Thursday, 2020-11-19

« Wednesday, 2020-11-18 Index Friday, 2020-11-20 »
*** k_mouza has joined #openstack-nova00:00
*** k_mouza has quit IRC00:05
*** tosky has quit IRC00:14
*** LinPeiWen46 has joined #openstack-nova00:36
*** openstackgerrit has joined #openstack-nova00:42
openstackgerritBrin Zhang proposed openstack/nova-specs master: Re-proposes 'Proposal for a safer remote console with password authentication  https://review.opendev.org/75982800:42
*** csatari has quit IRC00:57
*** csatari has joined #openstack-nova01:00
openstackgerritBrin Zhang proposed openstack/nova-specs master: Remove tenant_id  https://review.opendev.org/73724101:07
openstackgerritBrin Zhang proposed openstack/nova-specs master: [Trivial] update the upgrade release goal  https://review.opendev.org/76329401:10
*** sapd1 has quit IRC01:15
*** spatel has joined #openstack-nova01:19
*** spatel has quit IRC01:23
*** martinkennelly has quit IRC01:25
*** gyee has quit IRC01:38
*** macz_ has quit IRC02:08
*** hamalq has quit IRC02:09
*** zzzeek has quit IRC02:17
*** zzzeek has joined #openstack-nova02:19
*** rcernin has quit IRC02:22
*** rcernin has joined #openstack-nova02:26
*** jobewan has joined #openstack-nova02:29
*** zzzeek has quit IRC02:35
*** zzzeek has joined #openstack-nova02:36
*** mkrai has joined #openstack-nova02:50
*** swp20 has joined #openstack-nova03:03
*** xinranwang has joined #openstack-nova03:12
*** mkrai has quit IRC03:14
*** mkrai_ has joined #openstack-nova03:14
*** macz_ has joined #openstack-nova03:20
*** macz_ has quit IRC03:25
*** Yumeng has joined #openstack-nova03:54
*** vishalmanchanda has joined #openstack-nova04:30
*** mkrai_ has quit IRC04:49
*** mkrai__ has joined #openstack-nova04:49
*** dklyle has quit IRC04:57
*** macz_ has joined #openstack-nova05:02
*** macz_ has quit IRC05:06
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-nova05:33
*** yingjisun has joined #openstack-nova05:46
*** k_mouza has joined #openstack-nova06:01
*** JamesBenson has quit IRC06:03
*** JamesBenson has joined #openstack-nova06:04
*** k_mouza has quit IRC06:06
*** ratailor has joined #openstack-nova06:08
*** JamesBenson has quit IRC06:09
*** JamesBenson has joined #openstack-nova06:15
*** ninad has joined #openstack-nova06:19
ninadHi06:20
ninad I am using linuxbridge for the neutron services and follow the installation guide as documented but during manila instance creation I am getting [Errno 113] EHOSTUNREACH _test_server_connection06:20
ninadcan someone please help me?06:21
*** hamalq has joined #openstack-nova06:25
*** macz_ has joined #openstack-nova06:29
*** macz_ has quit IRC06:34
*** ninad has quit IRC06:35
*** mkrai__ has quit IRC06:49
*** mkrai__ has joined #openstack-nova06:52
*** swp20 has quit IRC06:55
*** swp20 has joined #openstack-nova06:57
*** slaweq has joined #openstack-nova07:01
*** yingjisun_ has joined #openstack-nova07:12
*** yingjisun has quit IRC07:12
*** yingjisun_ is now known as yingjisun07:12
*** mkrai__ has quit IRC07:34
*** ralonsoh has joined #openstack-nova07:43
*** Yumeng has quit IRC07:46
*** bhagyashris|off is now known as bhagyashris07:55
openstackgerritJorhson Deng proposed openstack/nova master: To deal instance with soft-deleting in _init_instance  https://review.opendev.org/76126407:58
*** mkrai__ has joined #openstack-nova08:01
*** rpittau|afk is now known as rpittau08:03
openstackgerritJorhson Deng proposed openstack/nova master: To deal instance with soft-deleting in _init_instance  https://review.opendev.org/76126408:06
*** andrewbonney has joined #openstack-nova08:10
*** tesseract has joined #openstack-nova08:18
*** hamalq has quit IRC08:28
*** rcernin has quit IRC08:37
*** ircuser-1 has quit IRC08:38
*** tosky has joined #openstack-nova08:44
*** lpetrut has joined #openstack-nova08:47
*** yingjisun has quit IRC08:51
*** mgoddard has joined #openstack-nova08:58
*** xek has joined #openstack-nova08:59
*** mlavalle has quit IRC09:09
*** mlavalle has joined #openstack-nova09:12
lyarwoodaarents: apologies, had a fun day downstream yesterday, your test changes LGTM, I missed that you had already pulled in the devstack change within the tempest change so assuming it's still passing this should be good to go now.09:24
*** hamalq has joined #openstack-nova09:29
aarentslyarwood: many thanks, I just repush with nit fix sugested by gmann09:31
*** hamalq has quit IRC09:34
*** ociuhandu has joined #openstack-nova09:41
*** dtantsur|afk is now known as dtantsur09:41
*** k_mouza has joined #openstack-nova09:57
*** jangutter_ has quit IRC10:01
*** jangutter has joined #openstack-nova10:02
*** hamalq has joined #openstack-nova10:07
*** jangutter_ has joined #openstack-nova10:11
*** xinranwang has quit IRC10:11
*** hamalq has quit IRC10:11
*** jangutter has quit IRC10:14
*** luksky has joined #openstack-nova10:18
stephenfinsean-k-mooney: I think there's something broken in https://review.opendev.org/#/c/602432/. It appears grenade hasn't passed on that for the last couple of revisions. Haven't gone diving through logs yet10:21
*** gibi_away is now known as gibi10:25
*** hamalq has joined #openstack-nova10:27
*** hamalq has quit IRC10:32
*** ociuhandu has quit IRC10:36
*** mkrai__ has quit IRC10:40
*** ociuhandu has joined #openstack-nova10:43
*** xek_ has joined #openstack-nova10:45
*** xek has quit IRC10:45
*** swp20 has quit IRC10:47
*** mkrai__ has joined #openstack-nova10:48
*** bnemec has quit IRC11:00
*** bnemec has joined #openstack-nova11:01
*** ociuhandu has quit IRC11:08
*** hamalq has joined #openstack-nova11:09
openstackgerritJorhson Deng proposed openstack/nova master: To deal instance with soft-deleting in _init_instance  https://review.opendev.org/76126411:13
*** hamalq has quit IRC11:14
openstackgerritLee Yarwood proposed openstack/nova master: zuul: Add devstack-plugin-ceph-compute-local-ephemeral to experimental  https://review.opendev.org/74322011:14
*** ratailor_ has joined #openstack-nova11:18
*** ratailor has quit IRC11:21
*** swp20 has joined #openstack-nova11:23
*** ociuhandu has joined #openstack-nova11:28
*** tkajinam has quit IRC11:29
*** tkajinam has joined #openstack-nova11:30
*** hamalq has joined #openstack-nova11:30
*** hamalq has quit IRC11:35
*** ociuhandu has quit IRC11:41
*** ociuhandu has joined #openstack-nova11:42
sean-k-mooneystephenfin: if we were to go from new to old i guess it would break11:45
sean-k-mooneythe xml would be generated on the souce with type ethernet11:46
sean-k-mooneyand the os-vif on the dest would be a noop11:46
sean-k-mooneyso nothing would plug the interface11:46
*** macz_ has joined #openstack-nova11:46
*** ratailor_ has quit IRC11:46
*** mkrai__ has quit IRC11:47
sean-k-mooneythe singel node grenade have been passing but not multinode11:48
sean-k-mooneythe only way i think of to fix that is to first backport the neutron change then flip the default for the option in os-vif/depercate it for removal and backport that too before we merge on master11:50
sean-k-mooneyand i would then have to keep backporting the neutron and os-vif patches first for every release.11:50
*** hamalq has joined #openstack-nova11:51
*** macz_ has quit IRC11:51
sean-k-mooneystephenfin: lyarwood ^ is there a better way around that11:51
* lyarwood reads back11:54
*** hamalq has quit IRC11:56
lyarwoodsean-k-mooney: we shouldn't be going from new to old in the tests right?12:06
lyarwoodsean-k-mooney: only old to new, or is that not defined in grenade12:07
sean-k-mooneywe do live migration back and fort12:07
sean-k-mooneyin the multi node job12:07
stephenfinsean-k-mooney: You could make this dependent on a service version check12:08
sean-k-mooneynot really i would have to keep changin it12:08
stephenfinwhy? Once everything's on Wallaby with a suitably new version of os-vif, we're good, no?12:08
sean-k-mooneyi thory this should go to osp 10 so all the way back to queens12:08
stephenfinah12:08
sean-k-mooneyim thinking of stoping at train to be honest12:09
sean-k-mooneybut it defiently needs to be backported a few releases12:09
stephenfin(osp 10 is newton, fwiw)12:09
sean-k-mooney... of course it is12:09
sean-k-mooneysince its related to a security issue we are still ment to backport it althou technically i guess 13 would be enough at this point12:10
stephenfinwhat you've proposed would require os-vif be upgraded before nova, right? I don't think we can count on that12:10
stephenfin*os-vif and neutron12:10
sean-k-mooneywithout the neturon patch you just get erros in the neutron logs but it fixes its self12:11
sean-k-mooneythe os-vif change however would be needed first ya12:11
*** hamalq has joined #openstack-nova12:12
sean-k-mooneylyarwood: https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_ff2/602432/26/check/nova-grenade-multinode/ff2bd9a/logs/new/tempest_conf.txt12:13
sean-k-mooneylive_migrate_back_and_forth = True12:13
sean-k-mooneythat is why its failing12:13
gibistephenfin: do you have a lauchpad bp filled for this? https://review.opendev.org/#/c/75510912:14
*** raildo has joined #openstack-nova12:14
sean-k-mooneyits off in live migration job and that all the new version so it passes the https://zuul.opendev.org/t/openstack/build/e2fa8ae7802f41309877b537f51ba660/log/controller/logs/tempest_conf.txt#7612:14
stephenfingibi: I though I did but I'm not sure12:14
* stephenfin checks12:14
gibithe bp link in the specs does not seem to work for me12:14
sean-k-mooneyya cant find it either12:16
*** hamalq has quit IRC12:16
sean-k-mooneybut it should be a simple copy past of the into section12:16
stephenfingibi: Didn't look like it. Apologies. Have created one now https://blueprints.launchpad.net/nova/+spec/modernize-os-hypervisors-api12:17
gibithanks12:17
* gibi doing the paperwork12:17
sean-k-mooneyweird i cant add the spec via the spec link so i put it in the whiteborad12:19
sean-k-mooneyi tought i could do that once i was on the bug team but i guess not12:19
*** ociuhandu has quit IRC12:22
gibisean-k-mooney: I guess we edited the whiteboard in parallel and my change overwrote yours, sorry.12:28
sean-k-mooneyno launchpad gave me a permission error12:30
gibiinteresting, I got the following mail from launchpad12:31
gibiBlueprint changed by sean mooney:12:31
gibiWhiteboard set to:12:31
gibispec: https://review.opendev.org/#/c/75510912:31
gibiso at least some part of your update went through12:31
*** hamalq has joined #openstack-nova12:34
openstackgerritMerged openstack/nova-specs master: [Trivial] update the upgrade release goal  https://review.opendev.org/76329412:34
*** kevinz has joined #openstack-nova12:36
*** hamalq has quit IRC12:39
*** zzzeek has quit IRC12:45
*** martinkennelly has joined #openstack-nova12:46
*** zzzeek has joined #openstack-nova12:47
*** ociuhandu has joined #openstack-nova12:52
lyarwoodsean-k-mooney: sorry had to go afk12:55
lyarwoodsean-k-mooney: so old to new works, it's just new to old that's failing right?12:56
sean-k-mooneylyarwood: yep12:57
lyarwoodsean-k-mooney: do we care in that case, I know we don't downstream12:57
sean-k-mooneynew to old nova uses type  ethernet12:57
*** ociuhandu has quit IRC12:57
sean-k-mooneybut does not tell os-vif to plug the interface by passing crate-port=true12:57
sean-k-mooneywell once i do the backport it will alos work but we do allow rolling upgrades12:58
sean-k-mooneyso we kind of do care yes12:58
lyarwoodyeah I was thinking of major upgrades where we don't allow you to return to the older computes12:58
lyarwoodminor upgrades I guess do allow this12:58
sean-k-mooneyya i would basiclaly need to know the version of nova on the dest13:00
sean-k-mooneybut i cant just do a normal compute service check if im backporting13:00
lyarwoodcould we use something in migrate_data?13:00
lyarwoodlike I did with LUKS volumes13:00
* lyarwood finds a reference13:00
sean-k-mooneywe coudl if we dont change the object13:01
sean-k-mooneyi could stash something in the port profile or something13:01
sean-k-mooneybut i then need to supprot both  in the code13:01
lyarwoodhttps://github.com/openstack/nova/blob/60071a2c83ad1d7ed6fd50f8af0bb4d92aa84bea/nova/virt/libvirt/driver.py#L9301-L931113:01
sean-k-mooneyi ripped out the bridge way of doing things so would have to put it back in13:02
lyarwoodthat's not the best example as it does need an object change13:02
sean-k-mooney ya but i get the point13:02
lyarwoodbut yeah if the src can look for something stashed in there it might help13:02
sean-k-mooneyi could put it into one of the unversioned dict of string fields13:02
sean-k-mooneyya so stash it n pre-live-migrate13:03
sean-k-mooneyand read it on the souce when updating the xml13:03
sean-k-mooneyok ill have to think about it13:03
sean-k-mooneyi know more or less how to do that but need to find where makes the most sense13:04
lyarwoodkk13:04
sean-k-mooneyim thing in here https://github.com/openstack/nova/blob/master/nova/objects/migrate_data.py#L30-L5913:04
sean-k-mooneyprobaly the profile_json13:05
sean-k-mooneysince nova owns that13:05
sean-k-mooneythat is what is stored in the vifs filed of the liveMigrateData13:05
sean-k-mooneyhttps://github.com/openstack/nova/blob/master/nova/objects/migrate_data.py#L15413:05
lyarwoodkk13:06
lyarwoodyeah that could work13:06
lyarwoodand you would want to populate that on the dest btw13:06
lyarwoodif it isn't set or True then the source would wire things up in the legacy way13:07
sean-k-mooneywe are doing it here too https://review.opendev.org/#/c/738432/13:07
sean-k-mooneylyarwood: yep13:07
lyarwoodand then once it's backported you can remove the logic in the next release13:08
sean-k-mooneyyes we coudl drop i in X13:08
lyarwoodX, not W to be clear13:08
lyarwoodyeah13:08
lyarwoodmigrate_data hackarounds ftw!13:09
sean-k-mooneyim just glad we still have some dict of string fields in them or we would have to use system metadata which would be a pian13:09
sean-k-mooneyor just not backport i guess13:10
sean-k-mooney in theory master should always be deployable and upgradeable however so we should fix this13:10
sean-k-mooneypatchset 27 it is13:10
*** rpittau is now known as rpittau|brb13:16
sean-k-mooneystephenfin: melwitt: lyarwood: summerised this in a toplevel comment on the review13:18
lyarwoodsean-k-mooney: ack thanks, LGTM13:19
*** ociuhandu has joined #openstack-nova13:24
*** nweinber has joined #openstack-nova13:32
*** hamalq has joined #openstack-nova13:40
sean-k-mooneyjohnthetubaguy: if you see this are you working on unified limits this cycle or did you say you wont have time?13:41
sean-k-mooneyjohnthetubaguy: just basically wondering since i dont think i have seen the spec repoposed althoguh i might have missed it13:41
*** hamalq has quit IRC13:45
*** liuyulong has joined #openstack-nova14:00
*** ociuhandu has quit IRC14:02
*** ociuhandu has joined #openstack-nova14:02
*** tbachman has joined #openstack-nova14:30
*** liuyulong has quit IRC14:33
*** ociuhandu has quit IRC14:39
f0oHi, I've a question about passwords in nova. On Horizon I keep getting that the password is not set. Which config option in nova.conf do I need to make it create a password? I see `#password_length=12` and `#enable_instance_password=true` in the default config, are these values not the default ones?14:40
sean-k-mooneyf0o: they might be but password injection only work if you have the qemu guest agent14:42
sean-k-mooneyin general its not recommended to use passwords14:42
f0oI know but windows :/14:43
sean-k-mooneyf0o: yes they are the defaults14:43
sean-k-mooneyyou can use keypairs with windows14:43
sean-k-mooneyyou just dont use ssh keys14:43
sean-k-mooneyyou use x509 certs for winrm14:43
f0oif I read Cloudbase's docs correctly, it does not rely on injection but onyl on the metadata endpoint14:43
*** happyhemant has joined #openstack-nova14:44
f0oI remeber having this working at my previous job (nova+vmware) basically out of the box, now with kvm I cant seem to get a password back14:44
f0oor do I need to enable injection for it to return a password via api?14:45
sean-k-mooneyas i said you need the qemu geust agent for ti to work with libvirt/qemu14:45
f0ok14:45
f0owhat throws me off is:14:45
f0oThe secure and proper way to set passwords in OpenStack Windows instances is by letting Cloudbase-Init generate a random password and post it encrypted on the Nova metadata service.14:45
f0oto me this means that cloud-init in this case is actually not doing it's job because the password is not set. trying to find the issue here since it can be both sides14:46
sean-k-mooneywell the proper way to do it is via user-data yes14:46
sean-k-mooneybut that is different to what those config options do14:46
sean-k-mooneyf0o: https://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/libvirt-set-admin-password.html14:47
sean-k-mooneyhttps://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/libvirt-set-admin-password.html#other-end-user-impact14:48
sean-k-mooneythat is what is missing14:48
sean-k-mooneythis is unrelated to cloudbase-init14:48
openstackgerritMerged openstack/nova master: Add missing exception  https://review.opendev.org/76289814:48
f0oI'm not 100% sure tho14:48
f0obut if they claim that the cloudbase-init creates and shoots the password to nova14:48
*** mgoddard has quit IRC14:48
f0othen injection shouldnt matter14:48
f0oor am I off?14:48
sean-k-mooneyits not using injection and that is not what cloudbae does14:48
sean-k-mooneycloudbase-init just reimplmente cloud-init for windows14:49
sean-k-mooneyit does not interact with nova at all14:49
sean-k-mooneyit just consumes the metadta generated by nova14:49
dansmithgibi: looking through our install docs,14:49
sean-k-mooneyits a one way comunication14:49
f0o>> Cloudbase-Init generate a random password and post it encrypted on the Nova metadata service. << that part is what makes me think it actually attempts to do something tho14:49
sean-k-mooneywe dont allow external things to add metadata that way14:50
dansmithgibi: we already do provide quite a bit of sample config per compute and per "controller", and it's all seemingly duplicated in each doc, and for each distro flavor :/14:50
sean-k-mooneyits not part of the api14:50
f0owell that's a great lie from the vendor then lol14:50
sean-k-mooneythe only way to do that woudl be to set a property on server14:50
sean-k-mooneybut cloudbase-init is only installed in the vm image14:51
*** rpittau|brb is now known as rpittau14:51
sean-k-mooneyit does not know about the openstack its one and has no credentials14:51
sean-k-mooneyso it cant set a property14:51
f0oyeah that's exactly my thoughts as well14:51
lpetrutsorry for stepping in, but you can in fact post changes to the metadata server14:51
f0ohence why I got so massively confused when they write "oh dont worry, we post the password to nova"14:52
lpetruthttps://docs.openstack.org/api-ref/compute/?expanded=replace-metadata-items-detail#replace-metadata-items14:53
f0othanks for the clarifications tho :)14:54
openstackgerritStephen Finucane proposed openstack/nova stable/victoria: Add missing exception  https://review.opendev.org/76338914:54
f0oI thought I was being blind or insane14:54
openstackgerritStephen Finucane proposed openstack/nova stable/ussuri: Add missing exception  https://review.opendev.org/76339014:54
lpetrutcloudbase-init will just encrypt the generated password and post it to http://169.254.169.254/openstack, so you can then retrieve it and decrypt it. IIRC the nova client even accepts a key that decrypts that password.14:55
sean-k-mooneylpetrut: you can i was not aware of that. i tought this was readonly14:56
sean-k-mooneyunless you used the property api. i guess not but i dont think we have any cli commnds for this14:57
openstackgerritElod Illes proposed openstack/nova stable/train: Test for disabling greendns  https://review.opendev.org/76176314:59
lpetrutwell, the idea is that the netron metadata agent is also forwarding POST/PUT requests14:59
lpetrutnot just GET requests to http://169.254.169.254/openstack14:59
bauzasdansmith: around for a RPC question ?14:59
dansmithbauzas: yeah14:59
bauzasdansmith: ack, just wondering why https://review.opendev.org/#/c/761452/ is getting the 6.0 version as the minor version15:00
bauzas" Nov 13 10:14:02.664855 ubuntu-focal-rax-iad-0021755641 devstack@n-api.service[72892]: ERROR nova.api.openstack.wsgi [None req-dbe8b15b-bd32-46ab-93b4-b0097a6a86a3 None None] Unexpected exception in API method: oslo_messaging.rpc.client.RPCVersionCapError: Requested message version, 5.0 is incompatible.  It needs to be equal in major version and less than or equal in minor version as the specified version cap 6.0."15:00
lpetrutsean-k-mooney: so basically each guest can update its own metadata by just sending it to http://169.254.169.254/openstack15:01
sean-k-mooneylpetrut: that might be a bug. i think that was only ment to be updated via the nova api15:01
bauzasdansmith: but I provided an additional endpoint for the v5.0 proxy15:01
dansmithbauzas: well, you haven't implemented 6.0 in the client, but all the servers are reporting that they support 6.0 (via the service version) and everything is new, so it's choosing to use 6.0 but the client doesn't support it, right?15:03
lpetrutsean-k-mooney: fwiw here's where cloudbase-init is sending the password: https://github.com/cloudbase/cloudbase-init/blob/master/cloudbaseinit/metadata/services/httpservice.py#L55-L8015:04
*** mkrai has joined #openstack-nova15:04
dansmithbauzas: remember, the client has to be able to speak both versions as well, depending on the version pin, but it's choosing to speak the new one based on the service version, and you only speak 5.x on the client side right now15:04
bauzasdansmith: sure, but if the client is only supporting 5.0, the server should still accept it given the additional endpoint, nope ?15:04
lpetrutsean-k-mooney: I wouldn't say it's a bug, it allows the guest to communicate back various metadata items. I'm not sure if it's filtered in any way.15:04
dansmithbauzas: yes, but the auto pin will try to configure the client with 6.015:04
sean-k-mooneylpetrut: i see well that is undocumented behavior that they are relying on i think15:04
dansmithbauzas: because everything is new15:05
bauzasdansmith: why this worked then with https://review.opendev.org/#/c/541005/6 ?15:05
*** ociuhandu has joined #openstack-nova15:05
sean-k-mooneylpetrut: unless im mistaken and you can point me to docs or a spec to the controy i dont think that was ever intended to work15:06
dansmithbauzas: were we auto calculating the pin then? we'd have to look at devstack config from back then to know15:06
lpetrutsean-k-mooney: I'm sure I can find some docs on this, checking15:06
bauzasdansmith: maybe, I dunno15:07
*** mgoddard has joined #openstack-nova15:07
sean-k-mooneylpetrut: this is the metadata docs https://docs.openstack.org/nova/latest/user/metadata.html15:09
dansmithbauzas: Nov 13 10:14:02.660873 ubuntu-focal-rax-iad-0021755641 devstack@n-api.service[72892]: INFO nova.compute.rpcapi [None req-dbe8b15b-bd32-46ab-93b4-b0097a6a86a3 None None] Automatically selected compute RPC version 6.0 from minimum service version 5415:10
dansmithbauzas: that's trying to configure rpcapi.py with version 6.0, but it doesn't support that15:10
bauzasdansmith: yup, I understood it15:11
bauzasdansmith: OK, I can try to support 6.0 for the rpcapi15:11
sean-k-mooneylpetrut: that behavior is not descitbe in either the metadata docs or api docs15:12
dansmithbauzas: well, you have to :)15:12
sean-k-mooneylpetrut: when you do that is the metadata stored back to the db15:12
sean-k-mooneythey way it would be if you called the nova api15:12
lpetrutsean-k-mooney: fwiw, here's an explicit handler for "POST": https://github.com/openstack/nova/blob/master/nova/api/metadata/password.py#L6215:12
sean-k-mooneylpetrut: right that is for the nova api15:12
sean-k-mooneyit supproted if you call the nova api with an authenicated token15:13
sean-k-mooneybut doing it form the guest vai the 169 adress is not as far as i know15:13
lpetrutnope, that specific request doesn't require a token15:14
lpetruthttps://github.com/openstack/nova/blob/master/nova/api/metadata/base.py#L214-L22515:14
sean-k-mooneyso this is something ill have to bring up with the security team15:14
sean-k-mooneywe have discussed it publicly at this point but its potentially an issue15:15
lpetrutfrom what I can tell, the guest can only update specific fields, the password being one of them15:15
*** k_mouza has quit IRC15:15
lpetrutI've just checked, so actually the "password" field is the only one that can be updated15:16
f0osean-k-mooney: actually it seems that /password accepts POST on the metadata service... The issue was that the sshkey used was ECDSA and cloudbase-init went bananas. I get the password posted correctly if I load it up with an RSA key15:16
sean-k-mooneyf0o: ecdsa need a newer version of pycyrptography to work15:17
lpetruttbh I'm a bit surprised that the nova metadata docs don't mention this, this feature has been there since forever (<2014 I think)15:17
sean-k-mooneyas i said im not sure it has been15:17
sean-k-mooneyi think this was unitnetional15:17
sean-k-mooneythere is no spec for it15:18
lpetruthere it is: https://github.com/openstack/nova/commit/a2101c4e7017715af0a29675b89e14ee2884bd8915:18
sean-k-mooneyi checked15:18
lpetrut2012, pre nova specs era :)15:18
*** tosky has quit IRC15:18
sean-k-mooneythis is only nova v1 api behavior15:19
sean-k-mooneyactully no its liberty which is not pre sepecs15:19
lpetrutI guess it seemed simple enough not to mandate a spec, but it's definitely intentional15:20
lpetrutand it's not just nova v115:20
sean-k-mooneylpetrut: we require specs for all api cahnge regradless of how trivial it is15:20
*** mlavalle has quit IRC15:21
sean-k-mooneylpetrut: yes the nova v1 comment was because you said it was pre specs15:21
sean-k-mooneywe have specs for similar feature in libvirt https://specs.openstack.org/openstack/nova-specs/specs/liberty/implemented/libvirt-set-admin-password.html15:21
openstackgerritStephen Finucane proposed openstack/nova stable/train: Add missing exception  https://review.opendev.org/76339315:21
lpetrutoh, got it15:21
*** tosky has joined #openstack-nova15:22
lpetrutI think that libvirt driver feature is slightly different than https://github.com/openstack/nova/commit/a2101c4e7017715af0a29675b89e14ee2884bd8915:22
sean-k-mooneywe are missing an api microverion bump for this too15:23
lpetrutbump the microversion for what?15:23
sean-k-mooneythe metadata api15:23
lpetruthttps://github.com/openstack/nova/commit/a2101c4e7017715af0a29675b89e14ee2884bd89 this is there since 2012 :)15:24
lpetrutit's not something that was added now15:24
sean-k-mooneyyep and it was not documented and did not follow our spec proceducer and did not do an api microverion bump to the metadata api15:24
sean-k-mooneylpetrut: sure imjust not sure it shoudl continue to be supported unless we at least fix the docs15:25
lpetrutwell, just because it wasn't properly documented doesn't mean that it should become unsupported, there are projects relying on it15:25
sean-k-mooneyif its just this field it might be ok. if other fiels can be arbitrally updated then it could be a an issue15:25
lpetrutsean-k-mooney: indeed. well, it's ok, it's just this field15:26
*** tosky has quit IRC15:26
sean-k-mooneylpetrut: not that im aware of other the cloudbase-init15:26
lpetrutwell, since virtually all Windows Openstack instances use it, I'd say breaking it wouldn't be desired, even though it's just one project15:27
*** elod has quit IRC15:27
sean-k-mooneyapparently it was for hyperv https://blueprints.launchpad.net/nova/+spec/hyper-v-metadata-password-post15:27
sean-k-mooneybut it was not appoved15:27
*** elod has joined #openstack-nova15:27
*** k_mouza has joined #openstack-nova15:28
sean-k-mooneythre is no https://blueprints.launchpad.net/nova/+spec/get-password blueprit15:28
sean-k-mooneyoh there is15:28
sean-k-mooneyit did not come up15:28
lpetruthttps://blueprints.launchpad.net/nova/+spec/hyper-v-metadata-password-post seems like an extension of this feature15:28
sean-k-mooneythis was first added as an api extention https://review.opendev.org/#/c/17273/15:29
sean-k-mooneybefore we removed those15:29
sean-k-mooneyso this was nota catully part of the metadata api15:30
sean-k-mooneyit was a vendor extntion https://review.opendev.org/#/c/17273/15/nova/api/openstack/compute/contrib/server_password.py15:30
lpetrutnice. thanks for checking. this was an interesting lesson of Nova history :)15:30
sean-k-mooneyso ya i think we moved it into the metrada service wehn we got rid fo extensions15:31
lpetrutsorry for mentioning the server actions, that's completely unrelated. it took a while since I last had contact with this code so I was a bit confused.15:33
sean-k-mooneyso this changed in liberty15:36
sean-k-mooneythat is when we remvod the contib folder15:37
sean-k-mooneyah it move to legacy_v2 contrib15:38
*** macz_ has joined #openstack-nova15:39
sean-k-mooneyhttps://specs.openstack.org/openstack/nova-specs/specs/newton/implemented/api-no-more-extensions.html15:41
*** dklyle has joined #openstack-nova15:41
sean-k-mooneyso this was deprecated in libvirty and removed in newton15:42
lpetrutyep, API extensions were deprecated but then got included in the nova api15:43
sean-k-mooneythey were not just all accpeted15:44
sean-k-mooneythey needed to be upstreamed15:44
lpetrutmakes sense. well, this specific one is part of the nova tree. seems upstream to me :)15:44
openstackgerritArtom Lifshitz proposed openstack/nova master: WIP: Reproducer for unpinned to pinned resize bug  https://review.opendev.org/76339915:46
sean-k-mooneyit got moved by https://github.com/openstack/nova/commit/003c868da73d84d33fba81ee9b033b8ae321e7ab15:46
artomstephenfin, sean-k-mooney, ^^ sanity check that for me pretty please? I feel like I've missed something obvious15:46
artomAnd yet...15:47
sean-k-mooneywhat are yo trying to check?15:47
sean-k-mooneyunpinned to pinned works fine15:47
stephenfinartom: You need to disable the workaround option15:47
sean-k-mooneyor at least it used too15:47
stephenfinartom: '[workarounds] disable_fallback_pcpu_query'15:48
stephenfinand then it'll fail15:48
sean-k-mooneyah yes15:48
sean-k-mooneyso it uses pcpus15:48
sean-k-mooneyartom: the current behavior with the fallback enabeld is expected15:49
artomstephenfin, can I be lazy and ask you to remind me what the fallback query actually queries for?15:49
artomAh, just VCPUs?15:49
gibidansmith: re: install doc. So those docs could be the place where we define the minimal config. As a first look at leat the compute doc did not ask for a DB config :)15:49
sean-k-mooneyartom: yep vcpus15:49
dansmithgibi: yeah15:49
artomWouldn't it fail on the host though?15:49
sean-k-mooneyartom: no15:49
dansmithgibi: I dunno about you, but I'm not sure that having three separate docs for three separate distro flavors is really necessary,15:49
sean-k-mooneyartom: it should15:50
gibidansmith: I did not diff them but they look similar15:50
stephenfinartom: when that's configured, the scheduler will make a second, fallback request for VCPU inventory, yeah15:50
dansmithgibi: especially since the ubuntu one (at least) already has some stale stuff I can see (not using systemctl)15:50
*** tosky has joined #openstack-nova15:50
sean-k-mooneybut im not sure stephenfin  pach has been merged15:50
dansmithgibi: yeah there are a couple tweaks made to one that aren't in the other, unrelated to distro stuff15:50
*** mkrai has quit IRC15:50
dansmithgibi: having them separate makes that a real likely possibility15:50
stephenfinas for failing on the host, I'm trying to recall...15:50
sean-k-mooneyartom: if they dont have cpu_dedicate_set configure then it should boot on the host15:50
gibidansmith: so we could merge them and just add notes about the destro specific things15:51
sean-k-mooneystephenfin: it should only fail on the host if cpu_dedicated_set is defiend15:51
stephenfinsean-k-mooney: yeah, correct15:51
artomstephenfin, I'd expect virt.hardware to not pin CPUs if neither vcpu_pin_set or cpu_dedicated_set is configured...15:51
stephenfinartom: we can't do that - we'd break upgrades15:51
dansmithgibi: or we could merge them and try to stay out of the distro business15:51
sean-k-mooneyartom: your expectiojn is wrong15:51
sean-k-mooneyyep what stephenfin said15:52
dansmithgibi:  like say "install packages now, probably $ubuntuish or $redhatish"15:52
stephenfinsay you have a user that was using pinned instances before Train. Their host would be reporting VCPU and those pinned instances would be booting whether or not vcpu_pin_set was defined15:52
artomstephenfin, hol'up, maybe that's where I got it wrong15:53
stephenfinafter the upgrade, those hosts will still report VCPU (because 'cpu_dedicated_set' isn't defined), which is why we need the fallback query15:53
artomI assumed if you don't have vcpu_pin_set you can't boot pinned instances...15:53
sean-k-mooneyyou can15:53
artomOr will we just chose any old CPUs?15:53
sean-k-mooneyvcpu_pin_set is nothign to do with pinning15:53
stephenfinnope. That _should_ have been the case, but it wasn't15:53
gibidansmith: yeah, that make sense15:53
sean-k-mooneyits the set of host you can boot a vm on15:53
sean-k-mooney*cpus15:53
sean-k-mooneyif unset its all cpus15:53
stephenfinartom: within the constraints of NUMA, yes15:53
stephenfinpinning means NUMA, which means a guest NUMA node is constrained to a host NUMA node15:54
stephenfinyeah, what sean-k-mooney said15:54
artomAha, thanks for bringing me up to speed15:54
stephenfinI said we should have required it because pinning to e.g. host core 0 isn't a great idea, but there's no relationship between the option and pinning, as sean-k-mooney says15:55
artomWell, there is if it's set :P15:55
artomAre the semantics the same with cpu_dedicated_set? IOW, if that's None, can we still pin to anything?15:55
stephenfinsure, but unpinned instances booted to the same host will be bound to that set too15:55
artomAh, it was just the set of CPUs usable by instances15:56
gibidansmith: having just a controller config enough? or we need a separate scheduler config, conductor config, etc?15:56
stephenfinartom: at the moment, yes, because of upgrade reasons15:56
artomOf any kind15:56
artomI feel like I should know this stuff15:56
stephenfinyes, exactly. Not specific to pinning policy15:56
gibidansmith: like the scheduler only need the API database I guess15:56
dansmithgibi: well, with cells there needs to be some differences, that's why we're here15:56
stephenfinartom: once we drop support for vcpu_pin_set, you'll have to define 'cpu_dedicated_set'15:56
sean-k-mooneyartom: vcpu_pin_set applied to unpinned instance too15:57
sean-k-mooneywe set it in the xml15:57
sean-k-mooneyartom: which si still a gap in live migration by the way15:57
sean-k-mooneywe dont update it for non numa guests15:57
stephenfinI have a draft patch, but I can't submit it because doing so will require removal of the reshape. I'm hoping bauzas gets that offline reshape spec sorted this cycle15:58
bauzasmy spec is still open15:58
sean-k-mooneystephenfin: well you mean once we drop the fallback query15:58
gibinova meeting starts in 1 minute15:59
stephenfinsean-k-mooney: right15:59
sean-k-mooneyonce that is gon you can only boot pinned vms with pcpus15:59
stephenfinwhich we'll do at the same time as we drop vcpu_pin_set15:59
stephenfincorrect15:59
sean-k-mooneyyep15:59
sean-k-mooneybut even removing vcpu_pin_set would not be enough15:59
sean-k-mooneysince without cpu_dedicated_set but with the fallback enabeld you can boot pinned gusts with vcpus16:00
*** ociuhandu_ has joined #openstack-nova16:00
*** vishalmanchanda has quit IRC16:00
sean-k-mooneyso its really the fallback that is imporant16:00
artomsean-k-mooney, oh yeah, I remember the live migration for cpu_shared_set16:01
artomShould get to it, at some point :P16:01
*** ociuhandu has quit IRC16:03
sean-k-mooneyartom: is this reated to a bug or something by the way16:04
sean-k-mooneyor just better testing16:04
artomsean-k-mooney, the whitebox CI failures16:05
artomI haven't managed to reproduce the delete failure16:05
sean-k-mooneyoh well this is not a bug16:05
artom(In functional tests, at any rate)16:05
sean-k-mooneyit might be a missconfiguration or a bug in the white box tests16:05
artomBut it's happening because it's deleting the pinned instance when cpu_dedicated_set is None16:05
artomSo it complains about unpinning CPUs16:05
artomWell...16:05
sean-k-mooneyanytime we define cpu_dedicated_set you should also disable the fallback16:05
sean-k-mooneywe likely are not doing the latter16:06
artomWe don't define it16:06
sean-k-mooneyits enabled by default16:06
artomI mean cpu_dedicated_set16:06
artomWhat I'm seeing is the test_resize_unpinned_server_to_pinned tearDown is failing16:06
artomBecause it can't delete the pinned instance16:06
artomBecause nova.exception.CPUUnpinningInvalid: CPU set to unpin [2, 6] must be a subset of pinned CPU set []16:07
artomAFAICT there's no race or anything, it's just booting the resized pinned instance on the host without cpu_dedicated_set or vcpu_pin_set configured16:07
artomPinning it to 2 random CPUs16:07
artomThen complaining when it can't delete it16:07
sean-k-mooneywell we need delete teh vms before we reconfigure16:08
artomWhich... does kinda smell like a minor bug...16:08
artomWe *don't* reconfigure16:08
artomThis is all without any config changes or service restarts16:08
sean-k-mooneyno i mean im not sure we are waiting for all vms from the previous test to be deleted16:08
artomAFAICT, yes16:09
sean-k-mooneyartom: we should never see nova.exception.CPUUnpinningInvalid: CPU set to unpin [2, 6] must be a subset of pinned CPU set []16:09
sean-k-mooneyif we do it means the config have chagned16:10
sean-k-mooneyor we are hitting the race which stephen fixed16:10
artomBut... what happens in the case of having booted an instance with pinned CPUs on a host without cpu_dedicated_set configured?16:10
artomAnd then deleting that16:10
artomWouldn't we expect that error?16:10
sean-k-mooneyif its still not set its fine16:10
artomOr does it use the database and not the config?16:11
sean-k-mooneyits not vallide to add cpu_dedicate_set to a host with vms16:11
artomI know16:11
artomThat's not what we're doing here16:11
sean-k-mooneycan you point me to the test16:11
artomsean-k-mooney, gmeet? :)16:11
sean-k-mooneysure16:11
artomsean-k-mooney, https://meet.google.com/eqm-jjcx-fjw16:13
sean-k-mooneyim going to make a cup of coffee but say 15 past16:13
sean-k-mooneyill join when i get back16:13
artomTake your time :)16:13
sean-k-mooneyjust back :)16:16
*** evrardjp has quit IRC16:17
*** hamalq has joined #openstack-nova16:20
dansmithgibi: the distro-ness also affects our ability to describe what should go in each config file,16:24
gibidansmith: do you have an example?16:24
*** martinkennelly has quit IRC16:24
dansmithgibi: because the problem on the ML is making all the distro packages work both across multiple nodes, as well as AIO, and currently there's no nova-conductor-cellN vs nova-superconductor service(s)16:25
*** hamalq has quit IRC16:25
dansmithgibi: so I'm not quite sure how to write this to make sense for both16:25
dansmithgibi: I'm going to try, but we'll probably need some input from people like owalsh .. maybe that means we need to use something other than the install doc to describe things, I dunno16:26
dansmithwriting docs is hard :(16:26
gibiso the problem is that distros map packages to services but the nova-conductor package needs to be mapped to two type of services with different config?16:27
dansmithyeah16:27
dansmithand also,16:27
owalshhey16:28
dansmithand this is what he was complaining about,16:28
dansmithnormally they'd all point to nova.conf, assuming they'd be on different hosts,16:28
dansmithbut if they're all on the same host, I'd have to describe changing/overriding unit files to get the right config to conductor vs. api, etc16:28
owalshtkajinam made an important point on the ML. It's not just AIO, it's the typical production deployment of ironic nova-compute16:29
owalshon the same host as nova-api etc...16:29
dansmithowalsh: ack, yeah, that's the same problem, just another reason you might hit it16:30
dansmithowalsh: anyway, what I'm describing above is just that I was going to start working on the config samples in this doc: https://docs.openstack.org/nova/latest/install/controller-install-ubuntu.html16:30
dansmithbut realized that I'll not be able to describe it fully without talking about changing the distro unit files, etc16:30
gibidansmith: so either we start describing deployment scenarios (which feels bad) or start using separate config file name for each service16:31
owalshdansmith: ack, and that's something puppet-nova could do16:31
dansmithgibi: well, I really think we should avoid getting into prescribing config file names for things, because again, that's very very distro and deployment specific,16:32
dansmithgibi: and I think that the suggestion on the ML to standardize those layers a bit actually got us into a more sticky situation16:32
*** mgariepy has quit IRC16:34
gibibut then we need to iterate on at least AIO deployment scenario, Ironic, and a real cellv2 scenario16:34
*** gyee has joined #openstack-nova16:34
gibianyhow I agree that docing this properly is hard16:35
owalshimplementing it in code is no picnic either :-)16:36
*** mgariepy has joined #openstack-nova16:36
gibiowalsh: good point :)16:36
dansmithat the very least, I think we should get rid of the 3x distro-based flavored docs for each16:36
gibi+1 ^^16:36
dansmithmaybe I can just sprinkle some notes in around the configuration bits about service differences, and see if that helps clarity at all16:37
gibiyeah, that could be a good starting point16:37
*** ociuhandu_ has quit IRC16:40
gibidansmith: I don't know if you see this but there are also ~bugs uncovered by these config discussion https://bugs.launchpad.net/nova/+bug/1903908 (thank to owalsh for the report)16:41
openstackLaunchpad bug 1903908 in puppet-nova "nova conf [api]/dhcp_domain is required on nova-compute" [Undecided,New] - Assigned to Oliver Walsh (owalsh)16:41
dansmithI saw that, I'm not sure how I feel about it16:42
dansmithanything that the configdrive code uses will be shared with the metadata api16:42
*** ociuhandu has joined #openstack-nova16:42
*** lpetrut has quit IRC16:42
gibiyeah, I don't like that metadata calls deep into the metadata code16:43
dansmithconfigdrive?16:44
dansmithwell, that's pretty much the whole point of it :)16:44
gibithe gneeration of the config drive16:44
gibibut this result in the code use by two different services16:44
gibiI guess it is just the fact that I associate the the metadata code only to the metadata service and always forget that ther is a dependency to it from the nova-compute16:45
gibiI guess that lead to the fact that we moved the domain config to the [api] section16:46
gibianyhow this is for another day as I have to go offline16:46
gibio/16:46
*** ociuhandu has quit IRC16:48
dansmithack, I'll put this up for discussion in a bit16:49
*** gyee has quit IRC16:50
owalshdansmith: I was going to respond to tkajinam on the ML but I don't really have a response, just a +1 really16:50
dansmithowalsh: okay I guess it's really the same thing anyway16:52
*** rpittau is now known as rpittau|afk16:52
owalshyes, the first point IIUC is if we have nova.conf and nova-cpu.conf, both containing the generated sample config, how do I know where to set option foo?16:52
dansmithif the packages want to use nova-compute.conf for the compute package, that'd solve it, AFAIK16:52
*** ociuhandu has joined #openstack-nova16:52
owalshack, only realistic solution I can see right now, but it's also a bit unpleasant16:55
dansmithwell, nova/ironic has pretty much never fit into nova properly so .. unsurprising that we have this problem16:56
dansmithwe could also just special case the check and not complain if we're using ironic,16:56
dansmithsince we're not on a compromise-able situation16:56
owalshI don't think so, the deb/rpm doesn't know what nova-compute will be used for16:57
owalsh... when it creates the service16:57
dansmithwhat I meant was, the compute package could keep using nova.conf, and if your tool then configures nova.conf for ironic-and-db-creds-because-single-node, nova-compute wouldn't explode when it starts16:59
dansmithit wouldn't solve the AIO case, but it would solve the ironic one16:59
owalshrpm/deb would need a new service unit file e.g "nova-ironic" that uses nova.conf vs nova-compute.conf17:00
dansmithgoing back to the nova-db.conf suggestion.. if we allow the wsgi app to read that, then you can again just configure all the services to read from that, except for nova-compute, and then the only thing that doesn't work is AIO-multicell right/17:01
*** hamalq has joined #openstack-nova17:01
owalshdid seem like the most elegant solution, but also not had a lot of time to think of any gotchas17:02
owalshand I think AIO-multicell could be considered not supported outside of devstack17:02
*** happyhemant has quit IRC17:03
owalshor if you really really want to do this for some of CI job then use containers17:03
dansmithwell, I think we should fix wsgi to let you specify config files like everything else, and then let you guys decide how you want to template and split the config files to make the packages work (or not)17:03
*** macz_ has quit IRC17:05
*** gyee has joined #openstack-nova17:05
owalshack, might also be worth looking at how we could parameterize the conf file path in the dev/rpm services17:06
openstackgerritArtom Lifshitz proposed openstack/nova master: DNM: extra logging for unpin_cpus  https://review.opendev.org/76340917:08
dansmitheven just having /etc/nova.conf that everything reads, and then each service configured to load /etc/nova/nova-conductor.conf, nova-scheduler.conf, etc would maybe be useful... common config and per-service config.. the latter could be empty in a lot of cases17:08
owalshack, I think that was the direction this was going but the wsgi issue was a blocker17:13
dansmithyeah17:14
openstackgerritDan Smith proposed openstack/nova master: RFC: Update the install documents for cells and less distro specific  https://review.opendev.org/76341217:14
*** ralonsoh_ has joined #openstack-nova17:27
*** ralonsoh has quit IRC17:28
*** ociuhandu_ has joined #openstack-nova17:28
*** ociuhandu has quit IRC17:31
*** ociuhandu_ has quit IRC17:33
openstackgerritLee Yarwood proposed openstack/nova-specs master: Image and flavor defined ephemeral storage encryption  https://review.opendev.org/75228417:33
*** JamesBenson has quit IRC17:33
*** hamalq has quit IRC17:45
*** hamalq has joined #openstack-nova17:45
*** hemna has quit IRC17:46
*** hemna has joined #openstack-nova17:47
*** macz_ has joined #openstack-nova17:53
*** hamalq has quit IRC17:56
*** hamalq has joined #openstack-nova17:56
*** jangutter has joined #openstack-nova17:58
*** mlavalle has joined #openstack-nova18:00
*** jangutter_ has quit IRC18:03
*** mgoddard has quit IRC18:05
*** macz_ has quit IRC18:08
*** jangutter_ has joined #openstack-nova18:21
*** dtantsur is now known as dtantsur|afk18:23
*** jangutter has quit IRC18:24
*** k_mouza has quit IRC18:34
*** jangutter has joined #openstack-nova18:38
*** jangutter_ has quit IRC18:39
*** jangutte_ has joined #openstack-nova18:39
*** jangutter has quit IRC18:42
*** andrewbonney has quit IRC18:45
sean-k-mooneystephenfin: i dont know if you saw the discussion about the metadata serivce but we have some undocumented behavior realated to an old nova v2 api extention that got merged into the service when we remove the nova api v3 code and support for cell in newton18:51
*** macz_ has joined #openstack-nova18:51
sean-k-mooneystephenfin: specifically form within the guest without creds you can do a post to the password filed and update that filed18:51
sean-k-mooneystephenfin: so it looks like we need to update the documatnion for that and consider if we actully want to support that longterem i think we need to at least for now since cloudbase use it18:53
*** ralonsoh_ has quit IRC18:53
sean-k-mooneythat said it was never actully accpeted into the v2.x api it was incorrectly included when we killed extention and drop the nova v3 api18:54
sean-k-mooneystephenfin: https://github.com/openstack/nova/commit/a2101c4e7017715af0a29675b89e14ee2884bd89 is the change that allowed the password to be updated once via the 169 adress18:59
sean-k-mooneywhich built on the server_password api extntion19:00
sean-k-mooneyanyway none of our docs say ^ is a thing you can do.19:00
*** bbowen has quit IRC19:07
*** macz_ has quit IRC19:19
*** mgoddard has joined #openstack-nova19:27
*** macz_ has joined #openstack-nova19:37
*** tesseract has quit IRC19:38
*** mgoddard has quit IRC19:39
*** luksky has quit IRC20:26
*** luksky has joined #openstack-nova20:26
*** rcernin has joined #openstack-nova20:33
*** k_mouza has joined #openstack-nova20:35
*** rcernin has quit IRC20:37
*** k_mouza has quit IRC20:39
*** bbowen has joined #openstack-nova20:40
*** ircuser-1 has joined #openstack-nova20:55
*** rcernin has joined #openstack-nova21:02
*** luksky has quit IRC21:41
*** luksky has joined #openstack-nova21:54
*** nweinber has quit IRC22:15
*** xek_ has quit IRC22:40
NobodyCamGood Afternoon Nova folks, I've started seeing hypervisor state flapping between up and down, The hypervisors are up, I've read that adjusting server_down_time and report_interval can help with this, are these the correct setting to adjust and is there a way to gauge what these values should be?23:10
melwittNobodyCam: are you experiencing a problem with getting occasional NoValidHost because of this or seeing the hypervisor state going up and down or both?23:31
NobodyCamreally both23:31
melwittok, for the scheduling thing, consider moving the ComputeFilter earlier in your list of configured filters if you have a large number of compute nodes. I have seen things where if there are a lot of computes (like 1000) the scheduling process is so slow that some nodes are considered "down" by the ComputeFilter because by the time that filter is reached, 60s have elapsed23:33
melwittfor the other settings, "service_down_time report_interval should be less than service_down_time. If service_down_time is less than report_interval, services will routinely be considered down, because they report in too rarely" from https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.report_interval is the main thing you need to make sure you have right23:34
*** rcernin has quit IRC23:35
*** rcernin has joined #openstack-nova23:35
melwitthere's another setting to make sure is set harmoniously with service_down_time https://docs.openstack.org/nova/latest/configuration/config.html#scheduler.periodic_task_interval23:36
melwittI think those 3 settings are the only ones you need to adjust and they need to be set as recommended in that doc, that report_interval needs to be less than service_down_time and periodic_task_interval needs to also be less than service_down_time23:37
melwittAFAIK the driving factor for choosing service_down_time will be how long scheduling is taking for you. if you move ComputeFilter first in the list, for example, and still get sporadic NoValidHost bc of compute node "down" when it's not really down, then you will need to increase service_down_time to accommodate the scheduling time. just make sure you don't set report_interval or periodic_task_interval to longer than service_down_time23:44
*** hamalq has quit IRC23:53
*** hamalq has joined #openstack-nova23:54
NobodyCamThank you very much melwitt I will review our current configuration an let you know if it improves after any changes23:54
melwittNobodyCam: np, good luck, will be interested to hear how it goes23:54
*** martinkennelly has joined #openstack-nova23:56
*** martinkennelly has quit IRC23:59
« Wednesday, 2020-11-18 Index Friday, 2020-11-20 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!