Thursday, 2021-06-03

« Wednesday, 2021-06-02 Index Friday, 2021-06-04 »
*** artom has quit IRC00:00
*** artom has joined #openstack-nova00:24
*** rloo has quit IRC00:45
*** rloo has joined #openstack-nova00:46
*** rloo has quit IRC00:55
*** martinkennelly_ has quit IRC00:56
*** martinkennelly has quit IRC00:56
gmannmelwitt: replied on this - https://review.opendev.org/c/openstack/nova/+/762013/2/doc/source/configuration/policy-concepts.rst#22001:19
gmannmelwitt: I agree on your point. I will add the current limitation for force_host and requested_destination01:20
gmannzero_disk and external-network seems good. later one depends on neutron policy but that is open for project reader also01:20
opendevreviewGhanshyam proposed openstack/nova master: Remove PROJECT_ADMIN limitation from zero-disk and external-network policy  https://review.opendev.org/c/openstack/nova/+/79436001:37
gmannmelwitt: ^^01:38
opendevreviewGhanshyam proposed openstack/nova master: Improve policy doc for supported scope info  https://review.opendev.org/c/openstack/nova/+/76201302:18
gmannmelwitt: stephenfin ^^ updated02:18
*** whoami-rajat has quit IRC03:06
*** brinzhang has joined #openstack-nova03:25
*** brinzhang_ has joined #openstack-nova03:28
*** brinzhang has quit IRC03:28
*** vishalmanchanda has joined #openstack-nova04:29
*** abhishekk has joined #openstack-nova04:52
*** hemanth_n has joined #openstack-nova05:02
opendevreviewmelanie witt proposed openstack/nova master: Make test_refresh_associations_* deterministic  https://review.opendev.org/c/openstack/nova/+/79439605:06
melwittgmann: did you mean to remove the table when you went from PS2 to PS3? https://review.opendev.org/c/openstack/nova/+/762013/2..3/doc/source/configuration/policy-concepts.rst#b30705:10
melwittadded a comment on the review ^05:17
*** suzhengwei__ has joined #openstack-nova05:35
*** ralonsoh has joined #openstack-nova06:01
*** luksky has joined #openstack-nova06:13
*** slaweq has joined #openstack-nova06:16
*** kaisers has joined #openstack-nova06:18
*** kaisers_ has joined #openstack-nova06:35
*** kaisers has quit IRC06:42
*** whoami-rajat has joined #openstack-nova06:43
*** slaweq[m] has joined #openstack-nova06:50
*** slaweq has quit IRC06:57
*** david-lyle has quit IRC06:57
*** slaweq[m] is now known as slaweq07:15
*** andrewbonney has joined #openstack-nova07:18
*** tosky has joined #openstack-nova07:20
*** lucasagomes has joined #openstack-nova07:26
*** wenpingsong has joined #openstack-nova07:26
*** rpittau|afk is now known as rpittau07:34
*** lucasagomes has quit IRC07:38
bauzashmpf, reminder that we have an office hour in 15 mins , I guess07:44
*** XinxinShen has joined #openstack-nova07:53
gibiyes07:58
gibiin 2 mins :)07:58
gibiI'm almost ready to start07:58
*** martinkennelly has joined #openstack-nova07:58
gibi...07:58
*** martinkennelly_ has joined #openstack-nova07:58
gibi#startmeeting nova_extra08:00
opendevmeetMeeting started Thu Jun  3 08:00:16 2021 UTC and is due to finish in 60 minutes.  The chair is gibi. Information about MeetBot at http://wiki.debian.org/MeetBot.08:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.08:00
opendevmeetThe meeting name has been set to 'nova_extra'08:00
gibiwelcome o/08:00
suzhengwei__\o/08:01
XinxinSheno/08:01
gibi... waiting a minute to lets everybody join08:01
gibiSo a quick summary. We agree to have this meeting time slot one a Months in every first Thursday here in #openstack-nova08:03
gibis/one/once/08:03
gibibut we haven't talked about yet what would be a good format for it08:04
gibishould we go through the normal meeting agenda08:04
gibitalking about bugs, CI, release, stable,08:04
*** lucasagomes has joined #openstack-nova08:04
gibior just go with an open agenda, like in an office hour08:04
gibiwhat is the preference of the people present?08:05
gibiI can do both if needed08:05
suzhengwei__This is the first extra meeting. My colleague didn't prepare for it enough.08:07
gibisuzhengwei__: no worries08:07
suzhengwei__Open agenda will be all right.08:07
gibiIf no oppinions about the format then I would go with the simple open agenda08:08
gibisuzhengwei__: cool, then we are on the same page08:08
suzhengwei__ok08:08
gibiand we can change later if needed08:08
gibiI have one agenda point for today08:08
gibijust want to refresh the process we have in nova about the release08:09
gibiso we just had Milestone 1 last week08:09
gibithat that point of time there is no special deadline in nova08:10
gibithe next Milestone will happen in 5 weeks from now08:10
gibiat Milestone 2 we will do spec freeze08:10
*** derekh has joined #openstack-nova08:11
gibiit means that if you have open specs then you have to get merged before M2 or it will need to be re-proposed to the Y release during the autumn08:11
gibiI'm planning to have a spec review day before M208:11
gibisimilarly how we had such day before M108:11
gibithose features that got approved before M2 could be implemented and merged before M308:12
gibiat M3 we will have feature freeze08:12
bauzassorry for being late, got some issue with my laptop notification08:12
gibibauzas: no worried :008:12
gibi:)08:12
gibibasically this is the importnat deadlines08:13
gibithe exact dates are #link https://releases.openstack.org/xena/schedule.html08:13
gibiis there any question about these?08:13
suzhengwei__Got it.08:14
gibicool08:15
gibithat was what I prepared for today.08:15
bauzasnext open office hour would be around the spec freeze08:15
gibiIs there any topic you want to discuss?08:15
bauzasso, I have a concern08:16
gibibauzas: god point08:16
gibigood even08:16
gibibauzas: tell us08:16
bauzashow can we help contributors that are not in the nova meeting for their own specs ?08:16
bauzashow can we discuss ?08:16
gibibauzas: what problem do you see that we need to dicuss in a meeting? stuck reviews?08:17
bauzasand if we want to have priorities between some reviews, how could we know which ones ?08:17
bauzasgibi: my point is that sometimes it's nice to discuss directly in IRC when you have some spec questions08:18
gibisure08:18
gibibut it does not need to be a in the form of a meeting08:18
bauzasyup08:18
bauzasso, I wonder how we could help the contributors that aren't around in general08:18
gibistill if there is question now, I'm happy to hear them even during this meeting08:18
*** suzhengwei__ has quit IRC08:18
gibibauzas: I'm OK to do discussion primarily in the spec review08:19
*** suzhengwei has joined #openstack-nova08:19
gibiand if we hit a wall there then we can try to find a common time between the spec author and the reviewers to resolve08:19
gibithe block08:19
bauzasyup08:20
gibisuzhengwei, XinxinShen do you have a view on this?08:20
gibido you feel it is hard to discuss issues about the specs?08:21
bauzasin general, it takes more than one week08:23
bauzasfor example, when I review a spec, I provide some comment08:23
bauzasbut then the reply could be on the next day08:23
bauzasand then I'd only see it honestly by the end of the week08:24
suzhengweiIs this channel often open to all? I means if i want to get help, would someone react in time?08:24
bauzassuzhengwei: yes, in general, we do it this way08:24
suzhengweigood08:24
bauzassuzhengwei: for example, when I'm reviewing some gibi's spec, I'm pinging him08:24
gibisuzhengwei: it depends on the time zone. like I tend to be here between UTC 7:00 - UTC 17:00 on workdays08:25
bauzastelling him that I had some questions08:25
bauzasso, sometimes we directly discuss on IRC for a spec08:25
suzhengweicool08:25
bauzasbut like gibi said, we're both on the same TZ08:25
bauzasso it's simple08:25
gibisuzhengwei: I keep my client up during the night so I will see pings next day08:26
bauzasme too08:26
XinxinShencool, We should ensure that the spec author and reviewer can communicate in time.08:28
gibisuzhengwei: if you ping us, one thing to help is not just pinging but stating your problem right away08:28
suzhengweiyes08:29
suzhengweiI am doing some work about instance HA, and interested in the topic "Support vm evacuation while server status is suspended, paused".08:30
suzhengweiI wonder if some one has processed it.08:31
bauzasI still have open specs to look at08:31
suzhengweiIf not, I would like to do it.08:31
*** luksky has quit IRC08:31
gibisuzhengwei: interesting ideas08:31
*** luksky has joined #openstack-nova08:32
gibisuzhengwei: I think we don't support these today, but if with some compromise we could08:32
gibiwe will loose the in memory state of the paused instance but we could rebuild it still on another compute host08:33
gibiand if the source compute is dead already then the in memory state is lost anyhow08:33
suzhengweihost failure triggers evacuation. And active instance loose the in memory state too.08:34
gibisuzhengwei: yes, so I think it is OK to lose that for the pause instance too08:34
gibisuzhengwei, bauzas: does suspend saves some state to the disk?08:34
bauzasgood question08:34
bauzasI honestly don't have the answer straight out of my mind08:35
gibianyhow if it save something to disk and that disk is on shared storage then we might even recover that saves state on the destination host08:35
bauzasthe crucial bit to remember with instance HA is that the host is already done08:35
gibibut as a first step I would loose that too08:35
bauzasgone*08:35
gibibauzas: yepp08:35
bauzasso, yeah, ephemeral storage can't be somehow persisted08:35
gibiexcept if it is on shared storage ^^ ;)08:36
bauzasyou need to have either shared storage or volumes08:36
gibiyepp08:36
bauzasyeah, but in general, you need to assume a crash08:36
bauzasso any memory that's not synced is lost08:36
gibibauzas: yeah, this is why first I would assume that the suspended state is lost as well08:36
gibito avoid an inconsistent suspended state to be loaded08:37
bauzasif suspend stores on disk, we're ok08:37
bauzaskashyap: around ?08:37
kashyapbauzas: Mornin, yes08:37
kashyapHow can I be useful? :)08:37
bauzaskashyap: we are in office hour and we have a question about suspended instances08:37
* kashyap reads back08:38
bauzaswith the libvirt driver and qemu, what happens to the memory state when suspending ?08:38
bauzasdo we suspend on disk ?08:38
bauzasI'd be inclined to say so08:38
kashyapbauzas: gibi: Yes: suspend usually indeed means save-the-state-to-a-file-on-disk08:38
kashyapYour inclination is correct :)08:39
bauzasthe problem is that we can't tell whether the instance is on shared storage or not08:39
gibikashyap: and what do you think, moves such suspended state between compute host make sense?08:39
bauzasgibi: keep in mind evacuate is a rebuild08:40
kashyapgibi: You mean moving such suspended state between different compute hosts make sense?08:40
gibikashyap: yeaht that is my queston08:40
gibibauzas: in case of suspend we see the vm_state on the dest being suspended so we can look for the state file on the disk. if it is there then we know that it was on shared storage08:41
bauzasgibi: sure but then we leak the state of the host08:41
bauzasthis isn't predictable08:41
gibiOK, I agree this can be a can of worm08:42
gibisuzhengwei: in case of evacuating a suspended VM, is it OK to you to loose the suspended state?08:42
kashyapgibi: I need to think a bit more about it.  (libvirt has managedSave() API that does the suspend thingie, which already Nova uses.  So we have the primitives...)08:44
suzhengweiIf host down, active suspend instance both loose their memory.08:44
kashyapgibi: suzhengwei: What is the main use-case here?  The ability to start suspended instances on any compute host from a given pool?08:44
gibisuzhengwei: if you don't want to recover the suspended state that is saved to disk, then I think your proposal is pretty simple and straight forward08:44
suzhengweiInstance Ha, try best to recover the workload as much as possible.08:45
bauzasinterestingly, I found some nova admin docs https://docs.openstack.org/nova/latest/admin/node-down.html08:45
gibikashyap: we looked at it from evacuation perspective. VM is suspended to disk (on shared storage), the host dies, user evacuates VM08:45
kashyapgibi: I see; that makes sense08:46
bauzasgibi: I honestly feel we can just support recreating a new instance08:46
kashyapbauzas: Isn't that what already 'rebuild' is?08:47
kashyapAh, you said that already above :)08:47
bauzaskashyap: yup, the question was about the memory state08:47
suzhengweiIf host down, the suspend instance can be active agian on the origin node. So I think it makes sence to evacuate suspend instances.08:47
suzhengweican not08:48
bauzasI guess here suzhengwei's concern is that we limitate evacuate on active instances08:48
bauzasright?08:48
bauzasthat's the problem we're trying to solve ?08:48
gibiI think so08:48
suzhengweiyes08:48
gibiand I'm totally supportive to extend evac to support paused and suspended instances. It is simple if we allow loosing the running state08:49
bauzasI just remembered we have a --on-shared-storage flag https://docs.openstack.org/nova/latest/admin/evacuate.html#evacuate-a-single-instance08:49
bauzassince evacuate is an admin action, op can use it08:49
bauzason purpose08:49
bauzasso we already do the check automatically08:50
gibibauzas: onSharedStorage is deprecated in 2.1308:50
gibibauzas: today we automatically detect it I guess08:51
bauzasgibi: because we detect this ?08:51
bauzasyeah08:51
gibi"Starting since version 2.14, Nova automatically detects whether the server is on shared storage or not. Therefore this parameter was removed."08:51
gibiyepp08:51
bauzasok, so I guess we can consider adding suspend08:51
gibisuzhengwei: I suggest to propose a small spec about this. I'm happy to review it08:51
bauzasif the target host is on shared storage, we could just try to boot with the suspended state08:51
bauzasfor paused, the implication would be that the evacuated instance would become active08:52
bauzasfor suspend, too08:52
gibibauzas: active, or stopped08:52
gibibauzas: we can decide08:52
bauzasyup, that's the point08:52
gibibauzas: but true, it cannot be pasued any more08:52
gibipaused08:52
*** Luzi has joined #openstack-nova08:52
gibiI don't want to stop the discussion, but we have 8 minutes left. If there any other topic to discuss?08:53
gibi/If/Is/08:53
kashyapbauzas: gibi: One last:08:53
gibikashyap: go08:53
suzhengweiI think stopped is better. No matter pause or suspend, users can not acess the instance directly.08:53
gibisuzhengwei: I can accept that08:53
kashyapgibi: suzhengwei: On whether it makes sense of moving suspended instances between compute hosts, a thumb-rule can be: "follow the same rules for hardware matching as for a live migration between the hosts"08:54
kashyap(I mean, to uncover any "gotchas")08:54
gibikashyap: ahh you have a point, this state can be hw dependent08:54
kashyapFWIW, I also just checked the above w/ a QEMU migration developer; and he agrees.08:54
bauzaskashyap: since evacuate is a rebuild, we can't predict this08:54
bauzasgibi: sorry, I wasn't explicit but when I said 'we're gonna try to unsuspend from disk", I was thinking of hardware capabilities08:55
gibiOK, then I propose not to try to recover the suspended state during evac. At list not in the first step08:55
kashyapbauzas: gibi: Hm, so looks like this needs to be fleshed out in a design document08:55
gibi/list/least/08:55
bauzaskashyap: the evacuate workflow is waaaaay different from live-migrate08:56
bauzasyou can't just check the source host at first ;)08:56
bauzasand compare both08:56
bauzasthe scheduler is just giving you a target and then good luck with it08:56
kashyapbauzas: I see; fair enough08:56
gibiso in summary08:57
bauzasbut yeah, we're 4 mins08:57
bauzasleft08:57
gibiso in summary08:57
gibisuzhengwei: please propose a spec. I don't see any problem supporting evac for paused and suspended VMs. But they will lose the in memory or suspended state. They will be fresh VMs on the dest host in stopped state08:57
kashyapYeah; makes sense.08:58
suzhengweiI will.08:58
kashyap(On spec)08:58
gibisuzhengwei: cool, thanks08:58
gibiany last words before we stop the meeting? ;)08:58
suzhengweinothing from me.08:59
gibiXinxinShen: ?08:59
XinxinShennothing for me. thanks.08:59
gibithen thanks for joining. please continue discussion if needed08:59
gibiI just stop the meeting log here09:00
gibi#endmeeting09:00
opendevmeetMeeting ended Thu Jun  3 09:00:04 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)09:00
opendevmeetMinutes:        http://eavesdrop.openstack.org/meetings/nova_extra/2021/nova_extra.2021-06-03-08.00.html09:00
opendevmeetMinutes (text): http://eavesdrop.openstack.org/meetings/nova_extra/2021/nova_extra.2021-06-03-08.00.txt09:00
opendevmeetLog:            http://eavesdrop.openstack.org/meetings/nova_extra/2021/nova_extra.2021-06-03-08.00.log.html09:00
bauzasright on time09:00
kashyapgibi: Remind me again, what's the case against trying to "resume" the saved state on the destination, instead of a fresh rebuild (which loses the state)?  Because it also involves dealing with the state file transportation?09:02
gibikashyap: if we need to take care of HW compatibility then we have to blow up the evac process09:03
kashyapgibi: Oh, yikes; yes.  How come I forgot so quickly09:03
gibilive migration is special :)09:03
kashyapTell me all about it.09:04
gibi:D09:04
kashyapgibi: I'm not the person for GIFs, but this captures it: https://kashyapc.fedorapeople.org/Live-Migration.gif09:05
kashyap(Not sure if it's loading correctly for you)09:05
gibiooh, that is good09:06
gibiI will distribute it :)09:06
kashyapYou're welcome ;-)09:06
gibithanks09:06
kashyapgibi: Does it load smoothly for you?  For me not here, strangely09:06
gibiit works for me from firefox09:06
gibismooth and on auto repeat09:06
kashyapAh, nod.  (It goes in super slow-motion on FF and Chromium.)09:07
bauzasgibi: I think we have a formal contract with evacuate09:10
bauzasgibi: this is badly named as it's a recreate09:10
bauzasif you really want to have persisted storage, use volumes09:10
bauzasbecause if not, we'll recreate the instance, even on shared storage09:11
*** wenpingsong has quit IRC09:12
gibiyeah, we should just drop evac and change rebuild to detect if the compute is dead and then rebuild the instance on anther host. (partly joking)09:12
bauzasgibi: and chicken will have teeth09:13
gibiOK, I guess this is some French saying :)09:14
bauzasbut yeah, this extra API action is confusing09:14
bauzasand the wording is horrible09:14
bauzasgibi: for your european culture https://blogs.transparent.com/french/when-pigs-fly-and-chicken-have-teeth-impossible-french-expressions/09:15
gibithank you09:16
bauzasgibi: I guess you probably have other expressions like this in your own language09:16
*** XinxinShen has quit IRC09:17
bauzaseither way, dropping for a few09:18
gibiOk for me this chikent thing would be : "when red snow falls (... with black dots) "09:19
gibiwhich was OK in my childhood, but recently we got sand from Sahara sometimes and that can make the rain red, so I can imagine that we can get red snow in the same way09:21
*** abhishekk has quit IRC09:24
*** swp20 has joined #openstack-nova09:36
bauzasgibi: indeed, when you live close to the mountains, you see red snow ;)09:46
bauzasactually, more likely orange snow09:46
gibiyeah it is orange-red rain that happens here09:46
gibiit makes everything dirty :/09:47
bauzasgibi: https://photos.app.goo.gl/nCCAirhi8sZ3vDyc9 some pic from last winter ;)09:47
*** jangutter has joined #openstack-nova09:48
gibiIt looks like it made with a sepia filter :)09:48
bauzasindeed, but no, just a regular pic ;)09:48
gibicrazy09:49
bauzasand this was on a morning, not during sunset09:49
bauzasimagine a lost skiing resort as the lifts were closed with this sky09:50
bauzasprobably a good place and time for a new Hitchcook movie09:51
bauzasI loved the abandoned atmosphere :)09:51
*** jchorin_ has joined #openstack-nova09:52
*** jangutter_ has quit IRC09:55
*** jangutter has quit IRC10:01
*** jangutter has joined #openstack-nova10:01
sean-k-mooneyits almost mars like10:02
sean-k-mooneyhow did the first meeting go this morning10:03
* sean-k-mooney scrolls back10:03
sean-k-mooneysuzhengwei: we spoke about evacuation for suspended and stopped instace at the ptg. i assume you added that topic but were not able to attend when we discussed it10:08
sean-k-mooneysuzhengwei: the feedback at the time was to submit a spec, intoduce a new microversion and have the state transtion as follows10:09
sean-k-mooney    Shelved -> Shelved or Shelved_offloaded ?10:09
sean-k-mooney    Paused -> Stopped10:09
sean-k-mooney    Suspended -> Stopped10:09
sean-k-mooney    active -> active10:09
sean-k-mooneyactully  Shelved -> Shelved or Shelved_offloaded ? is not relevnet10:10
sean-k-mooneywell ok it kind of is but in a subtel way10:11
sean-k-mooneyshelved instance still have a host but you have a choice of if you will shleve it to a different host or shleve offload it10:11
sean-k-mooneysuzhengwei: hence the ? as its an open question which would be the correct behavior but that should be adressed in the spec10:12
sean-k-mooneysuzhengwei: im happy to review the sepc if you propose it so feel free to ping me or add me to the review once its pushed.10:13
*** jangutter has quit IRC10:14
*** osmanlic- has joined #openstack-nova10:14
*** jangutter_ has joined #openstack-nova10:15
*** osmanlicilegi has quit IRC10:17
*** bauzas has quit IRC10:23
*** bauzas has joined #openstack-nova10:23
gibisean-k-mooney: thanks sean-k-mooney for remembering that we talked about that on the ptg, I already forgot10:23
gibibut we concluded the same thing today :)10:23
sean-k-mooneygibi: well a least we were consitnet in our feedback10:24
gibiyepp10:24
sean-k-mooneyso thats a good sign at least10:24
*** suzhengwei has quit IRC10:24
*** admin1 has joined #openstack-nova10:29
sean-k-mooneylyarwood: by the way since https://review.opendev.org/c/openstack/nova/+/794252 is chanigng the virt dirver interface its nice to email the list about it10:39
sean-k-mooneywhich is ironic since we dont support out of tree virt drivers10:39
lyarwoodsean-k-mooney: ack yeah will do10:45
*** suzhengwei has joined #openstack-nova10:53
*** suzhengwei has left #openstack-nova10:58
*** halali_ has quit IRC11:11
*** osmanlic- has quit IRC11:20
*** osmanlicilegi has joined #openstack-nova11:20
*** hemna has quit IRC11:29
*** halali_ has joined #openstack-nova11:32
*** halali_ has quit IRC11:40
hemanth_nhi can I get final reviews + workflow on this clean backport patch on queens https://review.opendev.org/c/openstack/nova/+/761825 .. already Elod reviewed and gave +2, thanks elod11:43
*** hemna has joined #openstack-nova11:45
sean-k-mooneymelwitt: lyarwood  can you take a look at ^11:50
sean-k-mooneygranted at this point we likely wont pull this downstream since we wont have any new releases based on 13 at this point but it would still be good to fix for those on queens still11:51
jchorin_Hi everyone! I am trying to enable TLS on the nova API. Setting `cert` and `key` in nova.conf did not change anything except for the novncproxy. Is there another way to do it?12:10
*** hemanth_n has quit IRC12:10
*** halali_ has joined #openstack-nova12:13
sean-k-mooneyjchorin_: is the nova api using the copy of the nova.conf you updated12:15
sean-k-mooneyjchorin_: some installer create mulitple12:15
jchorin_Yes that is the one installed with the nova package and used by the process when started12:18
sean-k-mooneyjchorin_: how are you running nova-api12:19
sean-k-mooneywith the eventlet console script or via a wsgi server like appach or uwsgi12:19
sean-k-mooney* apache mod_wsgi12:20
sean-k-mooneyjchorin_: i assume you set it in the default section https://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.cert12:22
sean-k-mooneyjchorin_: if its runnign under uwsgi or mod_wsgi you likely need to do the cert configurtion in the wsgi server instead12:22
sean-k-mooneyjchorin_: like this https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/nova/templates/nova-api-wsgi.conf.j2#L47-L5112:24
jchorin_I added it in the default section yes.12:25
jchorin_It is started with `python3 /usr/bin/nova-api ...`12:25
jchorin_But there is no nova file in apache's site-available12:25
sean-k-mooneygibi: dansmith  do ye know if we ever supported tls nativly when runing nova-api directly issted of under an external wsgi server12:26
sean-k-mooneyjchorin_: yes unless you created one there would not be12:27
sean-k-mooneyjchorin_: that is running the api using hte python built in webserver with eventlets handeling multiplexing connections12:28
sean-k-mooneyjchorin_: kolla ansible runs it nova-api using apache and mod_wsgi and https://github.com/openstack/kolla-ansible/blob/master/ansible/roles/nova/templates/nova-api-wsgi.conf.j2 is the template they use to render the apache configuration for the site12:29
sean-k-mooneyjchorin_: i woudl recommend doing that if you are manually installing instead as it perfroms better12:30
sean-k-mooneywell in many cases at least12:30
jchorin_You mean to use wsgi? Yes it is entirely fine for me to use it. Do I only need to add this file to the site-available?12:31
sean-k-mooneywell that s in jinga 2 format so you need to add a rendered equivalent but yes12:31
sean-k-mooneythen symlink it to site-enabled12:32
jchorin_However, the server will still be running right?, So both TLS and non-TLS will be reachable12:32
gibisean-k-mooney: hm, I'm not expert on the TLS front, what deploymnet I see was basically using a TLS proxy in front of the API servies12:32
*** Luzi has quit IRC12:32
sean-k-mooneygibi: yep i think that is what we did before we could run the api with a wsgi server via a web server12:33
sean-k-mooneyjchorin_: what os are you on12:34
jchorin_Ubuntu12:34
sean-k-mooneyok are you following https://docs.openstack.org/nova/wallaby/install/controller-install-ubuntu.html#install-and-configure-components12:34
sean-k-mooneythat is indeed mssing a tls section12:35
jchorin_This one yes12:35
sean-k-mooneyits also using sytemd to run nova-api presumable directly as you noted above12:36
*** kaisers has joined #openstack-nova12:43
*** swp20 has quit IRC12:44
jchorin_Alright, I'll take a look, thanks for your help!12:44
sean-k-mooneyi have just been looking and out side of the installer that have implemented support for tls endpoing like kolla-ansible and tripleo i do not see any docs for how to deploy openstack with tls endpoints12:45
sean-k-mooneyso this is an operational gap in our docs as a whole12:46
jchorin_Yes, I could not find any information except for the `cert` and `key` settings in the conf12:47
sean-k-mooneythe general approch however seams to be the same across most installer project, use a webserver to handel the tls/ssl laywer and hand off to the openstack service12:47
*** kaisers_ has quit IRC12:48
*** nicolasbock has joined #openstack-nova12:55
*** rloo has joined #openstack-nova12:56
*** rloo has quit IRC12:59
*** rloo has joined #openstack-nova12:59
*** jchorin_ has quit IRC13:07
*** jchorin has joined #openstack-nova13:11
sean-k-mooneygibi: kashyap  fyi i filed the whishlist bug for the realtime emulator threads here https://bugs.launchpad.net/nova/+bug/193070613:11
opendevmeetLaunchpad bug 1930706 in OpenStack Compute (nova) "nova allows suboptimal emulator tread pinning for realtime guests" [Wishlist,Triaged]13:11
sean-k-mooneyjust closing out that ar form the last meeting13:11
* kashyap clicks13:11
sean-k-mooneyspeaking of which i think the new review priortiy docs have merged? im going to go update the patch to project config13:12
jchorinsean-k-mooney : Unfortunately I got "could not bind to address 0.0.0.0:8774", as the serverlet is still running and I do not use kolla. Is there a configuration setting for changing the port or should I do it differently?13:12
sean-k-mooneyyou should stop the serverlet13:14
sean-k-mooneyso stop the nova-api systemd service and disable it13:14
sean-k-mooneythen run it only under apache13:15
kashyapsean-k-mooney: Thanks for writing it up; it might be worth it to explicilty flag the workaround for operators who're not well-versed in this area13:15
sean-k-mooneykashyap: i think i said that in the comment i left13:16
sean-k-mooneye.g. use emulator thread policy13:16
kashyapsean-k-mooney: Ah, the second comment, yes13:16
sean-k-mooneyi realised i did not add it orginally13:17
kashyapsean-k-mooney: The "not" at the start confused me; I know you meant it as "note"13:17
sean-k-mooneyi think the bug desciription can be updated if you want to add it13:17
sean-k-mooneykashyap: ya i did13:17
sean-k-mooneyi just fixed that13:17
kashyapAh, cool.13:18
sean-k-mooneybut if you want ot update the description please feel free too13:18
kashyapsean-k-mooney: Yeah, good idea to update the description; /me goes to do it :)13:18
kashyapsean-k-mooney: Mind if I also touch up a few typos?13:19
sean-k-mooneygo for it13:19
kashyapsean-k-mooney: One clarif:13:20
kashyapIn this bit: "When the emulator thread is spawned on core 1 since it has less priority then the vcpu thread it will only run if the guest vcpu idels resulting in the iablity for qemu to process device attach"13:20
kashyapsean-k-mooney: Can you pleease rephrase the last part?  The "idels and "iability" are ambigious to parse for me13:21
kashyapsean-k-mooney: Added the "Workaround" section at the end of the description; please double-check.13:29
dansmithsean-k-mooney: no I don't know13:32
ozzzoSean has helped me a lot so I've gotten pretty good at translating Seanglish: "guest vcpu idles resulting in the inability"13:41
kashyapozzzo: Ah, thanks.  I'm mostly pretty good at parsing him, sometimes I miss the mark :)13:42
*** abhishekk has joined #openstack-nova13:44
kashyapsean-k-mooney: Disregard my above question (thx to ozzzo); updated the bug.13:46
sean-k-mooneyozzzo: hehe seanspeak is a select dialect :)13:47
opendevreviewMerged openstack/nova stable/queens: Update pci stat pools based on PCI device changes  https://review.opendev.org/c/openstack/nova/+/76182514:00
*** dklyle has joined #openstack-nova14:11
gmannmelwitt: no, it was by mistake. thanks for catching it. fixing it now14:32
opendevreviewGhanshyam proposed openstack/nova master: Improve policy doc for supported scope info  https://review.opendev.org/c/openstack/nova/+/76201314:46
gmannmelwitt: stephenfin updated ^^14:47
* stephenfin looks14:51
*** abhishekk has quit IRC15:08
*** abhishekk has joined #openstack-nova15:08
*** abhishekk has quit IRC15:08
*** erlon has quit IRC15:13
*** jchorin has quit IRC15:25
gibiFYI: I will be mostly off on Monday and Tuesday next week, but I will chair the nova meeting on Tuesday15:47
opendevreviewBalazs Gibizer proposed openstack/nova master: Detect extended_resource_request neutron API extension  https://review.opendev.org/c/openstack/nova/+/79361816:06
opendevreviewBalazs Gibizer proposed openstack/nova master: Reject server create with extended resource req  https://review.opendev.org/c/openstack/nova/+/79361916:06
opendevreviewBalazs Gibizer proposed openstack/nova master: Reject server operations with extended resource req  https://review.opendev.org/c/openstack/nova/+/79362016:06
opendevreviewBalazs Gibizer proposed openstack/placement master: Add support for RP re-parenting and orphaning  https://review.opendev.org/c/openstack/placement/+/78402016:08
opendevreviewBalazs Gibizer proposed openstack/nova master: Add same_subtree field to RequestLevelParams  https://review.opendev.org/c/openstack/nova/+/79150316:08
opendevreviewBalazs Gibizer proposed openstack/nova master: Bump min placement microversion to 1.36  https://review.opendev.org/c/openstack/nova/+/79150416:12
*** rpittau is now known as rpittau|afk16:12
bauzasgibi: ack, and thanks for chairing16:13
bauzaslast time I did, I felt the breath of the loneliness :p16:13
opendevreviewBalazs Gibizer proposed openstack/nova master: Support same_subtree in allocation_canadidate query  https://review.opendev.org/c/openstack/nova/+/79150516:13
gibibauzas: ahh I remember that meeting, I sit in the inner park of the hospital waiting my turn in the CT. It was a bit surreal both in IRC space and in real space too :)16:15
opendevreviewBalazs Gibizer proposed openstack/nova master: Support the new port resource_request format  https://review.opendev.org/c/openstack/nova/+/78720816:15
bauzasgibi: :D16:16
opendevreviewBalazs Gibizer proposed openstack/nova master: Transfer RequestLevelParams from ports to scheduling  https://review.opendev.org/c/openstack/nova/+/79150616:16
opendevreviewBalazs Gibizer proposed openstack/nova master: [func test] ports with both bw and pps resources  https://review.opendev.org/c/openstack/nova/+/79239416:16
gibithis time I will be off to the lake during the weekend + Monday. But I need to be back in the city on Tuesday so I can do the meeting16:18
gibi(or I could do the meeting from the lake side but meh :D)_16:18
opendevreviewBalazs Gibizer proposed openstack/nova master: [func test] move unshelve test to the proper place  https://review.opendev.org/c/openstack/nova/+/79362116:19
sean-k-mooneygibi: you you know one of us could run the meeting for you and you could relax16:20
gibisean-k-mooney: thanks, yes. but no need this time16:20
gibisean-k-mooney: the original plan was that we are back on Wednesday morning, and then I would ask somebody to run it16:21
gibisean-k-mooney: but turned out that we have to get back on Tuesday morning16:21
*** kaisers has quit IRC16:22
gibiso I think I will use Tuesday to do some chores and meeting fits well to that list :)16:22
*** ralonsoh has quit IRC16:24
*** lucasagomes has quit IRC16:25
melwittgibi: easy test-requirements update for placement, dunno if you also ran into this when running func tests the first time https://review.opendev.org/c/openstack/placement/+/78728916:31
opendevreviewBalazs Gibizer proposed openstack/nova master: Remove unnecessary mocks from unit test  https://review.opendev.org/c/openstack/nova/+/79463716:35
gibimelwitt: I don't remember I saw it but the change itself does not hurt16:36
gibicould be that I have that package already locally16:37
gibiyepp, I have it already that package installed globally in my dev machine16:39
gibithat is why I did not see it16:39
opendevreviewLee Yarwood proposed openstack/nova master: libvirt: Set driver_iommu when attaching virtio devices to SEV instance  https://review.opendev.org/c/openstack/nova/+/79463916:49
lyarwood^ should be WIP, I'll finish it up later with volume attach tests16:51
lyarwoodand maybe a seperate functional test16:51
sean-k-mooneylyarwood: the set_driver_iommu_for_device should be called form vif_driver.get_config more then likely17:04
sean-k-mooneylyarwood: https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L56017:06
lyarwoodsean-k-mooney: I'm assuming that wasn't done originally to ensure *all* devices end up with it set not just when disks and vifs we define17:06
*** derekh has quit IRC17:06
sean-k-mooneylyarwood: well curently you are just alwasy checkign it without considering the vif model correct17:07
lyarwoodsean-k-mooney: no that's checked in the designer17:07
lyarwoodsean-k-mooney: at least that it's virtio17:08
sean-k-mooneyya just looked at that now17:08
sean-k-mooneyi dont see any reason not to put it in get config other then we will need to store the config and then return it17:09
sean-k-mooneyalthough you probably could do it here https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L52817:09
sean-k-mooneywe really need to get rid of the non os-vif code path17:11
lyarwoodsean-k-mooney: I'd rather do this explicitly in both hot plug flows first and then refactor the vif part later if you think it's worth it17:11
lyarwoodsean-k-mooney: we can't do this in the volume drivers as we don't pass in the instance so it would be weird to change this just for vifs IMHO17:12
sean-k-mooneywell i dont like spreading out the config genration like that17:12
sean-k-mooneyi dont think that the attach or detach function should have to care about this explictly17:12
sean-k-mooneyto me that is a  poor speeration of concerns17:13
lyarwoodYup I agree but the original SEV code was already doing this during spawn17:15
lyarwoodhow about we fix this and then refactor both sets of config generation to do this correctly17:15
lyarwoodI really don't want to do that as part of the bugfix we need to backport17:16
sean-k-mooneywe could yes by passing the flavor/image metadata to _get_volume_config17:16
sean-k-mooneyand then moving this into vif_driver.get_config17:16
lyarwoodright I'm not going to do that in the backportable change17:16
lyarwoodsomeone else can17:16
sean-k-mooneywell honestly its not really a big change is it17:17
lyarwoodbut to me that's something that can follow on master17:17
lyarwood_get_volume_config isn't generating the actual config so if we were to do the same thing as vifs we'd be passing that down into the volume drivers right?17:18
lyarwoodotherwise there's no difference to what the change is already doing in attach_volume17:18
sean-k-mooneythere is a change presumable _get_volume_config is used for every operation that gets the confi for a volume17:19
sean-k-mooneyas vif_driver.get_config is17:20
sean-k-mooneyso if we put the if and call to the desinger in _get_volume_config and vif_driver.get_config17:20
sean-k-mooneywe can never forget to do it17:20
sean-k-mooneywhat i dislike about your current patch is that it leave open the need to do this on all relevent code paths17:21
lyarwoodthe original did that17:21
lyarwoodanyway let me respin and see what the fallout is17:22
sean-k-mooneydid what17:22
lyarwoodnvm17:22
sean-k-mooneyfor get_volume config its just passing the info and doing the if here right https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L188717:24
lyarwoodright I thought you were suggesting changing the actual get_config methods in the volume drivers17:25
lyarwoodthis is still going to cause test fallout that I'd rather avoid for backports but I'll give it a go17:25
sean-k-mooneyno17:25
sean-k-mooneyand for vif.py its just replaceing the returns here https://github.com/openstack/nova/blob/master/nova/virt/libvirt/vif.py#L578-L60117:26
sean-k-mooneywith an asignment to conf and dong the if then returning17:26
sean-k-mooneylyarwood: the rest of the approch im ok with17:26
sean-k-mooneylyarwood: due to the changing of the signiture of an privete funcion _get_volume_config17:27
sean-k-mooneyi would hope the fallout from tha twould be relitivly minimal17:28
lyarwoodsean-k-mooney: what about get_base_config for the vif?17:28
sean-k-mooneyyou dont need to modify that17:28
sean-k-mooneyyou could but you cna do it in get_config17:28
sean-k-mooneylyarwood: that said https://github.com/openstack/nova/blob/cd084aeeb8a2110759912c1b529917a9d3aac555/nova/virt/libvirt/vif.py#L18017:29
sean-k-mooneyit has the flaovr and image_meta17:29
sean-k-mooneyand that shoudl be called in all code paths17:29
lyarwoodright I was looking at the end of that method17:30
sean-k-mooneyso ya you can just add it there17:30
sean-k-mooneylyarwood: to be honest i tought it was already there17:30
lyarwoodah the only issue is checking if sev is enabled from here is going to be awkward17:31
sean-k-mooneyyou need to do it here though https://github.com/openstack/nova/blob/cd084aeeb8a2110759912c1b529917a9d3aac555/nova/virt/libvirt/vif.py#L19217:31
sean-k-mooneylyarwood: becuase you dont have aceese to sev_enabled?17:31
lyarwood_sev_enabled yeah17:31
sean-k-mooneythat is just https://github.com/openstack/nova/blob/cd084aeeb8a2110759912c1b529917a9d3aac555/nova/virt/libvirt/driver.py#L6716-L674317:32
sean-k-mooneyyou can put that in desinger.py17:32
sean-k-mooneyif you wanted too17:32
lyarwoodright but that's checking _host17:32
sean-k-mooneywell no17:32
sean-k-mooneyit need _host17:32
sean-k-mooneyok well we have _host in vif.yp17:33
lyarwoodlol17:33
sean-k-mooneybut if you want to do this in a follow up then ok17:33
sean-k-mooneyi think this would still be a clearer way to do this17:33
sean-k-mooneywe likely woudl just want to pass host as a parmater to sev_enabled17:34
sean-k-mooneyactully you could put the if check in set_driver_iommu_for_device17:35
sean-k-mooneyand pass host, flavor, image_meta and conf17:35
sean-k-mooneyanyway i guess leave it for now17:36
sean-k-mooneyat some point we really need to get ride of the desginer.py as well17:37
lyarwoodtbh this is the first time I've really looked at it17:37
sean-k-mooneythe designer.py has always been a pet pev of mine17:37
sean-k-mooneyi want driver.py to be smaller17:38
sean-k-mooneybut designer.py does not relaly add value today17:38
lyarwoodbrb baby bedtime17:38
sean-k-mooneyit would be beter to merge it with config.py17:38
sean-k-mooneyit was seperated out so that config.py could just be the xml object creation and designer.py woudl have the logic to do some of the compostion17:39
sean-k-mooneybut we never too the xml logic out of vif.py or the volume modules17:40
sean-k-mooneyso really designer just complicated things17:40
opendevreviewMerged openstack/nova stable/wallaby: rbd: Get rbd_utils unit tests running again  https://review.opendev.org/c/openstack/nova/+/79083617:42
opendevreviewmelanie witt proposed openstack/nova stable/victoria: rbd: Get rbd_utils unit tests running again  https://review.opendev.org/c/openstack/nova/+/79462418:04
melwittfix for intermittent unit test failure if anyone interested https://review.opendev.org/c/openstack/nova/+/79439618:31
*** vishalmanchanda has quit IRC18:39
sean-k-mooneymelwitt: oh it was somethime slow an now did not match?18:53
sean-k-mooneyor something like that that change the behavior of _refresh_associations18:53
melwittsean-k-mooney: yeah, learned of it cause it hit my patch heh https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_b0d/794186/1/check/openstack-tox-py38/b0dd1dd/testr_results.html18:53
sean-k-mooneythat was going to be my next question good catch18:53
melwittafter awhile I realized it's because refresh associations records the time at which it ran, and the test was relying on the fact that that time would be sufficiently soon enough after "now" was recorded prior18:55
sean-k-mooneythat looks like  now = time.time() was previously unused18:56
sean-k-mooneyoh i guess its later in the test18:56
sean-k-mooneyya it is18:56
melwittno yeah it's used18:57
sean-k-mooneypart of me wishes there was a clearn helper funciton or somthing for this but  ya this looks correct to me18:57
sean-k-mooneyfor example mocking time.time via a decorator at the top of the function18:58
melwittoh yeah, I guess that would work without needing reset of the mocks throughout, cause all you'd change is the return_value and not asserting calls18:59
sean-k-mooneye.g. @mock.patch.object(time, 'time', return_value=time.time())18:59
sean-k-mooneyyep19:00
sean-k-mooneyyou could still reset the time mock if needed19:00
sean-k-mooneybut they dont check that as far as i can see19:00
melwittyeah. I was hoping to not though19:01
sean-k-mooneyi dont think you need too19:01
melwittyeah, agree19:01
sean-k-mooney@mock.patch.object(time, 'time', return_value=time.time())/def test_refresh_associations_time(self, log_mock,time_mock):19:01
sean-k-mooneyshoudl fix it19:01
sean-k-mooneyreturn_value=time.time() shoudl be evaluated before the mock is appied and resovled into a what time.time() returns19:02
melwittI'll give it a go19:05
*** whoami-rajat has quit IRC19:10
*** efried has quit IRC19:14
*** efried has joined #openstack-nova19:14
*** ralonsoh has joined #openstack-nova19:16
opendevreviewmelanie witt proposed openstack/nova master: Make test_refresh_associations_* deterministic  https://review.opendev.org/c/openstack/nova/+/79439619:28
opendevreviewmelanie witt proposed openstack/nova master: Make test_refresh_associations_* deterministic  https://review.opendev.org/c/openstack/nova/+/79439619:30
opendevreviewmelanie witt proposed openstack/nova stable/victoria: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/79467419:33
opendevreviewmelanie witt proposed openstack/nova stable/ussuri: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/79467519:37
*** ralonsoh has quit IRC20:28
*** andrewbonney has quit IRC21:14
*** admin1 has left #openstack-nova21:40
*** whoami-rajat has joined #openstack-nova21:56
*** eharney has quit IRC21:57
*** brinzhang0 has joined #openstack-nova22:11
*** brinzhang_ has quit IRC22:18
*** rloo has quit IRC22:28
*** tosky has quit IRC23:00
*** luksky has quit IRC23:07
opendevreviewmelanie witt proposed openstack/nova stable/train: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/79468623:53
opendevreviewmelanie witt proposed openstack/nova stable/train: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/79468623:57
melwittsigh23:59
*** martinkennelly has quit IRC23:59
*** martinkennelly_ has quit IRC23:59
opendevreviewmelanie witt proposed openstack/nova stable/train: zuul: Replace grenade and nova-grenade-multinode with grenade-multinode  https://review.opendev.org/c/openstack/nova/+/79468623:59
« Wednesday, 2021-06-02 Index Friday, 2021-06-04 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!