621:02
mriedeme.g. https://review.opendev.org/#/q/I6e871311a0fa10beaf601ca6912b4a33ba4094e021:02
melwittaye21:02
sean-k-mooneyit looks like clearing the tpm makes it unowned and disablses it which requries a reboot to fix21:03
melwittyeah, that's what efried was saying earlier. it's a two-step deal21:03
sean-k-mooneyya diging a bit deeper it looks like linux cant actully clear teh tpm its self for security reason and its actully the uefi on reboot that is clearing it21:06
*** rdopiera has quit IRC21:06
sean-k-mooneyso ya based on that i think this is a non starter21:06
sean-k-mooneywe we need to do is impove qemu to make vTPM more secure by not storign the encryption key on the host21:07
sean-k-mooneyperhaps by storign it in the host tpm21:07
sean-k-mooneyor barbacan or some other keystore21:07
melwittyeah, qemu enhancement is needed. I'm not sure if that's on their radar already. could ask kashyap maybe21:08
efriedit is21:09
efriedjust not going to be ready in time for T21:10
melwittah ok21:10
*** ivve has quit IRC21:10
*** eharney has quit IRC21:22
*** bnemec has quit IRC21:25
*** bnemec has joined #openstack-nova21:27
sean-k-mooneyefried: gibi so have we talked about how we handel move operations for the encryped image spec https://review.opendev.org/#/c/608696/8/specs/train/approved/image-encryption.rst@28521:31
sean-k-mooneyi would be in faovr of supporting this as an experimenal feature without them but im hopping at least cold migraiton and live migration might work21:32
sean-k-mooneyrescue,shelve and cross cell resize might be tricker21:33
sean-k-mooneyif we have snapshot working it shoudl be possibel to support them however21:33
efriedsean-k-mooney: I wouldn't expect this to affect lifecycle operations21:33
efriedbecause the change is in the image processing layer21:34
sean-k-mooneywell for rescuse we are temporaily booting the instance with a different image but we still need to be able to decypt its disks21:34
efriedThe disk is not encrypted at that point.21:34
efriedthis isn't like LUKSing the boot disk.21:35
sean-k-mooneyand for shelve/cross cell resize we need to ensure we create encrypted snapshots for encrypted instances21:35
efriedThis is encrypting it in glance. It gets decrypted when it's copied into the instance's storage.21:35
sean-k-mooneythe instaces storage is also encrypted21:35
sean-k-mooneyits not stored decyped on the compute node21:35
efriedum21:35
efriedthen I wildly misunderstood the spec21:36
sean-k-mooney"Using encrypted storage backends for volume and compute hosts in conjunction21:36
sean-k-mooneywith direct data transfer from/to encrypted images can enable workflows that21:36
sean-k-mooneynever expose an image's data on a host's filesystem.21:36
sean-k-mooney"21:36
efriedright, but "using encrypted storage backends" is not part of this spec21:37
efriedthat's already supported21:37
*** maciejjozefczyk has joined #openstack-nova21:37
*** ttsiouts has quit IRC21:37
sean-k-mooneyright but that means on the host the iamge is still encrypted as its streamed into an encpted file21:38
sean-k-mooneyso when you do a nova rescue and you boot form a different image you still need to pass the encyption key to qemu so it can open that encypted file a use it21:39
efriedNot "still encrypted". decrypted to clear, then re-encrypted with a different key (and possibly a different algorithm, etc)21:39
efriedso yes, *if* your storage backend is encrypted, regardless of whether you're using *image* encryption (this feature), then you'll need to manage slinging keys around.21:40
sean-k-mooneythe decypted to clear happens in memory. but when i was referign to still encrypted i ment after it was re encrypted21:40
efriedI'm saying they're separate and unrelated.21:40
sean-k-mooneyok so long as that all works that is cool21:40
efriedI think21:40
sean-k-mooneyi just was suprised that it was never mention in the spec21:40
sean-k-mooneyi could cahcne my +1 to a -1 i guess until josephine seifert replies to confirm but i whould have expect this to at least be mentioned in the spec if all it was is "it jsut works"21:43
*** maciejjozefczyk has quit IRC21:47
*** tssurya has quit IRC21:50
*** Kevin_Zheng has quit IRC22:06
*** luksky has quit IRC22:06
mriedemdansmith: you know how this set_host_enabled is a blocking rpc call? if this is an ironic compute service managing 1000 compute nodes (1000 resource providers) and we have to sync the trait on all of them, i'm not sure if that would take more than 60 seconds but it might - thinking this change should use the long_rpc_timeout for that call now - agree?22:12
*** ttsiouts has joined #openstack-nova22:16
*** ttsiouts has quit IRC22:21
mriedemweee looks like the gate is crapping itself too atm22:21
openstackgerritMerged openstack/nova-specs master: Policy Default Refresh spec  https://review.opendev.org/54785022:23
*** BjoernT has quit IRC22:23
dansmithmriedem: yeah makes sense to make it a long rpc call22:26
dansmithmriedem: even for the single compute case, if placement is bogged or something, we could still take a while to set the trait22:26
openstackgerritMerged openstack/nova stable/queens: Restore connection_info after live migration rollback  https://review.opendev.org/66247122:31
mriedemmelwitt: can you hit this remaining queens backport? https://review.opendev.org/#/c/629597/22:35
* melwitt clicks22:36
openstackgerritMerged openstack/nova-specs master: Spec: Use OpenStack SDK in Nova  https://review.opendev.org/66288122:47
sean-k-mooneyheh if only the rest of the repo had a 10 minute merge trun around time22:50
*** panda has quit IRC22:52
*** panda has joined #openstack-nova22:59
*** tkajinam has joined #openstack-nova23:02
*** _mlavalle_1 has quit IRC23:06
*** hongbin has quit IRC23:06
openstackgerritMatt Riedemann proposed openstack/nova master: Sync COMPUTE_STATUS_DISABLED from API  https://review.opendev.org/65459623:06
mriedemit is done https://review.opendev.org/#/q/topic:bp/pre-filter-disabled-computes+(status:open+OR+status:merged)23:07
*** slaweq has quit IRC23:07
openstackgerritMerged openstack/nova-specs master: Libvirt: add vPMU spec for train  https://review.opendev.org/65126923:08
sean-k-mooneymriedem: as in you have split it out int different patches and its now ready for review?23:09
mriedemhells yeah23:09
mriedemit's glorious23:09
sean-k-mooneycool im poking at similar code for my own prefilter stuff so ill see if ther are any trick i shoudl "borrow" form my onw stuff23:10
sean-k-mooneymriedem: did you drop the custom trait stuff since os-tratis 1.15 is released23:10
mriedemyes23:11
mriedemtechnically efried did that for me23:11
sean-k-mooneycool23:11
*** markguz_ has quit IRC23:13
*** mriedem has quit IRC23:20
*** jdillaman has quit IRC23:58
« Monday, 2019-07-01 Index Wednesday, 2019-07-03 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!