Friday, 2021-03-12

« Thursday, 2021-03-11 Index Saturday, 2021-03-13 »
*** macz_ has quit IRC00:06
*** ociuhandu has joined #openstack-nova00:33
*** ociuhandu has quit IRC00:37
*** macz_ has joined #openstack-nova00:50
*** tosky has quit IRC00:51
*** macz_ has quit IRC00:55
*** mlavalle has quit IRC01:24
openstackgerritsean mooney proposed openstack/nova master: libvirt: Add vDPA nodedev parsing  https://review.opendev.org/c/openstack/nova/+/77053301:26
openstackgerritsean mooney proposed openstack/nova master: libvirt: Add guest generation for vDPA  https://review.opendev.org/c/openstack/nova/+/77053201:26
openstackgerritsean mooney proposed openstack/nova master: pci: Add vDPA vnic to PCI request mapping and filtering  https://review.opendev.org/c/openstack/nova/+/77835001:26
openstackgerritsean mooney proposed openstack/nova master: add hw:mlock extra spec  https://review.opendev.org/c/openstack/nova/+/77834701:26
*** martinkennelly has quit IRC01:31
*** xek_ has joined #openstack-nova01:33
*** xek has quit IRC01:36
*** macz_ has joined #openstack-nova02:04
*** k_mouza has joined #openstack-nova02:07
*** macz_ has quit IRC02:09
*** k_mouza has quit IRC02:12
*** ociuhandu has joined #openstack-nova02:21
*** psachin has joined #openstack-nova02:22
*** spatel has joined #openstack-nova02:25
*** ociuhandu has quit IRC02:26
*** artom has quit IRC02:46
*** whoami-rajat_ has joined #openstack-nova02:55
*** whoami-rajat_ is now known as whoami-rajat03:16
*** macz_ has joined #openstack-nova03:17
*** macz_ has quit IRC03:22
*** sapd1 has joined #openstack-nova03:23
*** vishalmanchanda has joined #openstack-nova03:27
*** spatel has quit IRC03:30
*** jamesdenton has quit IRC03:33
*** jamesdenton has joined #openstack-nova03:34
*** rcernin has quit IRC03:48
*** macz_ has joined #openstack-nova03:59
*** macz_ has quit IRC04:04
*** sapd1 has quit IRC04:07
*** spatel_ has joined #openstack-nova04:09
*** rcernin has joined #openstack-nova04:15
*** rcernin has quit IRC04:19
*** rcernin has joined #openstack-nova04:19
*** lifeless has quit IRC04:42
*** k_mouza has joined #openstack-nova04:45
*** ratailor has joined #openstack-nova04:47
*** k_mouza has quit IRC04:50
*** sapd1 has joined #openstack-nova04:58
*** macz_ has joined #openstack-nova05:00
*** macz_ has quit IRC05:05
*** whoami-rajat has quit IRC05:28
*** sapd1 has quit IRC05:32
openstackgerritYongli He proposed openstack/nova master: smartnic support - functional tests  https://review.opendev.org/c/openstack/nova/+/78014705:34
*** macz_ has joined #openstack-nova05:56
*** ociuhandu has joined #openstack-nova05:58
*** macz_ has quit IRC06:00
*** ociuhandu has quit IRC06:02
*** LinPeiWen has quit IRC06:02
*** spatel_ has quit IRC06:10
*** LinPeiWen has joined #openstack-nova06:13
*** ralonsoh has joined #openstack-nova06:18
*** rcernin has quit IRC06:47
*** lifeless has joined #openstack-nova06:49
*** k_mouza has joined #openstack-nova06:54
*** whoami-rajat_ has joined #openstack-nova06:56
*** rcernin has joined #openstack-nova06:58
*** k_mouza has quit IRC06:59
*** khomesh24 has joined #openstack-nova06:59
*** ociuhandu has joined #openstack-nova07:03
*** ociuhandu has quit IRC07:07
*** slaweq has joined #openstack-nova07:11
*** sapd1 has joined #openstack-nova07:18
*** rcernin has quit IRC07:33
*** rcernin has joined #openstack-nova07:34
*** rcernin has quit IRC07:40
*** rcernin has joined #openstack-nova07:42
*** belmoreira has joined #openstack-nova07:44
*** ociuhandu has joined #openstack-nova07:45
*** ociuhandu has quit IRC07:45
*** sapd1 has quit IRC07:46
*** rcernin has quit IRC07:47
*** dklyle has quit IRC07:47
*** sapd1 has joined #openstack-nova07:50
*** jamesdenton has quit IRC07:55
*** jamesdenton has joined #openstack-nova07:56
*** macz_ has joined #openstack-nova07:57
*** ociuhandu has joined #openstack-nova07:57
*** xinranwang has joined #openstack-nova07:57
*** ociuhandu has quit IRC07:57
*** ociuhandu has joined #openstack-nova07:58
*** gryf is now known as gryf_07:58
*** _gryf is now known as gryf07:59
*** macz_ has quit IRC08:01
*** rcernin has joined #openstack-nova08:06
*** zzzeek has quit IRC08:07
*** zzzeek has joined #openstack-nova08:11
*** gyee has quit IRC08:11
gibisean-k-mooney: ack, looking08:11
*** rcernin has quit IRC08:11
gibiyonglihe: hi! Is it possible to test the smartnic series in a devstack with the fake cyborg driver?08:13
yonglihefunctional test it is.  devstack, we need real hw for that.08:14
yongliheexcept that, the devstack have some feature to accept the VM stuck to a none-exit pci devices as succeefuly state(that expected off cause).08:15
yongliheIf we also use a faked libvirt, that workable.08:16
yonglihegibi: btw, othe comments gonna take me 2 or 3 days hard work.08:20
gibiyonglihe: so the devstack + cyborg fake driver solution doesn't work as the fake driver returns nonexistent pci device and that cannot be added to the VM. thank make sense.08:21
gibiyonglihe: which comment is the hard one?08:21
yonglihecode reactors.08:22
yongliherefactors08:22
yonglihebut we have solutions for that.08:22
*** tesseract has joined #openstack-nova08:23
*** rcernin has joined #openstack-nova08:23
yongliheThe one  need decouple the flavor arq from port-arq need more force, that cofused everyone.08:25
gibiI see08:25
gibialex_xu: will you be around in the next week to review the smartnic series ?08:26
yonglihebut we could use port uuid instead of instace uuid as arq consumer, that will much more clear08:26
gibihm that sounds like a good idea08:26
*** ociuhandu has quit IRC08:26
*** ociuhandu has joined #openstack-nova08:27
*** rcernin has quit IRC08:28
alex_xugibi: yes, I will be there to review the smartnic series08:31
gibialex_xu: thanks08:31
alex_xunp08:32
gibiyonglihe: how do you feel can you propose the fixes not later than Wednesday next week?08:32
*** andrewbonney has joined #openstack-nova08:33
*** rcernin has joined #openstack-nova08:33
yongliheYour Wednesday, thats sounds ok for me.08:33
*** rcernin has quit IRC08:35
gibiOk08:35
*** ociuhandu has quit IRC08:50
bauzasgood morning Nova08:50
*** tosky has joined #openstack-nova08:51
bauzashave we discussed on FFEs ?08:51
bauzasnvm http://lists.openstack.org/pipermail/openstack-discuss/2021-March/020772.html08:52
gibibauzas: yepp, and we have two requested on the ML08:53
bauzasI see the smartnic ones08:53
bauzashence my question08:53
gibibauzas: sean-k-mooney requested one for the vdpa too08:53
bauzasoh, the vdpa one08:54
gibiif you read the scrollback then you see my discussion with yonglihe and alex_xu about the smartnic one08:54
gibifrom this morning08:54
bauzasthe vdpa one got eyes on it yesterday AFAICT08:54
bauzasbut what about the smartnic one ?08:54
gibibauzas: yes, and we found a bug08:54
gibibauzas: so the vdpa one is pretty close as sean-k-mooney fixed the bug during the night08:55
gibibauzas: for vdpa we need a patch that blocks unsupported operations like live-migrate, and needs a reno08:55
bauzasmerging stuff on today seems reasonable to me provided we kinda verify we don't really change a lot08:55
bauzaslike, adding new stuff looks good to me, but for example, asking to have a new ovo field, no08:56
gibiI think we have a good chance to approve the vdpa one today08:56
bauzasgibi: ok, and for smartnic ?08:56
gibithat is a bigger step08:56
bauzasgibi: I can try to look at it08:56
bauzashah08:56
gibiI had various comments yesterday08:56
bauzasI'll quickly look at the series08:56
gibiyonglihe thinks the hard parts of that can be fixed not later than Wednesday08:57
gibibauzas: and alex_xu confirmed that he will be around to review08:57
bauzasbecause as i said, if they want to modify some RPC APIs or want to change ov.o objects or DB, then I wouldn't be super happy08:57
bauzasgibi: well, Wednesday is a bit late, no ? :-08:57
bauzas:(08:57
gibiit is a stretch08:58
bauzasagain, my concern is not really about when, but rather about what's modified08:58
gibibauzas: when you say no new ovo field do you mean we should not merge anything after tomorrow that changes an ovo?08:58
bauzasyes08:58
bauzasor a RPC API08:58
bauzasor a DB upgrade08:58
bauzasor...08:58
bauzasor a API microversion08:58
gibithere is no DB/RPC change in vdpa or smartnic08:59
gibibut both changes ovo08:59
bauzasbecause merging those while we're already close to RC1 means that if we see problems, it could be difficult to just revert the changes08:59
gibismartnic adds field https://review.opendev.org/c/openstack/nova/+/771363/13/nova/objects/network_request.py08:59
bauzas /o\08:59
bauzasif we merge those ovo changes today, I'm OK08:59
bauzaswhat I'm not OK it to merge ovo changes like next week09:00
gibivdpa adds enum value https://review.opendev.org/c/openstack/nova/+/777481/8/nova/objects/fields.py09:00
bauzasI know for vdpa09:00
gibibauzas: fair point09:00
gibithen I think smartnic needs to be deferred09:00
gibiI'm not happy to merge the ovo change today without seeing the whole series coming together09:00
bauzasagain, it's more a question about how to be reverting if we merge them next week and we see problems09:00
*** tesseract has quit IRC09:00
bauzasgibi: yeah :(09:01
gibiand you have a valid point about the risk in ovo09:01
bauzasbut for example, I could be OK with merging a new config option on Monday09:01
bauzasWednesday is late09:01
bauzasbut, at least if we see problems, it's simple to just revert09:02
bauzaspeople could tell it's simple to revert ovo changes09:02
bauzasbut the problem here is that master is down then09:02
gibiwhat do you mean by down?09:03
*** lucasagomes has joined #openstack-nova09:03
*** tesseract has joined #openstack-nova09:04
*** xek_ is now known as xek09:06
*** ociuhandu has joined #openstack-nova09:06
*** derekh has joined #openstack-nova09:07
bauzasgibi: I mean that if we would want to revert an ovo patch, this would mean that we absolutely need to be sure that we don't merge other ovo changes after this one09:08
*** martinkennelly has joined #openstack-nova09:08
bauzaswe can pretend it never existed but there is a high risk of tangling09:08
bauzashence me being super conservative about such changes to be merged while we're so close from RC109:09
gibitanglig by having two different ovo object with the same version09:09
gibiyonglihe: bauzas had a point above  about the ovo change being risky close to RC1 and I think his point is valid. I'm affraid we have to defer the smartnic series to X09:12
gibialex_xu: ^^09:12
bauzasI'll review the series this morning09:12
bauzasit's fair to look at the change before cutting the rope09:13
yonglihegibi: got, that's reasonable. likely, we could merge smartnic in very ealry stage of  X09:13
bauzasbut since I haven't reviewed the spec, it'll take time for me to load the context in mind :)09:13
bauzasyonglihe: if you don't mind then, I can propose sponsoring your series as soon as we branch RC109:14
bauzaswhich will be in two weeks09:14
yonglihebauzas,  sure, that sound good for me, and thanks.09:15
gibiyonglihe: sorry for the bad news and thanks for the flexibility09:15
gibiI will summarize this to the ML09:15
bauzasyonglihe: thanks for your understanding :(09:15
bauzasyonglihe: ping me once RC1 is cut, and then I'll review your patches09:15
*** ociuhandu has quit IRC09:16
yonglihebauzas: we all responsible to minimize risk, that's right way to go.  thanks.09:16
bauzasyonglihe: don't forget to ping me as I could forget09:17
yonglihe bauzas, sure.09:18
openstackgerritWenping Song proposed openstack/nova master: Remove get_device_profile_request_groups function in cyborg.py  https://review.opendev.org/c/openstack/nova/+/78020609:19
*** ociuhandu has joined #openstack-nova09:23
alex_xugibi: bauzas got it, thanks for the review and feedback anyway09:29
*** kd has quit IRC09:32
openstackgerritJinsheng Zhang proposed openstack/nova stable/victoria: Add nova support ironic instance port group network metadata  https://review.opendev.org/c/openstack/nova/+/78020909:44
*** dtantsur|afk is now known as dtantsur09:51
*** k_mouza has joined #openstack-nova09:56
*** macz_ has joined #openstack-nova09:57
gibisean-k-mooney, stephenfin: I finished reading the new patches of vdpa. Left some small comments and question inline. I will be off for a while between 13:00 - 16:00 CET but I will review whatever needs to be reviewed. just let me know10:00
*** macz_ has quit IRC10:02
stephenfingibi: ack, working on a functional tests atm to prove it out before giving my final review10:03
gibistephenfin: cool10:03
*** k-s-dean has joined #openstack-nova10:15
bauzasI can cycle a bit of reviews for the vdpa stuff10:16
*** sapd1 has quit IRC10:21
gibibauzas: your help might be needed on the functional test patch as that is written by stephenfin so he cannot +2 it10:30
*** ratailor_ has joined #openstack-nova10:32
sean-k-mooneyo/10:33
sean-k-mooneythanks ill take a look and answer them as best i can shortly10:34
gibisean-k-mooney: \o10:34
*** ratailor has quit IRC10:34
sean-k-mooneyah damb it i dropt the vdpa path in the wrong patch10:37
*** ratailor has joined #openstack-nova10:37
sean-k-mooneyya that should be in the previous one i did it at the end and did an interactive rebase to suash it in but obvioulsy picked the wong patch10:37
*** smcginnis has joined #openstack-nova10:38
*** ratailor_ has quit IRC10:39
sean-k-mooneygibi: while im fixing the pep8 issue in pci: Add vDPA vnic to PCI request mapping and filtering  ill fix the odd indenting too10:40
gibicool10:40
sean-k-mooneyone thing im debating is shoudl i rebase this seriese on top of the pci/socket and port numa changes or wait until we get to the final functional patch which is the only one that is in conflict with those10:41
*** jangutter has joined #openstack-nova10:42
gibiI think you can wait until the functional patch10:43
sean-k-mooneycool that avoid needing to rebase the frist couple of patches10:44
sean-k-mooneylyarwood: have your devstack changes merged for the cinder issue10:44
sean-k-mooneythe tgtadm WWN issue10:45
*** jangutter_ has quit IRC10:45
lyarwoodsean-k-mooney: no, they wanted to hold off until after FF as we don't have any proof that it is causing the detach issue10:46
* lyarwood wanted to try to reproduce again today FWIW10:46
sean-k-mooneyok10:47
openstackgerritLee Yarwood proposed openstack/nova master: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/77888510:47
lyarwoodone more change to go and I'll try to reproduce the issue in your cloud again10:47
lyarwoodI *think* I fsck'd up earlier in the week and forgot to upgrade my tempest.conf to allow volume attached LM10:48
lyarwoodupdate*10:48
sean-k-mooneyah. well in the last 7 days we have hit the detach issue 275 times although my current match seems to trigger 3 times on each event os closer to 90 failed jobs10:50
sean-k-mooneywe also seam to have some other libvirt issue too that i have seen intermitently but i cant recall it now10:51
*** slaweq has quit IRC11:00
*** slaweq has joined #openstack-nova11:02
*** jangutter_ has joined #openstack-nova11:06
*** jangutter_ has quit IRC11:07
*** jangutter_ has joined #openstack-nova11:08
*** jangutter has quit IRC11:09
*** brinzhang0 has quit IRC11:11
openstackgerritLee Yarwood proposed openstack/nova master: block_device: Use initialize APIs to refresh when reported as idempotent  https://review.opendev.org/c/openstack/nova/+/72076911:15
*** ratailor has quit IRC11:16
lyarwoodelod: https://review.opendev.org/c/openstack/nova/+/780014 - thoughts on this?11:17
*** ociuhandu_ has joined #openstack-nova11:18
*** ociuhandu has quit IRC11:21
*** ociuhandu_ has quit IRC11:22
elodlyarwood: oh, sorry, I've lost it in my TODOs :S +2+W'd11:24
lyarwoodelod: np thanks11:24
openstackgerritsean mooney proposed openstack/nova stable/train: add functional regression test for bug #1888395  https://review.opendev.org/c/openstack/nova/+/75953311:31
openstackbug 1888395 in OpenStack Compute (nova) train "live migration of a vm using the single port binding work flow is broken in train as a result of the introduction of sriov live migration" [High,In progress] https://launchpad.net/bugs/1888395 - Assigned to Billy Olsen (billy-olsen)11:31
*** tesseract has quit IRC11:36
*** tesseract has joined #openstack-nova11:36
*** jamesdenton has quit IRC11:50
*** jamesdenton has joined #openstack-nova11:52
*** xinranwang has quit IRC11:57
stephenfinfunctional tests works. hurrah11:58
stephenfinsean-k-mooney: are you addressing gibi's nits and mine or will I?11:58
*** macz_ has joined #openstack-nova11:58
stephenfinI don't mind. I have to push the functional test anyway11:59
sean-k-mooneyi am yes11:59
stephenfinokay, great11:59
sean-k-mooneyif you push with -R it wont rebase my stuff and i can cherry pick in your test when i push11:59
openstackgerritStephen Finucane proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011211:59
openstackgerritStephen Finucane proposed openstack/nova master: WIP: tests: Make mdev stubs work like vDPA  https://review.opendev.org/c/openstack/nova/+/78023411:59
stephenfinalready done ^11:59
sean-k-mooneyyep12:00
stephenfinbauzas: gibi: ^12:00
gibiack12:00
*** macz_ has quit IRC12:03
*** ociuhandu has joined #openstack-nova12:09
*** ociuhandu has quit IRC12:15
*** smcginnis has quit IRC12:28
sean-k-mooneyso artoms socket patch hit the block detach failure again https://review.opendev.org/c/openstack/nova/+/77277912:34
sean-k-mooneythis time in the gate queue12:34
sean-k-mooneyshoudl we keep rechecking this or do we have another solution?12:34
lyarwoodlooks like there are other failures in there as well12:35
lyarwoodnova-next failed with a ssh timeout12:35
sean-k-mooneyyep but the same tests passed in check12:35
sean-k-mooneygranted its mixed with other patchs in gate12:35
lyarwoodnova-ceph-multistore failed with a volume backup failure12:35
sean-k-mooneybut i dont think those failures are related12:36
sean-k-mooneyi think all the failures it hit are intermitent failure in the jobs12:36
lyarwoodnova-live-migration failed but not because of a detach issue AFAICT12:36
lyarwoodthe instance just didn't migrate12:36
sean-k-mooneyglanceclient.exc.HTTPNotFound: HTTP 404 Not Found: No image found with ID 202b34e0-db15-437c-8a19-ab391dfcf6e012:37
sean-k-mooneyalthough that might be a differnt test?12:38
lyarwoodyeah I think so12:41
lyarwoodhttps://zuul.opendev.org/t/openstack/build/98ef805affe54cdd96e32a57b6b87ea1/log/compute1/logs/screen-n-cpu.txt#1001112:41
lyarwoodthat's why the LM failed12:41
sean-k-mooneywhats annoying about those test failures in general is artoms code changes only take effect if your using pci passthough or sriov which we dont do in any gate jobs.12:41
lyarwoodbut why is that a different request-id12:42
sean-k-mooney  libvirt.libvirtError: unable to connect to server at 'ubuntu-focal-vexxhost-ca-ymq-1-0023456556:49152': Connection refused12:43
sean-k-mooneytempest-LiveMigrationTest-1563426117 tempest-LiveMigrationTest-1563426117-project-admin] Could not generate host nqn: [Errno 2] No such file or directory12:44
*** artom has joined #openstack-nova12:44
sean-k-mooneyhttps://zuul.opendev.org/t/openstack/build/98ef805affe54cdd96e32a57b6b87ea1/log/compute1/logs/screen-n-cpu.txt#1048112:44
sean-k-mooneynvme gen-hostnqn | tee /etc/nvme/hostnqn12:45
sean-k-mooneythat odd12:45
lyarwoodyeah I think that's ignored12:45
lyarwoodit's the os-brick connector12:45
sean-k-mooneywhy are we doing nvme things12:45
sean-k-mooneyya i think its ignored too but the gate cant test nvme as far as im aware12:46
sean-k-mooneyso not sure why the nvmeof connector is trying to do anything12:46
lyarwoodyeah the os-brick connector doesn't know ahead of time what the actual volume type is12:46
lyarwoodso it just gathers info on all of the possible IQN/HBAs etc it can12:47
sean-k-mooneythats not ideal but ok12:47
lyarwoodyeah it's a really old wrinkle in the APIs12:47
lyarwoodideally you'd want cinder API to tell the caller what the type is first and what connector info it needs to map the volume12:47
sean-k-mooneyartom recheked this so im going to go back to fixing nits12:48
sean-k-mooneylyarwood: yep12:48
sean-k-mooneylike with os-vif12:48
sean-k-mooneywe use the vif-type and vnic-type to only call the correct plugin12:48
sean-k-mooneywe never do any kind of probing12:48
*** tkajinam has quit IRC12:54
*** smcginnis has joined #openstack-nova13:05
*** dosaboy_ is now known as dosaboy13:06
*** macz_ has joined #openstack-nova13:10
sean-k-mooneystephenfin: by the way a possible gotch ya with pre-commit13:11
sean-k-mooneyi dont think it runs if you do a git add during an interactive rebase and then do git rebase --continue13:12
sean-k-mooneyyou have to do git commit --amend first13:12
bauzassean-k-mooney: you got a merge conflict ?13:14
sean-k-mooneyfor?13:14
*** macz_ has quit IRC13:15
sean-k-mooneyim interactive rebaseing to adress the fact i removed the devpath in the wong commit and im adress all the style nits in the rest of the following patchs since they are going to be rebased as a result anyway13:16
sean-k-mooneywith precommit if you just to rebase --continue it just does not run the commit hook i think13:16
sean-k-mooneysince it technially not a commit13:17
sean-k-mooneyso if you want precommit to run when doing interactive rebases and your editing files then make sure to comit before moving on13:17
*** tesseract has quit IRC13:19
sean-k-mooneybauzas: if you are asking will there be a merge conflict then yes13:19
*** tesseract has joined #openstack-nova13:19
sean-k-mooneya very minor one with the pci socket policy patch13:19
sean-k-mooneyits a one line conflict in a test13:19
openstackgerritsean mooney proposed openstack/nova master: libvirt: Add vDPA nodedev parsing  https://review.opendev.org/c/openstack/nova/+/77053313:21
openstackgerritsean mooney proposed openstack/nova master: libvirt: Add guest generation for vDPA  https://review.opendev.org/c/openstack/nova/+/77053213:21
openstackgerritsean mooney proposed openstack/nova master: pci: Add vDPA vnic to PCI request mapping and filtering  https://review.opendev.org/c/openstack/nova/+/77835013:21
openstackgerritsean mooney proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011213:21
openstackgerritsean mooney proposed openstack/nova master: WIP: tests: Make mdev stubs work like vDPA  https://review.opendev.org/c/openstack/nova/+/78023413:21
sean-k-mooneystephenfin: that should adress all the nits too13:21
lyarwoodI can't recall ever seeing this written down anywhere but do we have a policy against passing context around, if only to improve logging by ensuring a request-id is logged alongside each message?13:22
lyarwoodI'm trying to debug the volume detach failure and am getting pissed with the lack of context in some places13:23
lyarwoodI've added instance=instance to all of the LOG calls in the volume drivers within libvirt now13:23
sean-k-mooneyi personally try not to pass it if i can avoid it13:23
lyarwoodbut as we don't pass context down into these there's no request-id13:23
sean-k-mooneybut i almost never use request id13:23
lyarwoodyeah, I'm a heavy heavy user of it now13:24
lyarwoodand while I get that it's pointless if it isn't used13:24
lyarwoodthe request-id is soooooooo useful13:24
sean-k-mooneyif you have the instance uuid that normally enough13:24
sean-k-mooneyit can be yes13:24
lyarwoodyou just end up making assumptions I find13:25
sean-k-mooneybut unless we can come up with a better way then pass it to every function i would prefer not to13:25
lyarwoodI'll have to read the oslo.log code again to recall what it actually looks for13:25
lyarwoodit might look for other things aside from context13:25
artomlyarwood, I thought the request ID was stashed in a thread global or something? At least that's what I was told...13:25
sean-k-mooneyartom: i dont think so13:26
lyarwoodhmm I thought oslo.log pulled it out of context tbh13:26
sean-k-mooneythat would not work well with eventlests13:26
artom*shrug* I have to do the dad taxi thing anyways13:26
sean-k-mooneyunless you mean a green thread local variable of some kind13:26
sean-k-mooneybu it i still would assume its not form that13:27
lyarwoodoh it's both13:27
lyarwoodhttps://github.com/openstack/oslo.log/blob/51324b276a8a5f69847d3a17fa89924dabad4759/oslo_log/formatters.py#L61-L7813:27
*** ociuhandu has joined #openstack-nova13:28
lyarwoodah right cool13:29
lyarwoodokay so passing context isn't required13:29
* lyarwood wonders why it wasn't logged when calling disconnect_volume in that case13:29
openstackgerritLee Yarwood proposed openstack/nova master: libvirt: Ensure all volume drivers log the instance whenever possible  https://review.opendev.org/c/openstack/nova/+/78026013:30
sean-k-mooney https://github.com/openstack/oslo.context/blob/0d02866365bc8b779aef9ebd0b79a52c96ae40e5/oslo_context/context.py#L508-L51313:30
sean-k-mooneyso it can retrun None13:31
sean-k-mooney_request_store is a thread local13:31
sean-k-mooneyhttps://github.com/openstack/oslo.context/blob/0d02866365bc8b779aef9ebd0b79a52c96ae40e5/oslo_context/context.py#L4013:31
sean-k-mooneyso if the green thread resoumes on a different thread becaue we are usign a thread pool it might be empty13:32
lyarwoodkk makes sense, both connect and disconnect wait behind a lock13:32
lyarwoodso I assume that's where we end up losing it13:32
lyarwoodew13:32
sean-k-mooneydo i want to know what you just saw13:33
lyarwoodthat was more at the logging changing because of thread local storage13:33
lyarwoodI'm looking at yet another example failure of the detach thing13:34
lyarwoodanother test attaches a volume13:34
lyarwoodthe failing test attaches a volume13:34
lyarwoodthe other test detaches13:34
lyarwoodand then our failing test attempts to detach13:34
sean-k-mooneythats also ew :)13:34
lyarwoodwell it's all locked and serialised so that's fine13:35
lyarwoodbut the failing test just times out trying to detach the device13:35
sean-k-mooneycan we just chnage this locally in nova to workaround the issue13:35
lyarwoodthere's some stuff in syslog13:35
lyarwoodbut I can't get my head around it tbh13:35
sean-k-mooneyyou still think this is due to conflicting WWNs right13:36
lyarwoodyeah I don't think that's helping but I can't find a smoking gun here13:37
*** jangutter has joined #openstack-nova13:45
*** psachin has quit IRC13:45
belmoreirahi, we are live migrating thousands of instances because hardware retirement and hit an old issue :) this was discussed in the past for instance creation, but now I'm facing it at live migration, when the migration allocation is created. https://bugs.launchpad.net/nova/+bug/191841913:47
openstackLaunchpad bug 1918419 in OpenStack Compute (nova) "vCPU resource max_unit is hardcoded" [Undecided,New]13:47
*** jangutter_ has quit IRC13:48
sean-k-mooneybelmoreira: it would be incorrect to factor in allocation ration when setting max_unit13:48
belmoreiraI feel that for the vcpu particular case the operator could take the responsibility to defined the max_unit value.13:48
sean-k-mooneyi dont think i agree13:49
sean-k-mooneyyou might be abel to use provider.yaml to cahnge it13:49
sean-k-mooneybut its not valid for a vm to oversubsribe against itself13:49
sean-k-mooneyso the max_unit should never exceed total13:50
sean-k-mooneyif you are disabling hyperthread thats havlfing your total cpus so the max_unit should also be reduced13:50
belmoreira"its not valid for a vm to oversubsribe against itself" I agree with that13:50
sean-k-mooneymax_unit in placment is there to prevent that13:51
sean-k-mooneybelmoreira: the correct approch in your case would be to resize the vms before the migration13:51
sean-k-mooneyform the 32 core flavor to 16 i assume13:51
sean-k-mooneyor 32 but across 2 numa nodes13:52
sean-k-mooneylikely depending on the vm13:52
*** smcginnis has quit IRC13:52
belmoreiraof course in the general I agree with you. And it's a good default. What I'm talking about is to give the operator the freedom to change this sensible default for very particular operations.13:52
sean-k-mooneythat the thing its all or nothing13:53
sean-k-mooneyif you change the max_unit in the placment inventory13:53
sean-k-mooneyit will apply to all operations13:53
sean-k-mooneywhich could allow vms to boot that were over subscibing againt themselves13:53
sean-k-mooneywe dont suport setting max_unit for indivigual resouce in the allocation candiates request13:54
sean-k-mooneybelmoreira: if you realy need too you can use https://specs.openstack.org/openstack/nova-specs/specs/ussuri/approved/provider-config-file.html13:55
sean-k-mooneyto orverride the max_unit13:55
sean-k-mooneyassuming you have at least ussuri13:55
belmoreiraI'm not familiar with that spec. Let me have a look. (still in Stein for Nova)13:57
sean-k-mooneyyou would basically do13:57
sean-k-mooneymeta:13:57
sean-k-mooney  schema_version: 1.013:57
sean-k-mooneyproviders:13:57
sean-k-mooney  # List of dicts13:57
sean-k-mooney  - identification:13:57
sean-k-mooney        uuid: $COMPUTE_NODE13:57
sean-k-mooney    inventories:13:57
sean-k-mooney        additional:13:57
sean-k-mooney            VCPU:13:57
sean-k-mooney                max_unit: 3213:57
*** spatel_ has joined #openstack-nova13:58
belmoreiraIf we can do that in Ussuri it looks good enough to me for any special case13:59
belmoreirathanks sean-k-mooney13:59
sean-k-mooneyactully it wont work for your usecase13:59
sean-k-mooneyi forgot we can only use this for CUSTOM_ resouces13:59
*** mlavalle has joined #openstack-nova13:59
*** khomesh24 has quit IRC14:00
sean-k-mooneywe intentionally blocked overwriding sthe standard ones form the virt driver14:00
belmoreiramy thinking on all of this is how an operator should move forward when (for whatever reason) the resource inventory changes.14:05
sean-k-mooneywell form a downstream and i thnk upstream point of vew we do not supprot changing the number of hyper treads on a host with vms14:06
belmoreiraFor my particular case, vCPUs were cut in half, but we need to keep the oversubcribed instances running. Now to live migrate then we need "patch" the compute nodes14:06
sean-k-mooneythe same aslo gos for numa nodes e.g. by enable cluster on die ot changeing numa per socket in the bios14:06
sean-k-mooneyso today the only supported way it to do a resize to a differnt flavor14:07
sean-k-mooneybelmoreira: yep i understand unfortuetly the senario your are attempting to do is not currenlty supported by nova14:07
belmoreirasean-k-mooney :) fair enough. I didn't think we would ever disable SMT in production nodes.14:07
*** macz_ has joined #openstack-nova14:07
sean-k-mooneythe "keep vms alive requirement is really the toughest"14:08
* sean-k-mooney messed up the quotes14:08
sean-k-mooneybelmoreira: for live migration we cant really change the toplogy of the guest14:09
sean-k-mooneywe can change teh mapping the host but putting that 32 core vm on a 16 core host would not be a valid schudlign decision based on our current oversubscpiton rules14:10
sean-k-mooneybelmoreira: actully i hate to say this but did you attempt a force live migration14:10
sean-k-mooneyi assume that still fails because placment will block it14:10
sean-k-mooneywhen we try to update the allcoations14:11
belmoreirasean-k-mooney it's fine. And in most part I agree with you, I just wanted to raise this issue here because other operators may suffer from the same thing. And these are the "use cases" that we didn't think about... Like I said I never thought we would need to disable SMT in production nodes.14:11
sean-k-mooneyit is certenly something we could put in the docs somewhwere14:12
belmoreirasean-k-mooney actually I didn't... but in the case is placement, so it should fail14:12
sean-k-mooneyi think the allocation update will fail but i have never tried this14:12
sean-k-mooneynova with the old microversion will skip the schduler fileter if you force it14:13
sean-k-mooneybut i think we always do the placment update14:13
*** macz_ has quit IRC14:13
sean-k-mooneybelmoreira: if you want to hack around it without changing the code there is one thing you could try14:14
sean-k-mooneyyou could increase the interval taht we update placment at in the config on a node temporally so say once an hour14:14
sean-k-mooneyand you could manully chagne the value in the placment inventory with osc-placment14:15
sean-k-mooneythen migrate14:15
sean-k-mooneythat will end up with an invalidly placed vm but you could force it that way14:15
belmoreirasean-k-mooney yeah, that would work. What i'm doing is just putting a fake value for max_int in the update placement. These nodes will be removed anyway.14:17
sean-k-mooneyya its basiclaly the same just via the api for those that cant hack the code direcly in prodcution14:17
belmoreirasean-k-mooney thanks a lot for your comments.14:18
belmoreiraHaving something in the docs may help others. I think I can move this bug forward and update the docs.14:18
sean-k-mooneyi hope you dont mind that i marked it as invalid but you could bring it up at the ptg14:19
sean-k-mooneyor in a nova team meeting/mailing list to get more input form others14:19
belmoreirasean-k-mooney I think having something in the docs is reasonable14:20
sean-k-mooneyyep i agree if you wanted to convert that to a docs bug i think it would be good14:21
*** jamesdenton has quit IRC14:24
belmoreiraI need some guidance... should I mentioned in the bug that we discussed this and we agreed that a docs change could be enough? or this bug needs to be submitted somewhere else?14:24
*** jamesdenton has joined #openstack-nova14:24
sean-k-mooneyyou can link to the irc convo14:24
sean-k-mooneyhttp://eavesdrop.openstack.org/irclogs/%23openstack-nova/latest.log.html#t2021-03-12T13:47:1714:25
sean-k-mooneythen we can triage it as valid14:25
belmoreiraok thanks a lot14:25
sean-k-mooneyso you can reuse the same bug if you like althotuhg you might want to also update the titile to refelct its a docs change now14:26
*** smcginnis has joined #openstack-nova14:28
belmoreirawill do14:28
sean-k-mooneystephenfin: im going to put my func test for the api block in a different class. they way you are currently mocking the vdpa devices is more complex then i would like and since i dont actully need them since im blocking these ops at the api level im going to skip mocking them for now14:32
sean-k-mooneystephenfin: when the op moves form unsupported to supported ill need the vdpa devices mocked but for these negitive test i dont14:33
sean-k-mooneythat sound ok to you14:33
*** lpetrut has joined #openstack-nova14:35
sean-k-mooneyactully i might need to mock some fo them they way you are but ill cross that bridge when i come to it14:35
sean-k-mooneyi guess i could do api unit tests instead of functional too.14:36
stephenfinsean-k-mooney: go for it14:37
stephenfinthough I take offence to the suggestion it's too complex :-P14:37
stephenfin(tbf, I actually thought it was reasonably understandable)14:37
sean-k-mooneywell i cant just do fakelibvirt.HostPCIDevicesInfo(num_pfs=1, num_vf=0, num_vdpa=2)14:38
sean-k-mooneylike i made work in the unit tests14:38
sean-k-mooneythe fact you are manually creating the devices in the test is why is complex14:38
stephenfinoh, well it's easy to add that14:39
stephenfinI just didn't need it since I'd a single test14:39
sean-k-mooneyyep that the only thing i was unhappy with really14:39
*** whoami-rajat_ is now known as whoami-rajat14:40
sean-k-mooneywell i didnt review them too closely so there mihgt be something else but that made me go ill look at this when i have more time14:41
* gibi is reviewing vdpa14:58
*** artom has quit IRC15:04
openstackgerritMerged openstack/nova stable/train: [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook  https://review.opendev.org/c/openstack/nova/+/78001415:04
*** k_mouza has quit IRC15:13
*** k_mouza has joined #openstack-nova15:14
*** artom has joined #openstack-nova15:16
*** lpetrut has quit IRC15:16
openstackgerritLee Yarwood proposed openstack/nova stable/stein: [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook  https://review.opendev.org/c/openstack/nova/+/78027715:17
elodgibi lyarwood : i've uploaded the release patches: https://review.opendev.org/q/project:openstack/releases+status:open+intopic:nova15:17
gibiwill check soon15:18
elodthx o/ let me know if you disagree with the minor version bump15:19
*** sapd1 has joined #openstack-nova15:24
*** ociuhandu has quit IRC15:32
lbragstaddansmith opened up a bug against nova to document what we found https://bugs.launchpad.net/nova/+bug/191894515:33
openstackLaunchpad bug 1918945 in OpenStack Compute (nova) "Nova API fails with 500s when called with non-project-scoped keystone tokens" [Undecided,New]15:33
dansmithlbragstad: sweet15:33
*** macz_ has joined #openstack-nova15:35
*** macz_ has quit IRC15:36
sean-k-mooneylbragstad: that is kind fo expected depending on what you are calling15:37
*** macz_ has joined #openstack-nova15:37
sean-k-mooneylbragstad: server create for example should not work wit15:37
sean-k-mooneydomain or system tokens15:37
lbragstadsean-k-mooney yeah - i don't expect it to work15:37
lbragstadi just didn't expect a 50015:37
dansmithsean-k-mooney: it's failing in object field validation,15:37
sean-k-mooneyit should be a 400 or 40315:37
dansmithwhich is...not the right place :)15:37
sean-k-mooneyyep agreed15:38
sean-k-mooneywe should be handeling it in the policy check level or similar in the api15:38
dansmithyeah I think we probably need a decorator on anything that might create resources to @require_project or something15:39
dansmithbecause I think even with something like instance shutdown, we might go to write an instance action record and fail if we have no project :(15:39
dansmithI haven't looked at that yet, but.. there's likely a lot of potential for those types of things15:39
*** ociuhandu has joined #openstack-nova15:47
gibistephenfin: I have couple of things in the func test for the vdpa https://review.opendev.org/c/openstack/nova/+/78011215:50
stephenfingood timing - I was just fixing the test failure15:50
*** jangutter has quit IRC15:51
gibiohh, I only run the vdpa test locally not the whole suite15:51
gibigood that we have the CI :)15:51
*** jangutter has joined #openstack-nova15:51
stephenfinyeah, me too /o\15:52
gibisean-k-mooney: I will look at the ops blocking patch before I go to bed today. Now I have to step out before the curfew15:52
sean-k-mooneygibi: im still working on it so it may or may not be ready but hopefully will15:53
sean-k-mooneyill push what i have before the end of the day but might need more time to actully get test for all of them15:53
*** ociuhandu has quit IRC15:53
sean-k-mooneydansmith: we proably should be blcoking all isntace actions15:54
sean-k-mooneyat least for now15:54
dansmithsean-k-mooney: agreed15:54
dansmithsean-k-mooney: kinda makes me wonder what the point of system-admin is in a lot of cases, if they can't shutdown or migrate instances15:55
openstackgerritSylvain Bauza proposed openstack/nova master: Bump the Compute RPC API to version 6.0  https://review.opendev.org/c/openstack/nova/+/76145215:55
sean-k-mooneyif we actully add support for isntace been own by a domain or somethin later then cool but for now even our logging assuems user and project id15:55
dansmithI guess it's useful for aggregate type things15:55
bauzasdansmith: just provided a new rev for your nits15:55
bauzasand will work on a new rev for trying to only accept >=5.12 on Monday15:56
sean-k-mooneydansmith: we might be able to support some of them but things like volumn attach might be weried15:56
dansmithbauzas: yeah, was replying when I noticed...15:56
gibisean-k-mooney: ack15:56
sean-k-mooneywell actully not volumn atach snap shot is a better example15:56
dansmithsean-k-mooney: yeah, I mean all of neutron would have to support this as well15:56
sean-k-mooneyif a system-admin creates a snapshot who would own it15:57
dansmithsean-k-mooney: yep15:57
dansmithsean-k-mooney: the slop becomes slippery quite fast15:57
dansmith*slope15:57
*** k_mouza has quit IRC15:58
sean-k-mooneydo we have a topic for the ptg for outstanding RBAC tasks15:59
*** dklyle has joined #openstack-nova15:59
sean-k-mooneyor do you think we will punt on domain users other thne fixing where it fails in Xena15:59
sean-k-mooneyor system for that mater15:59
*** LinPeiWen has quit IRC16:00
dansmithI dunno, I got the impression from lbragstad that domain users are not so widely used and maybe don't have a bright future16:01
sean-k-mooneywe would obviously need a spec to alter the api to support them but not sure we coudl do that without collaberating with other peoject too to line everything up16:01
sean-k-mooneydansmith: i think only keystone has support for them today16:01
dansmithyeah I kinda .. don't want to do that16:01
dansmithcoming up with a strategy for what to do if a sysadmin does an instance migrate is one thing,16:02
sean-k-mooneybut no one else16:02
gmannyah domain is in keystone noly afaik16:02
lbragstadkeystone uses them - but it's unclear if other projects will fully adopt them16:02
dansmithbut making sysadmin able to create and snapshot instances, not so much16:02
sean-k-mooneyif i was to summerise. operation that create/consume reousces proably are not easy/desireable to support but other operations that change state of exising resouce may be ok16:03
sean-k-mooneyfor system admin that is16:04
dansmithsean-k-mooney: as a future goal, yeah.. as a short-term bug, probably need to just validate and reject anything related to instances16:04
dansmithaggregates are fine, service actions are okay, etc16:05
sean-k-mooneygmann:lbragstad: any of that ^ shocking or concerning to you ?16:05
sean-k-mooneyor was that also what ye were expecting. its more or less where my mind is at too16:06
lbragstadsorry - catching up16:06
sean-k-mooneynot that i have spent that much time thinking about it16:06
lbragstadok - so domains16:06
*** ociuhandu has joined #openstack-nova16:07
lbragstadsince domains are containers of projects, i can see a case where calling GET /v2.0/servers with domain-scoped token would yield all servers across all projects within that domain... but,16:07
dansmithsure16:07
lbragstadyou can also tell keystone to inherit a domain role assignment to all containing projects16:07
gmannbut system admin can also do same right?16:07
lbragstadin which case, you do that and it works today16:07
lbragstadand then nova doesn't have to fetch a hierarchy of projects from keystone - at least not right now16:08
dansmithnot sure how that will yield nova showing you all instances in your sub-projects,16:09
dansmithbecause we would have to filter for multiples16:09
dansmithwe could do it (hence the sure) but I think we'd need the hierarchy16:09
lbragstadright - i think so, too16:09
lbragstadwhich nova doesn't support today16:10
lbragstadafaict16:10
dansmithright16:10
lbragstadand that might just seem like a lot of extra processing16:10
dansmithyou said "works today" so wanted to clarify16:10
dansmithyes16:10
sean-k-mooneydid we talk about keystone midelware portentaly being able to provide us with the set of projects16:10
lbragstadwhat i meant there was that that same domain-admin could have an inherited role assignment on all containing project (this works today in keystone)16:10
lbragstadallowing them to get project-scoped tokens for each project within their domain16:11
dansmithdomain admin is really a side thing though, right? unrelated to system_admin and no current focus on supporting it16:11
lbragstaddansmith correct - imho domain-support is on the back-back-burner16:11
*** k_mouza has joined #openstack-nova16:11
sean-k-mooneyso with keystone domains today you can have full admin on a subset of a cloud right and create falvors and such16:11
dansmithack, so back to sean-k-mooney's question about how to handle system admin16:11
gmannyeah, i am also not so clear on use case of it16:12
lbragstadso - so for system-scope, here are my thoughts16:12
lbragstadi was open to leaving it up to the service to determine if they allow system-users to create resources within projects - but it would absolutely require an alternative method for supplying the project_id16:13
lbragstad(e.g., like what glance does with the owner property in the request body)16:13
dansmithI just don't think providing a project_id for every operation is reasonable16:13
dansmithan *alternate* project_id I mean16:14
sean-k-mooneyneutorn added suport for project_id for networks and some other reseouce i htink16:14
lbragstadmy firm opinion is that i think it would be a bad idea if nova, for example, started using fake project ids to continue allowing system-administrators to create servers on behalf of other users16:14
gmannyeah, we required that for create server on specific host use case but that could be achieving by opening the policy for get hypervisors and project admin or so do it16:15
gmannlbragstad: is there any plan to support system-ids in system scope token instead of 'all' ? i remember that was original proposal for system scope.16:15
sean-k-mooneyi could maybe see this being done via midelwhere. where keystone alloed a system-admin toek to be create with a project_id16:15
lbragstador - if servers could be created under a project called 'system' or something liek that16:15
gmannor that was dropped ?16:15
openstackgerritLee Yarwood proposed openstack/nova stable/rocky: [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook  https://review.opendev.org/c/openstack/nova/+/78028616:15
sean-k-mooneyand then we would use that in nova as if it was a poject token16:15
lbragstadgmann not dropped - just not enough time to implement it16:16
dansmithmaybe this is a dumb question, but if I have sysadmin powers and I want to create an instance for someone, can't I get a project token for that project before I create it?16:16
gmanni see16:16
sean-k-mooneylbragstad: basically allow one token type to issuee a lesser scoped token16:16
lbragstaddansmith yes - exactly16:16
gmanndansmith: yes16:16
gmannsame way for project user,16:16
dansmithlbragstad: okay so system-scoped tokens need not be able to create resources directly right?16:16
lbragstadif you're an admin - you have access to all of keystone's role assignment API16:16
gmannif they want some system info in their operation then get system token or so..16:16
sean-k-mooneylbragstad: can you do it with out updateing asignemnt16:17
sean-k-mooneylbragstad: e.g. can i use a system admin credential to issue a proejct scoped token directly16:17
*** ociuhandu has quit IRC16:17
sean-k-mooneywithout assing a rule to myslef in the project16:17
lbragstaddansmith correct - i think we'd really need to think through the ramifications of doing that consistently if we decided to open that up16:17
sean-k-mooney*role16:17
lbragstadsean-k-mooney no16:17
sean-k-mooneyso that would be a non invasive way to do it16:18
lbragstadbut it would bypass keystone's delegation mechanism16:18
sean-k-mooneyjust adding proejct member and create a project toeknb does not feel like an improvment over what we have today16:18
dansmithlbragstad: I would much rather make sure system admins (the people) can get a token to do what they need in a project, vs make every operation take a project (i.e. osc server stop --project $foo)16:18
lbragstadwhich may have adverse side-effects on auditing16:18
openstackgerritLee Yarwood proposed openstack/nova stable/queens: [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook  https://review.opendev.org/c/openstack/nova/+/78028716:19
lyarwoodelod: ack sorry irc dropped, looking now16:19
sean-k-mooneylbragstad: well im thinki of it kind of like app crentials16:19
lyarwoodelod / melwitt ; https://review.opendev.org/q/I1d029ebe78b16ed2d4345201b515baf3701533d5 - btw that should sort the remaining ceph jobs out16:19
sean-k-mooneyi have a super set of permision acroos all doemains/proejct as a system admin16:19
lbragstadsean-k-mooney application credentials are currently tied directly to projects and by default prevent you from using them to bypass authorization16:20
sean-k-mooneyso i should be able to create a scoped token of a different type16:20
sean-k-mooneylbragstad: this would not be a bypsss though16:20
sean-k-mooneyit would be a explict keystoen feature to allow higer privladge tokens ot issue a lower coped token16:20
sean-k-mooneybut it sound like that cant be done with keystone current delegation design16:21
dansmithsounds like we should figure  out what we need to do for W to not return 500 and  then have a video conf about this right?16:21
dansmithi.e. ptg16:21
sean-k-mooneyyep proably or wait for our PMs to say we need to support it16:21
lbragstadyeah - introducing a new way to delegate authorization makes me nervous without thinking through it over a longer period of time16:22
lbragstadagree - a video call would help16:22
dansmithwe clearly need to understand what the expected usage pattern is, how that will or won't work and go from there16:22
gmannyeah16:22
lbragstadfor now though - a system-admin can explicitly give themselves access to a project and do whatever they need to16:23
dansmithbecause it seems like there's maybe some confusion here (more than just my ignorance)16:23
sean-k-mooneylbragstad: right but today they dont have too16:23
sean-k-mooneylbragstad: i do not need to be a meber of a project as a system admin to stop a vm16:23
dansmithlbragstad: ack, so cutting off resource create for them makes sense for the 500 case currently16:23
lbragstadok- so in that case16:24
lbragstadif i'm an admin on project `admin` and i use my token to stop a vm in project `foo`16:24
lbragstadwhat does nova do with my `admin` project id?16:24
sean-k-mooneyfor vm stop we just need the vm uuid but if we look in the logs we likely will log the action as done by the admin project16:25
gmannso it will be 403 right?16:25
sean-k-mooneyno it should be a 20016:26
gmannwith new default project_id is compared for all16:26
dansmiththe action has a project_id, I'm looking to see where we get it from, but normally it's context16:26
dansmithbecause it's the person doing the action16:26
dansmithso that would mean system_admin has to be refused16:26
gmannsystem admin case there is no proejct id so would not be compared16:26
dansmithwhich means they can't shut down an instance16:27
gmanni mean system admin power for all projects16:27
gmannthey can16:27
sean-k-mooneyim going to chefck it now16:27
gmanni mean with our current default policy, system admin can stop any instance, project member/admin can stop their own instance16:28
dansmithhttps://github.com/openstack/nova/blob/ab07507e5cfce6232fef373d07ff92ea704541da/nova/objects/instance_action.py#L56-L6316:28
sean-k-mooneygmann: that is what im expecting16:28
dansmithgmann: they can't16:28
dansmithgmann: if their project_id is going to be None, they will not be able to create an InstanceAction16:28
dansmithwhich likely will fail before we even begin the call to stop the instance16:29
gmannah i see, they fail later even pass the policy...16:29
dansmithright16:30
dansmiththis is what I'm saying,16:30
dansmithlooots of stuff in nova will not allow (or break) if project_id is None,16:30
dansmithand fixing all of that seems silly to me16:30
sean-k-mooneyi just did it with horzon16:30
gmannah yeah, same case of "POST server" by system16:30
dansmithI'd rather say "no tenant-isolated resource manip if you're a system_admin with no project"16:30
sean-k-mooneyit shut down fine16:30
dansmithyou have to get a project-scoped token to do those things16:30
melwittlyarwood++ thanks for getting that all fixed up. will go through and review16:30
sean-k-mooneyso i create a vm on my k8s project, remove my user form that proejct and then stoped it from the admin view in horizon16:31
lbragstadsean-k-mooney are you using a system-scoped token though?16:31
dansmithsean-k-mooney: is horizon using a system-scoped token where context.project_id is None?16:31
sean-k-mooneyno the old style ones16:31
dansmithbecause that's the new thing here16:32
dansmithright, so that's not the problem16:32
gmannI do not think Horizon use system scope token16:32
gmannyeah16:32
lbragstadcorrect - they're still working on it16:32
sean-k-mooneymy point is system scoped tokens should work identiclaly to that16:32
dansmiththey don't16:32
sean-k-mooneythen that a problem16:32
gmanndansmith: i agree on not putting project_id in all such APIs request body16:32
dansmithsean-k-mooney: did you look at the bug?16:32
sean-k-mooneyyes and i suspect i know why it does not work16:32
dansmithsean-k-mooney: it's pretty gruesomely obvious with the project_id=None being.. a big deal16:32
dansmithgmann: ++16:33
gmannyeah, if API operate on project_id form context then system token is not useful16:33
sean-k-mooneyyep16:33
gmannwhich is our most server APIs/action16:33
sean-k-mooneyunless we can populate the context in some way16:33
gmannbut some of them we might be able to make it work if we use 'id' itself instead of context16:34
gmannlike in stop sevrer case,16:34
gmannexcept POST server, we should be able to fix those right?16:34
dansmithwell, I suggested one way is to have a default project id in config that we use for system-scoped tokens, but even still, that's pretty gross16:34
sean-k-mooneyi dont like that but maybe16:35
dansmithI don't either16:35
gmannyeah16:35
sean-k-mooneyi would prefer to have a midelware level populatie it16:35
dansmithwhich is why I'd rather say that you can't dick with an instance as a system admin16:35
dansmithyou have to get a token16:35
sean-k-mooneythat is why i was suggesting the new token delegation flow16:35
dansmithsean-k-mooney: populate it with what? doesn't matter where it comes from.. if the user doesn't have a project.. you need to fake it or reject16:36
sean-k-mooneye.g. sudo give me a project token16:36
dansmithright16:36
dansmiththat is what I think needs to happen16:36
gmannlbragstad: when we said system_id things, does system)id means some project id? or some new logical system ids16:37
lbragstadtoday?16:37
lbragstadtoday system means a super special string 'all'16:37
gmanni mean in old design when keystone thought on system_id16:37
gmanninstead of 'all'16:38
lbragstadwe never had the 'system' construct in the old days?16:38
lbragstadif i'm understanding your question16:38
lbragstadwe just used the 'admin' role for everything and didn't evaluate tenancy16:38
sean-k-mooneylbragstad: i think the direction gmann was going was coudl we stash a project id in it16:39
gmannlbragstad: i mean if system_id is supported then what it will be like ? some new project id or a new system id generated16:39
lbragstadoh- ok16:39
lbragstadi *could* be a service ID, in the future16:39
gmannsean-k-mooney: i was thinking like this -  context.project_id or context.system_id way ?16:39
sean-k-mooneylbragstad: its ment to be like compute, storage or networking16:39
lbragstadso - i could do something like $ openstack role add --user sean-k-mooney --system compute admin16:39
lbragstadright16:40
lbragstadso - then sean-k-mooney can manage nova, but can't add users to keystone16:40
*** belmoreira has quit IRC16:40
lbragstador create public images in glance16:40
lbragstadit would allow us to implementing constrained RBAC16:40
dansmithdoes that mean system_id holds an actual project, or is system_id something else?16:40
lbragstadsystem_id could be a service ID16:40
lbragstadbut not a project ID16:40
dansmiththat seems bad to me,16:40
lbragstadthe service ID seems bad?16:41
lbragstador the project ID seems bad?16:41
gmannyeah but then we lose the concept of system vs project in nova ight?  at least if we end up asking giving project token a sysmte role16:41
dansmithbecause then if I'm going to try to audit "who shut down my instance" and I query for a project matching that ID, there is no project, right?16:41
sean-k-mooneyits really jsut a sting as proposed today16:41
sean-k-mooneythe porject would also need to have the same string in there policy right16:41
sean-k-mooneye.g. we would have to tag all the compute apis as part of the compute system16:41
lbragstadtoday - the system scope policies don't understand that concept, but neither does keystone16:41
gmannyeah16:42
lbragstadagain - i'm talking way down the road16:42
lbragstadbut it might be important before we get to that point and realize projects are using system by overloading it with project information16:42
lbragstaddansmith yeah - in that case, you'd need to query the projects and service16:43
lbragstadservices*16:43
dansmithlbragstad: well, we call it a project_id, so you just "need to know" that it could be either right?16:44
gmanndansmith: sean-k-mooney why we cannot remove the project_id = context.project_id from here ? https://github.com/openstack/nova/blob/ab07507e5cfce6232fef373d07ff92ea704541da/nova/objects/instance_action.py#L6016:44
gmannat least that will allow action APIs to eb operable form system and keep project_id in instance same as old16:45
lbragstadyeah - so you're saying it could be an actual project_id or a service_id (assuming all that work actually happens in keystone)16:45
dansmithgmann: we have to do it everywhere16:45
dansmithgmann: and, it hides who did the thing16:45
gmannyeah, that is some work we have to do16:45
dansmithgmann: that object is for auditing, and if we just lie about who shut down your instance, that's... like, bad and stuff? :)16:45
gmanndansmith: we can add some specific field of shut_down_by= and 'system admin' if system admin does16:46
dansmithgmann: -2 on that :)16:46
dansmithall of this comes because we have project-scoped resources, and now we have this user that is in "no project"16:47
gmanni mean at some stage we have to consume system admin info in resources DB or so16:47
lbragstadwould nova be opposed to a mutually exclusive group for project_id|system_id?16:47
dansmithwhich is why I think we shouldn't allow you to act on project-scoped resources with out.. some sort of project scope :)16:47
gmannbut that shrink the system token use.16:48
gmannor the overall purpose16:48
dansmithwhy not just give all system admins a single project? we can still use the system-admin part to authorize, but then we have a project_id to account for things16:48
gmanni will say system_id we should add and then do context.project_id or context.system_id16:49
gmannor mutual exclusive as lbragstad mentioned before16:50
sean-k-mooneyi think we need 1 coffee 2 a whiteborad or virtual alternitve and 3 verbal realtime comunication16:50
dansmithyes, I would really like to do this via voice16:51
sean-k-mooneyand just fix the bug to fail eailer untile ^16:51
gmannyeah, +1 on voice call16:51
* lbragstad nods16:51
sean-k-mooneyi think the main issue is what keysotn is provideign via this mechanim is not how i woudl expect RBAC to work from other systems i have looked at16:52
lbragstadsean-k-mooney can you give me some example references for how you expect this to work? i'd like to dig into those16:52
sean-k-mooneyim not sure i can directly. i was more thinkin of a set of scope privalge delegations rather then 3 indipened types of tokens16:54
sean-k-mooneye.g. i was still expectin git to be possibel to create a singel system token that could be used like the old admin role16:55
sean-k-mooneybut that cant be done as far as i can see16:55
dansmithso in kerberos,16:55
dansmithI can use my same account to get a token, an admin token, and I think a token in any group I have access to right?16:55
dansmithit's been a long time for me, but..I think that's right16:55
sean-k-mooneyby the way i was thinking of my litel experince with oath216:55
sean-k-mooneydansmith: i think so an di was expecting to be able to do something similar16:56
dansmithI would expect that if I have sysadmin powers, I should be able to effectively newgrp my way into any project to make a request as that project, without having to add myself to that project16:56
dansmithsean-k-mooney: right, that's how this should work IMHO16:56
dansmithdon't act like you have no affiliation, just allow system admins to have any affiliation they want that makes sense16:56
sean-k-mooneybasicaly i was hopeing for an "openstack token issue -type project -id <whatever>"16:57
*** lucasagomes has quit IRC16:57
dansmithEXACTLY16:57
dansmithEFFING EXACTLY what I've been trying to say16:57
sean-k-mooneythen my user would still be me for audinging16:58
dansmithEFFING EXACTLY16:58
sean-k-mooneybut the project in the contex would be the one that was specifed16:58
dansmithassuming you mean "auditing" :)16:58
dansmithright16:58
sean-k-mooneyhehe yes16:58
sean-k-mooneyseanspeak is flexible16:58
elodlyarwood: thank you both for checking the release patches and backporting your gate fixing patch! \o/16:58
gmannbut how you handle for multiple project token issue needed16:58
dansmithand I left my decoder ring in the other room16:58
dansmithgmann: not sure what you mean.. when do you ever do one thing as two projects?16:59
gmanni mean as system admin i want multiple project resource to operate16:59
sean-k-mooneyin one api call?17:00
gmannno independent17:00
lbragstadgmann like listing all instances in a deployment?17:00
dansmithlbragstad:  no that's different17:00
gmannand without storing or passing projct_id in request17:00
sean-k-mooneythat we can support directly with a system_admin token17:00
dansmithgmann: you get a token before each call, just like you would in unix: newgrp teamA; do thing; newgrp teamB; do thing17:01
gmannhummm, i think let's do voice call17:01
dansmith++ voice call :)17:01
sean-k-mooneylbragstad: anyway i hope you see where i was coming form17:02
sean-k-mooneybetter go work on the last vdpa patch17:02
lbragstadsean-k-mooney yep - i think i get the general idea17:02
gmanndansmith: sean-k-mooney lbragstad added this in ptg etherpad too (L213)- https://etherpad.opendev.org/p/nova-xena-ptg17:06
gmannwhen we can have voice call before ptg?17:07
sean-k-mooneyi would suggest not until after RC117:08
gmannsure,17:09
*** ociuhandu has joined #openstack-nova17:11
dansmithyep, a pre-call would be good17:12
dansmithpost-RC1 seems good17:12
lyarwoodelod: np :)17:18
lyarwoodelod: thanks for sorting the releases out17:18
lyarwoodgmann: https://review.opendev.org/c/openstack/tempest/+/775630 - would you mind hitting this to unblock https://review.opendev.org/c/openstack/nova/+/70870117:21
openstackgerritStephen Finucane proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011217:25
openstackgerritStephen Finucane proposed openstack/nova master: WIP: tests: Make mdev stubs work like vDPA  https://review.opendev.org/c/openstack/nova/+/78023417:25
stephenfingibi: Thanks for the review. That should be good to go now ^17:26
*** vishalmanchanda has quit IRC17:26
*** jangutter has quit IRC17:26
*** jangutter has joined #openstack-nova17:27
*** tesseract has quit IRC17:27
gmannlyarwood: sure checking17:29
lyarwoodgmann: thanks17:33
gmannlyarwood: +A17:34
openstackgerritStephen Finucane proposed openstack/nova master: docs: Document UEFI secure boot feature  https://review.opendev.org/c/openstack/nova/+/77668417:42
*** ociuhandu has quit IRC17:43
stephenfinmelwitt: lyarwood: Collective nits addressed ^17:43
*** ociuhandu has joined #openstack-nova17:44
lyarwoodstephenfin: ack LGTM17:48
stephenfinthanks17:48
*** k_mouza has quit IRC17:48
*** ociuhandu has quit IRC17:49
kashyapstephenfin: How come emulated-tpm.rst got touched?17:50
* kashyap clicks17:50
kashyapThis bit https://review.opendev.org/c/openstack/nova/+/776684/9/doc/source/admin/emulated-tpm.rst#b4117:50
stephenfinkashyap: I copied the "show me the trait" snippet from that for the secure boot guide and both lyarwood and melwitt suggested changes to it, so it made sense to fix the original source also17:51
stephenfin*suggested changes to the secure boot variant of the snippet17:51
kashyapstephenfin: Ah, right; just now caught up w/ Mel's comments17:52
kashyapstephenfin: Fair enough.   I just rubbing my eyes twice to see if I something else17:52
kashyaps/just/was/17:52
* kashyap --> hungry & grumpy; back later17:55
*** ralonsoh has quit IRC17:55
*** gyee has joined #openstack-nova17:59
*** spatel_ has quit IRC18:02
*** sapd1 has quit IRC18:02
*** artom has quit IRC18:06
*** derekh has quit IRC18:07
*** artom has joined #openstack-nova18:08
*** dtantsur is now known as dtantsur|afk18:10
*** ociuhandu has joined #openstack-nova18:10
*** hamalq has joined #openstack-nova18:14
openstackgerritMerged openstack/nova master: apidb: Compact Stein database migrations  https://review.opendev.org/c/openstack/nova/+/75940618:20
openstackgerritMerged openstack/nova master: pci: implement the 'socket' NUMA affinity policy  https://review.opendev.org/c/openstack/nova/+/77277918:21
*** k-s-dean has quit IRC18:21
artom\o/18:22
*** smcginnis has quit IRC18:25
*** smcginnis has joined #openstack-nova18:30
*** jangutter_ has joined #openstack-nova18:30
*** jangutter has quit IRC18:34
sean-k-mooneyoh finally18:38
sean-k-mooneystephenfin: why are you creating device of dev_type='VF'18:41
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova/+/780112/4/nova/tests/functional/libvirt/test_pci_sriov_servers.py#73818:41
*** ociuhandu has quit IRC18:41
stephenfincos each vDPA device is associated with a VF?18:42
sean-k-mooneyfor a start that should be dev_type='type-VF' no if you wanted VFs but in this case it should be dev_type='VDPA'18:42
stephenfinno, that's not creating a PciDevice object18:42
stephenfinthat's creating fake libvirt xml18:42
sean-k-mooneyright18:42
sean-k-mooneywe dont have VF object for the VDPA devices18:42
*** ociuhandu has joined #openstack-nova18:43
stephenfineach vdpa device has a '<parent>' element18:43
sean-k-mooneyin the DB we will have rows of dev_type='type-PF' and dev_type='vdpa'18:43
sean-k-mooneystephenfin: yep but we dont have VFs in the db18:44
stephenfinYeah, I know. Again, I'm not creating PciDevice objects here18:45
stephenfinthat's just generating libvirt XML for a number of VFs18:45
stephenfinwhich we do have18:45
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova/+/770533/12/nova/virt/libvirt/host.py#123618:45
stephenfine.g. 1 PF, 4 VFS, and 1 vDPA dev per VF18:45
sean-k-mooneyis this generating the nodedev xmls18:45
stephenfinyes18:46
stephenfinand then we let the libvirt driver generate the PciDevice objects18:46
sean-k-mooneyok so not the data rutrined by _get_pcidev_info or the PciDevice objects18:46
stephenfinno18:46
stephenfinso I'd expect to see see five devices in the database18:47
stephenfinone with type-PF, because I'm whitelisting that18:47
stephenfinand four with 'vdpa'18:47
sean-k-mooneyyes18:47
stephenfinwe can expand the test to verify that if you like. That would be a good addition18:47
sean-k-mooneyno i just want to fiture out how to reuse18:47
sean-k-mooneythis18:47
*** ociuhandu has quit IRC18:47
sean-k-mooneyi want to create 1 PF and 1 vdpa device18:48
sean-k-mooneycan you tell me how to do that18:48
stephenfinyou'll want to copy lines 722 - 75118:48
stephenfindrop the for loop18:48
stephenfinand replace idx with '1'18:48
stephenfinsorry, 018:48
sean-k-mooneywhat lines?18:49
stephenfinso what that'll do is generate 1 PCI device with PF caps, 1 PCI device with VF caps, and 1 vDPA device18:49
stephenfinhttps://review.opendev.org/c/openstack/nova/+/780112/4/nova/tests/functional/libvirt/test_pci_sriov_servers.py#72218:49
stephenfinfrom 'pci_info.add_device('18:49
sean-k-mooney oh your looking at a differnt version then i was18:50
stephenfinah yeah, I fixed the broken tests and gibi's comments18:50
stephenfinso that is complete now18:50
stephenfinI think18:50
sean-k-mooneyso dev_type PF is not a thing right it should be type-PF that is the value of the constant18:50
sean-k-mooneyPF is not a valid PF18:50
sean-k-mooney*dev_type value18:51
sean-k-mooneyhttps://github.com/openstack/nova/blob/master/nova/objects/fields.py#L753-L76118:51
sean-k-mooneywhich is what the pcidevice object uses https://github.com/openstack/nova/blob/63bba50f4336f4b8bf0609b0cbe4717e5d0591d7/nova/objects/pci_device.py#L11218:52
stephenfinwe're not generating PCI devices here18:52
stephenfinthat's just a marker we use to tell the fakelibvirt fixture what type of fake XML to generate18:53
stephenfinhttps://review.opendev.org/c/openstack/nova/+/780112/4/nova/tests/unit/virt/libvirt/fakelibvirt.py#34018:53
stephenfinwe could also pass 'MDEV_TYPES', in which case it would generate XML for a PCI device with mdev capabilities18:53
sean-k-mooneyugh ya18:53
sean-k-mooneywe really should not use those contansts though18:53
sean-k-mooneycan we make them the same as the real ones18:53
sean-k-mooneyi guess we have been using these like this for a while18:54
stephenfinNot really, because we'd need a way to indicate mdevs18:54
*** andrewbonney has quit IRC18:54
stephenfinfor XML generation purposes18:54
sean-k-mooneyi ocationllay modify this but its really annoying that we have PF and type-18:54
sean-k-mooneytype-PF18:54
sean-k-mooneyya im going to sotp using the pci_info as the name18:55
stephenfinI'd rather we moved away from passing the type and instead had e.g. 'add_pci_device', 'add_pci_device_with_mdev', 'add_pci_device_with_vf' etc. helpers18:55
stephenfinthat would be clearer IMO18:55
sean-k-mooneyya18:55
stephenfinThat would be a good follow-up, but I think my changes there are already too invasive without tacking on even more18:56
sean-k-mooneyalthoguh i still want fakelibvirt.HostPCIDevicesInfo( num_pci=0, num_pfs=1, num_vfs=0, num_vdpa=2)18:56
stephenfinby all means, go for it. It should be relatively easy to add18:57
stephenfinI only had one caller so I stuck with explicit18:57
stephenfinif we've got more, we can make it more generic18:57
sean-k-mooneyim finding it quite hard to follow what that test is doing if im honest18:58
sean-k-mooneyespcailly the         self.stub_out(18:59
sean-k-mooney            'nova.virt.libvirt.guest.Guest.create',18:59
stephenfinthat's a pattern I copied from the SR-IOV test. I want to inspect what the XML being used to create the guest is18:59
sean-k-mooneyis vdpa_info.add_device(f'vdpa_vdpa{idx}', idx, vf)18:59
stephenfinso I'm spying on it18:59
sean-k-mooneywhat makes it a vdpa device18:59
sean-k-mooneyright but i dont think we should be doing that in this test19:00
sean-k-mooneyor at least i dont think my test should do that19:00
stephenfinno, yours shouldn't. We only need it once19:00
stephenfinit's just to make sure everything is wired up correctly19:00
sean-k-mooneyright i would not have put that in the basic create19:00
sean-k-mooneyi would have put that explicy in its own test19:00
stephenfinI didn't want two tests that did the exact same thing and only changed what they were looking at19:01
*** MrClayPole has quit IRC19:01
stephenfinIf I had another test for e.g. resizing, I wouldn't bother with this19:01
stephenfinI just want to make sure what we're handing off to neutron and libvirt is correct19:02
stephenfini.e. black box testing, looking at only at the inputs and outputs (from the nova service to other services)19:02
sean-k-mooneyyep i know anyway i think i have figured out what is needed an not thanks19:03
sean-k-mooneystephenfin: it just a case of you are asserting two thing in one test and i was trying to fiture out what was the minium i needed19:03
*** MrClayPole has joined #openstack-nova19:03
stephenfingotcha19:03
stephenfinyeah, to recap you don't need the libvirt spy19:03
stephenfinnor do you really need to look at the neutron requests19:04
stephenfinor PCI device counts in the DB19:04
stephenfinjust create a port, create a server, and then try your various and see that they're correctly rejects, I guess?19:04
sean-k-mooneyand i should not need to pass the libvirt and qemu version explictly either19:04
sean-k-mooneysince you are passing the default19:05
* gibi is back for a round of review :)19:05
stephenfinyou will19:05
stephenfinthe FakeLibvirtFixture defaults to the minimums19:05
stephenfinwhich are too low19:05
sean-k-mooneyoh ok19:05
stephenfinsean-k-mooney: btw, the 'test_vtpm' module has examples you can use19:05
sean-k-mooneyi though it was max19:05
stephenfine.g. test_live_migrate_server19:06
stephenfintest_shelve_server19:06
sean-k-mooneyi have some working19:06
sean-k-mooneyya19:06
stephenfingreat :)19:06
sean-k-mooneyill take a look19:06
sean-k-mooneyim trying to use/extend the integrated helpers19:06
sean-k-mooneyso added attach/detach interface with calls to the fakenotifier to wait19:06
sean-k-mooneythat kind of thing19:07
sean-k-mooneyfor shelve i think we already have that there19:07
*** ociuhandu has joined #openstack-nova19:12
openstackgerritMerged openstack/nova stable/ussuri: Prevent archiving of pci_devices records because of 'instance_uuid'  https://review.opendev.org/c/openstack/nova/+/76097719:14
gibistephenfin: thanks for the update of the vdpa func test, it looks good now19:16
*** spatel has joined #openstack-nova19:17
*** ociuhandu has quit IRC19:17
sean-k-mooneystephenfin: what did you fix between v3 and v419:22
sean-k-mooneyi might need to rebase my patch to pick up the v4 changs19:23
sean-k-mooneyya you changed enough that i should19:25
*** jamesdenton has quit IRC19:26
*** jamesdenton has joined #openstack-nova19:27
sean-k-mooneyone thing that is confusiton me is i am seeing different pci address then i expect to see19:28
*** belmoreira has joined #openstack-nova19:41
*** zzzeek has quit IRC19:45
*** ociuhandu has joined #openstack-nova19:46
*** zul has quit IRC19:46
*** zzzeek has joined #openstack-nova19:46
*** k_mouza has joined #openstack-nova19:49
*** k_mouza has quit IRC19:54
*** ociuhandu has quit IRC20:01
*** ociuhandu has joined #openstack-nova20:01
sean-k-mooney.... stephenfin  before i rebased on v4 of you patch my 2 test passed and my first test failed20:04
sean-k-mooneyafter my first test passed and my second test failed20:04
sean-k-mooneyand i did not notice fo the last hour and was editing the wrong thing20:05
*** macz_ has quit IRC20:28
*** macz_ has joined #openstack-nova20:28
openstackgerritMerged openstack/nova master: apidb: Compact Train database migrations  https://review.opendev.org/c/openstack/nova/+/77142020:38
lbragstadsean-k-mooney gmann not that you need to do anything with this now, but i had to start getting ideas on paper from today's discussion - https://etherpad.opendev.org/p/consuming-system-scope20:47
sean-k-mooneycool ill book mark it20:47
*** ociuhandu has quit IRC20:47
sean-k-mooneyone thing i tought about afer is when issuing the token we might also want to list the roles20:48
*** ociuhandu has joined #openstack-nova20:48
sean-k-mooneyso you had openstack token issue --os-cloud system-admin --for-project foo20:49
sean-k-mooneybut we might want  "openstack token issue --os-cloud system-admin --for-project foo --roles project_member"20:49
openstackgerritMerged openstack/nova stable/train: replace the "hide_hypervisor_id" to "hw:hide_hypervisor_id"  https://review.opendev.org/c/openstack/nova/+/76873620:49
*** ociuhandu has quit IRC20:53
*** belmoreira has quit IRC20:54
*** zzzeek has quit IRC21:04
*** zzzeek has joined #openstack-nova21:05
*** artom has quit IRC21:09
*** whoami-rajat has quit IRC21:13
*** ociuhandu has joined #openstack-nova21:19
sean-k-mooneyok i now have the block patch written jsut need to add doc and releasenote then ill push21:20
*** ociuhandu has quit IRC21:23
*** smcginnis has quit IRC21:38
*** smcginnis has joined #openstack-nova21:44
openstackgerritsean mooney proposed openstack/nova master: block unsupported actions with vdpa.  https://review.opendev.org/c/openstack/nova/+/78033321:45
sean-k-mooneygibi: stephenfin ^ proably need more work but that is basicly the blocker patch21:45
sean-k-mooneyi think i might be able to rewrite it to use the network info cache in some cases instead21:46
*** ociuhandu has joined #openstack-nova21:46
sean-k-mooneyof calling neutron but that is more or less what it will look like21:46
*** hoonetorg has joined #openstack-nova21:49
*** ociuhandu has quit IRC21:50
*** smcginnis has quit IRC21:53
*** ociuhandu has joined #openstack-nova21:54
*** ociuhandu has quit IRC21:59
*** ociuhandu has joined #openstack-nova22:05
*** ociuhandu has quit IRC22:09
*** ociuhandu has joined #openstack-nova22:22
*** ociuhandu has quit IRC22:36
openstackgerritMerged openstack/nova master: Add generate schemas tool  https://review.opendev.org/c/openstack/nova/+/76979622:42
*** amodi has quit IRC23:08
*** mgariepy has quit IRC23:21
openstackgerritmelanie witt proposed openstack/nova master: Add --task-log option to nova-manage db archive_deleted_rows  https://review.opendev.org/c/openstack/nova/+/78039523:21
*** mgariepy has joined #openstack-nova23:34
openstackgerritMerged openstack/nova master: nova-next: Start testing the q35 machine type  https://review.opendev.org/c/openstack/nova/+/70870123:38
« Thursday, 2021-03-11 Index Saturday, 2021-03-13 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!