Tuesday, 2023-05-02

« Monday, 2023-05-01 Index Wednesday, 2023-05-03 »
kashyapdansmith: I was off yesterday (public holiday).  Looking at the scrollback now about "tempest.api.compute.admin.test_volumes_negative.VolumesAdminNegativeTest"08:07
opendevreviewElod Illes proposed openstack/nova master: Add nova-tox-functional-py310 to gate jobs  https://review.opendev.org/c/openstack/nova/+/88133909:38
sfinucanbauzas: addressed your comments on https://review.opendev.org/c/openstack/python-openstackclient/+/881822 lemme know if they work11:19
sean-k-mooneysfinucan: im ok wiht osc generating keypairs client side11:57
sean-k-mooneyalthoug it proably should be in its own command but i understand why we might wasnt to proxy it form the nova one11:58
sean-k-mooneysfinucan: can i suggest we do both. proceed with bauzas patch as is and then add your change on top to add client side generation11:59
sean-k-mooneythe keypair type would be changing so they are not really interchangable11:59
sean-k-mooneythey kind of are but old operating systsms wont supprot ssh-ed2551912:00
sean-k-mooneyi.e. centos 7 and newer OSs wont support RSA i.e. centos 912:00
sean-k-mooneyso i see you are proposing taking the approch of always generating htem client side isntaed fo doing this based on the microversion 12:02
sean-k-mooneythat actully has some benifits in that the behaivor wont be "incorrect" for the new microverion12:03
sean-k-mooneyi.e. the client wont be giving the perception of the api generating the key  for the latest microversion12:03
sean-k-mooneysince now it will be alwasy client side.12:04
sfinucansean-k-mooney: yeah, I'd rather not have different behaviour depending on the microversion in use12:56
bauzassfinucan: sean-k-mooney: I'm OK with generating private keys by default in OSC even if the API microversion is older than 2.9212:58
bauzassince the API was able to provide a private key by passing it, I'm ok12:58
sean-k-mooneyok13:03
sean-k-mooneyso how do you want to proceed13:03
sean-k-mooneyjust go with sfinucan patch13:03
sean-k-mooneyor merge both?13:03
sfinucanI think it's a case of one or the other13:04
*** sfinucan is now known as stephenfin13:04
stephenfinsean-k-mooney: if we start doing stuff client-side, there's no reason not to do it for all microversions. If we stick server-side, we're obliged to drop key generation functionality for newer or all microversions13:06
stephenfinsean-k-mooney: bauzas: btw, do you have +2 on OSC now? You should?13:11
bauzasstephenfin: my only concern if we merge your patch is that enduser wouldn' longer see that they need to create their own keypairs13:12
bauzasstephenfin: so if they use openstacksdk directly, they would see then 13:13
sean-k-mooneyi can check13:13
stephenfinwdym? They don't. We're still doing it for them, only on the client rather than the server13:13
stephenfinAh13:13
stephenfinI mean, I think that's okay. We do a whole load of helpful things in OSC that don't happen in SDK13:14
stephenfinLike the 'server ssh' command. There's no equivalent for that in SDK, mainly because it's not needed. We could add a docstring in SDK noting that the private key field must be explicitly provided in newer microversions13:15
sean-k-mooneystephenfin: for osc i do not have +2 currently13:18
sean-k-mooneylikely the same for sdk i have not actuly looked13:18
bauzasditto, I'm not osc-core (and not sure I want it :) )13:26
dansmithkashyap: thanks for looking..that looks like a kernel bug to me and so it'd be good to know if it's been fixed as it's not uncommon to see it13:27
stephenfinAh, okay, it seems I'd misunderstood what 'python-openstackclient-service-core' was being used for. I'd thought it would contain all the service core groups by default. Evidently not.13:27
stephenfinbauzas: https://review.opendev.org/c/openstack/openstacksdk/+/88196513:28
kashyapdansmith: Yeah, it looks like "somehow" the loading of the kernel modules itself is failing: "failed loading these modules:  nls_ascii nls_iso8859-1 nls_utf8 ip_tables ahci"13:29
kashyapAlso, I hate to say this, but I wonder if it's CirrOS-specific13:30
kashyapdansmith: I take it that this segfault is consistently reproducible13:30
dansmithkashyap: I can't push a button and make it happen, but I see it fairly often13:31
kashyapdansmith: Noted; I'm trying to wade through the logs to also find the QEMU command-line of this.  And the host kernel version13:32
dansmithkashyap: entirely possible that it's cirros related, but since this there is not much going on in userland and this is a kernel crash, I imagine it's not the actual fault of cirros13:32
kashyapHave you got the instance name / UUID, per chance?13:32
dansmithkashyap: if you look right above the top of the console dump you'll see requests tempest was making to watch the status and you should find the uuid there13:35
kashyapOkido, this seems the UUID: e0dc4c98-95e2-4421-a6ba-ae07213914a7 13:35
kashyapThanks!13:36
* dansmith teaches a man to fish13:40
dansmith:)13:40
dansmithbauzas: FYI, I've got a few good passing runs on the nova patch with new ceph on jammy, after *much* work on the ceph devstack plugin, cinder tempest plugin, and tempest itself13:53
dansmithso I'm hoping we can start to land those things soon and flip that job over, with your blessing13:53
opendevreviewyatin proposed openstack/nova master: Add config option to configure TB cache size  https://review.opendev.org/c/openstack/nova/+/86841913:53
dansmithbut let me know if you want to examine results closely13:53
bauzasdansmith: oh that's excellent news, I got distracted from following the series14:03
dansmithgouthamr: I think I need to make the devtack-ceph-plugin dependent on the cinder test plugin, which is dependent on the tempest stack.. are you okay with that? and do you want me to do anything else to the devstack plugin before we merge? or just merge and clean it up after?14:03
dansmithbauzas: not expecting you to follow it, just giving the boss the executive summary :)14:03
bauzasdansmith: don't call me like this, man, I'm just a cat herder :)14:03
dansmithheh14:04
bauzasdansmith: so, what's the plan ? merging the tempest bits first, and then the ceph devstack plugin one ?14:04
dansmithbauzas: well, I was just saying above that I think it needs to be devstack-plugin -> cinder tempest -> tempest (so they merge in reverse order of this)14:05
bauzassorry missed your line14:06
dansmithand probably change my DNM nova patch to stop commenting out all the jobs to make sure they're all still happy, other than just the ceph one14:06
bauzasyeah14:06
bauzasdansmith: at least that's a good thing to tell in the nova meeting today :)14:08
dansmithyeah14:08
sean-k-mooneydansmith: by the way i pushed this yesterday https://review.opendev.org/c/openstack/nova/+/881912 the image it pulled does not have resize2fs installed14:18
sean-k-mooneyso that is why some of the tests failed14:19
dansmithsean-k-mooney: because it can't resize itself to fill the root on boot?14:19
sean-k-mooneyyep14:20
sean-k-mooneyi can fix that pretty simply i need to look and see if any other packages are missing14:20
dansmithack, cool14:21
sean-k-mooneyin at least some of the case the inablity to resize the root fs prevent the ssh hostkeys from being genreated which prevented ssh access to the vm14:27
dansmithit'll prevent other things too, like writing the timestamp files14:28
dansmith(assuming it's really that constrained)14:28
sean-k-mooneyvirtual size: 292 MiB (305659904 bytes)14:29
sean-k-mooneydisk size: 83 MiB14:30
opendevreviewFabian Wiesel proposed openstack/nova master: Add more password generation options  https://review.opendev.org/c/openstack/nova/+/86566914:50
bauzasreminder : nova meeting in one hour-ish15:03
enriquetasothanks bauzas 15:04
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova/+/868419 is almost ready to merge just one last issues to adress if people want to review15:16
*** Guest74 is now known as atmark15:22
bauzassean-k-mooney: I plan to review this feature by tomorrow 15:41
bauzas(the tb cache size one)15:41
opendevreviewSylvain Bauza proposed openstack/nova master: Revert "Debug Nova APIs call failures"  https://review.opendev.org/c/openstack/nova/+/88205215:51
bauzasdansmith: melwitt: you may appreciate a quick review of the logging leak ^15:56
bauzas(did it on purpose before the meeting)15:56
bauzas#startmeeting nova16:00
opendevmeetMeeting started Tue May  2 16:00:02 2023 UTC and is due to finish in 60 minutes.  The chair is bauzas. Information about MeetBot at http://wiki.debian.org/MeetBot.16:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:00
opendevmeetThe meeting name has been set to 'nova'16:00
bauzaswelcome everyone16:00
elodilleso/16:00
bauzas#link https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting16:00
gmanno/16:00
gibio/16:00
gibi(on a spotty connection)16:00
dansmithbauzas: got it16:01
bauzascoolio, let's start16:02
bauzas#topic Bugs (stuck/critical) 16:02
bauzas#info One Critical bug16:02
bauzas#link https://bugs.launchpad.net/nova/+bug/201299316:02
bauzasshall be quickly reverted16:02
bauzasand I'll propose backports as soon as it lands16:02
bauzasnot sure we need to discuss on it by now16:03
bauzasso we can move on, unless people wanna know more about it16:03
sean-k-mooneyi have +w'ed it so its on its way16:04
bauzasyup, and as you wrote, two backports are planned 16:04
bauzasdown to 2023.1 and Zed16:04
bauzasanyway, moving on16:04
bauzas#link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New 20 new untriaged bugs (+3 since the last meeting)16:04
bauzasartom: I assume you didn't had a lot of time for spinning around those bugs ?16:05
bauzasagain, no worries16:05
Ugglao/16:05
bauzas#info Add yourself in the team bug roster if you want to help https://etherpad.opendev.org/p/nova-bug-triage-roster16:05
bauzasUggla: you're the next on the list, happy to axe some of the bugs ?16:06
artombauzas, trying to do a few now16:06
bauzascool, no rush16:06
Ugglabauzas, yep ok for me.16:06
bauzasthanbks16:06
artomFor https://bugs.launchpad.net/nova/+bug/2018172 I think we need kashyap to weigh in, 'virtio' may not be a thing in RHEL 9.1?16:06
bauzas#info bug baton is being passed to Uggla16:06
bauzasartom: looking16:06
dansmithuh, what16:07
artomOr maybe just close immediately and direct them to a RHEL... thing16:07
kashyapartom: Wait; it's impossible "virtio" can't be a thing in RHEL9.1.  /me looks16:07
dansmithhah, yeah16:07
dansmithbut looks like maybe just a particular virtio video model/16:07
bauzasthat's a libvirt exception16:07
bauzasso, IMHO invalid 16:07
bauzas(for the project)16:07
artomRight, but before that I'd like to confirm that Nova is doing the right thing16:08
dansmithis the video model an extra spec/16:08
opendevreviewRafael Weingartner proposed openstack/nova master: Nova to honor "cross_az_attach" during server(VM) migrations  https://review.opendev.org/c/openstack/nova/+/86476016:08
* dansmith curses his ? key16:08
artomI guess I'm going about it backwards - it's just an easier thing to check initially, RHEL 9.1 support for virtio video16:09
artomdansmith, yeah16:09
sean-k-mooneyits an image property16:09
bauzasyeah16:09
dansmithis virtio the only option there or is it like virtio plus a device model name/16:09
sean-k-mooneyvirtio shoudl be a thing in rhel916:09
bauzaswe just try to generate a domain which is badly incorrect given the image metadata16:09
dansmithjust wondering if they're specifying the wrong thing16:09
sean-k-mooneytechnially it maps to virtio-gpu16:09
bauzasthat rings a bell to me16:10
bauzasanyway, I'd propose to punt this bug today by asking the reporter its flavor and image16:10
opendevreviewRafael Weingartner proposed openstack/nova master: Nova to honor "cross_az_attach" during server(VM) migrations  https://review.opendev.org/c/openstack/nova/+/86476016:10
dansmithwhy are we even discussing this on the meeting?16:11
bauzasI guess because artom wanted to triage it 16:11
bauzasso please => incomplete it16:11
artomI just wanted to ping kashyap on it, is all16:11
sean-k-mooneyi guess it was a bug artom tought whoudl be brougt to our attention based on the triage16:11
bauzasand ask for the image metadata 16:11
kashyapartom: We can sort it out off-meeting :) Thx!16:12
sean-k-mooneyartom: i have been using hw_video_model=virtio for years so its valid for sure16:12
sean-k-mooneybut ya we can move on16:12
kashyap(Yeah; plain "virtio" must work)16:12
bauzasmoving on so16:13
kashyapIs it still on-topic to discuss a CirrOS seg-fault that dansmith pointed out earlier?16:13
bauzas#topic Gate status 16:13
bauzas#link https://bugs.launchpad.net/nova/+bugs?field.tag=gate-failure Nova gate bugs 16:13
bauzas#link https://etherpad.opendev.org/p/nova-ci-failures16:13
bauzasthere it is time to discuss gate failures now16:14
bauzasdansmith: shoot the good news and the bad ones if you have16:14
dansmithtldr is that I have got the ceph job moved to jammy and cephadm and it's working finally, and:16:14
dansmiththat I found a bunch of places where we thought we were requiring SSHABLE before volume activities where it was being silently ignored16:15
dansmithbasically what gibi asserted16:15
dansmithso I've got a stack of tempest patches (and cinder-tempest-plugin) to not only fix those,16:15
dansmithbut also sanity check and raise an error if someone asks for SSHABLE but without the requisite extra stuff to actually honor it16:15
dansmiththat helps us pass the ceph job in the new config but will also likely help improve volume failures in the other jobs16:16
bauzascool 16:16
bauzasthanks for the janitorisation16:16
gibidansmith: awesome16:16
gibithank you16:17
bauzaswhich patches shall be looked at for people who care ?16:17
dansmithit's been a lot of work and frustration, but happy to see it becoming fruitful16:17
dansmithwell, no patches to nova, but I can get you a link, hang on16:17
gmannthis one #link https://review.opendev.org/q/topic:sshable-volume-tests16:17
dansmiththis stack on tempest: https://review.opendev.org/c/openstack/tempest/+/88192516:18
dansmithand this one against cinder-tempest https://review.opendev.org/c/openstack/cinder-tempest-plugin/+/88176416:18
dansmiththe nova patch I have up is a DNM just to test our job with that full stack, but we don't need to merge anything16:18
bauzas#link https://review.opendev.org/q/topic:sshable-volume-tests Tempest patches that add more ssh checks for volume-related tests16:18
bauzascool excellent, thanks a lot dansmith for this hard work16:19
* dansmith nods16:19
bauzasthat's noted.16:19
bauzasany other CI failure to relate or mention ?16:19
bauzaslooks not, excellent16:20
bauzas#link https://zuul.openstack.org/builds?project=openstack%2Fnova&project=openstack%2Fplacement&pipeline=periodic-weekly Nova&Placement periodic jobs status16:20
bauzasthe fips job run had a node failure, but should be green next week16:21
bauzason a side note, I'm trying to add some kind of specific vgpu job that would use the mtty sample framework for validating the usage we have on a periodic basis16:22
bauzas#info Please look at the gate failures and file a bug report with the gate-failure tag.16:22
bauzas#info STOP DOING BLIND RECHECKS aka. 'recheck' https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures16:23
bauzasthat's it for me on that topic16:23
bauzasmoving on16:23
bauzas#topic Release Planning 16:23
bauzas#link https://releases.openstack.org/bobcat/schedule.html16:23
bauzas#info Nova deadlines are set in the above schedule16:23
bauzas#info Bobcat-1 is in 1 weeks16:23
bauzas#info Next Tuesday 9th is stable branches review day https://releases.openstack.org/bobcat/schedule.html#b-nova-stable-review-day16:23
bauzasI'll communicate on that review day by emailing -discuss16:24
bauzasbut let's discuss that more in the stable topic we have later16:24
bauzas#topic Review priorities 16:25
bauzas#link https://review.opendev.org/q/status:open+(project:openstack/nova+OR+project:openstack/placement+OR+project:openstack/os-traits+OR+project:openstack/os-resource-classes+OR+project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/osc-placement)+(label:Review-Priority%252B1+OR+label:Review-Priority%252B2)16:25
bauzas#info As a reminder, cores eager to review changes can +1 to indicate their interest, +2 for committing to the review16:25
bauzas#topic Stable Branches 16:25
bauzaselodilles: go for it16:25
elodilles#info stable nova versions were released for zed (26.1.1) and for yoga (25.1.1) last week16:25
elodillesotherwise not much happened16:25
bauzasrigt16:25
elodilles#info stable branch status / gate failures tracking etherpad: https://etherpad.opendev.org/p/nova-stable-branch-ci16:25
elodillesthat's all from me16:25
bauzasexcellent thanks16:27
bauzasand as I said just before, we shall round about some patches next week hopefully16:27
elodilles\o/16:27
bauzas#topic Open discussion 16:28
bauzas(enriquetaso) Discuss the blueprint: NFS Encryption Support for qemu 16:28
bauzasenriquetaso: shoot16:28
enriquetasohi16:28
enriquetasosure16:28
enriquetasoAs discussed on the PTG a couple weeks ago. I’ve proposed the blueprint.16:28
enriquetaso#link https://blueprints.launchpad.net/nova/+spec/nfs-encryption-support16:28
enriquetasoSummary: Cinder is working on supporting encryption on NFS volumes. To do this NFS driver uses LUKS inside qcow2 for this. 16:28
enriquetasoThis affects Nova because Nova cannot handle qemu + LUKS inside qcow2 disk format at the moment.16:29
enriquetasoWhat are your thoughts?16:29
enriquetasoshould I mention the rolling upgrades would be a problem on the bp ?16:29
bauzaslemme reopen the ptg notes16:30
bauzasright16:30
bauzaswe basically said we were quite okay with the proposed design but we were wondering if it was worth not scheduling to old computes16:31
bauzaswe have three options here :16:32
bauzas1/ avoid scheduling to old computes (by adding a prefilter)16:32
bauzas2/ preventing this feature on the API level by checking the compute service versions16:33
bauzas3/ do some compute check that would prevent the volume to be encryped on some preconditionsq16:33
bauzas#2 seems a bit harsh to me16:34
sean-k-mooneydind we discusss addign a trait16:35
bauzaswe did it16:35
sean-k-mooneyso 116:35
bauzaswithout having full quorum, hence me restating the options16:35
sean-k-mooneywell i vote 1 or file a spec16:35
bauzasthen I tend to say option #1 and specless blueprint as we basically went down 16:36
gibiI'm OK with 1/16:36
sean-k-mooneybecasue if we dont just use a trait/prefileter then i think we need a spec to expalin why that is not sufficent and descirbe it in detail16:36
dansmithso a trait of "this is newer than X"?16:37
sean-k-mooneyno16:37
dansmiththat's kinda fundamentally wrong, so you need to expose it as a feature flag16:37
sean-k-mooneyCOMPUTE_somehting16:37
bauzassean-k-mooney: do we all agree now that we accept a new trait saying something like "I_CAN_ENCRYPT_YOUR-STUFF"16:37
dansmithis there any compute config that needs to be enabled? if so, ideally that would control the exposure (or not) of the trait16:37
sean-k-mooneyto report the hypervers capablity to supprot lux in qcow16:37
sean-k-mooneydansmith: i think this just need to check the qemu/libvirt version16:37
bauzasmy only concern is the traits inflation but that's a string16:38
sean-k-mooneyand report it statically if we are above that16:38
sean-k-mooneyi dont think we need a cofnig option16:38
bauzassean-k-mooney: that's why I was considering option 316:38
dansmithsean-k-mooney: yeah, that's just a little annoying I think16:38
bauzaswhich would be "meh dude, you don't have what I need, I'll just do what I can do"16:38
sean-k-mooneybauzas: i dont think optional encypting is accpetable16:38
dansmithbecause it becomes not as much a feature flag but a shadow version number16:38
bauzassean-k-mooney: true16:39
sean-k-mooneyif you asked for the storage to be enypeed we either need to do it or raise an error16:39
bauzassounds then reasonable to ERROR the instance16:40
enriquetasowhat a `new trait` involves?16:40
sean-k-mooneydansmith: im not agaisn a min compute service version check in the api as well by the way16:40
bauzasthat's option 316:40
sean-k-mooneyi dont really think 2 is harsh16:40
bauzass/3/216:40
sean-k-mooneywe normally dont enabel feature untill the cloud is fully upgraded16:40
dansmithI'm not saying that's how it needs to be, I'm just saying it feels like we're bordering on trait abuse here16:40
dansmithso FWIW,16:40
sean-k-mooneywe have in the past done this on a per compute host bassis16:41
dansmithwe could also have a scheduler filter that requires a service version at or above a number16:41
sean-k-mooneybut in generall i think a min comptue version check is preferable16:41
dansmithand we could add hints/advice to the scheduler for this sort of thing16:41
dansmithwhich would be nice for this and other things I imagine16:41
bauzasyeah this sounds quite a reasonable tradeoff16:41
sean-k-mooneythis being?16:42
bauzasI'm just wondering whether we expose the service version on the scheduling side16:42
sean-k-mooneyi think you can already schedul based on the comptue service version16:42
sean-k-mooneywith either the json of comptue capablity filter16:42
sean-k-mooneybut in any case we want this to work without any configuration requried16:42
sean-k-mooneybauzas: why not just do 2?16:43
gibiI might miss something but if this feature nees compute code + libirt/qemu version then as simple compute version check is not enough16:43
dansmithsean-k-mooney: Im saying make it integrated16:43
dansmithsean-k-mooney: kinda like a prefilter16:43
bauzaswait https://github.com/openstack/nova/blob/master/nova/scheduler/request_filter.py#L39916:43
dansmithgibi: yeah, you need service version and libvirt version and qemu version right?16:44
sean-k-mooneyso if feature x requries minv version y have a prefilter or simialr that will request a host with that min version16:44
bauzasthat's ephemeral encryption16:44
sean-k-mooney ya thats seperate16:44
sean-k-mooneywe are talkign about encyption for nfs16:44
sean-k-mooneyfor cinder volume backend that use nfs16:45
dansmithgibi: that's kinda why I just think this is trait pollution because we end up with all these feature flags for any possible combination of several versions16:45
dansmithand especially in three years, that trait is useless as everything exposes it all the time16:45
dansmithso I'm not sure what the best plan is here, to be clear, I'm just saying none of these simple things feels right16:45
sean-k-mooneydansmith: not really usign a trait we report an abstract capblity. but in general i would prefer both a trait and a compute version bump16:46
dansmiththat's the thing though:16:46
sean-k-mooneyenriquetaso: how is this feature requested on teh volume by the way?16:47
dansmithjust exposing a "can do nfs encryption" because all the versions are new enough just feels like we could have a thousand of those things16:47
enriquetasowhen attaching the volume sean-k-mooney 16:47
sean-k-mooneyhow exactly a atribute on the volume16:47
sean-k-mooneyenriquetaso: we have two distict but related problems16:47
sean-k-mooneyfor attachemtn we know the host and have to check if the host suprot this16:47
sean-k-mooneyfor new boots or move operattions16:48
sean-k-mooneywe need to find another host that also supports it16:48
bauzasthat's why I tend to lean on option 216:48
sean-k-mooneyand we need this to work without any operator configurign of aggreates ectra16:48
bauzasit's an interim solution16:48
dansmithbauzas: me too, but 2 is not enough right?16:48
sean-k-mooneyoption 2 works if an only if our min libvirt/qemu version are new enough16:49
dansmithbecause you could be running an older libvirt/qemu16:49
enriquetasommh, the volume attr says it's encrypted and the volume image format is qcow2: https://review.opendev.org/c/openstack/nova/+/854030/6/nova/virt/libvirt/utils.py16:49
dansmithand I suspect it also depends on brick versions?16:49
enriquetasonot sure to understand the questions16:49
sean-k-mooneyenriquetaso: i was asking because if we are booting a new vm we would need to look that up16:49
sean-k-mooneyand then include it as an input to placemnt and the schduler in some way16:49
bauzasdansmith: hah, true, I was considering an API check, but that would require the libvirt versions, so nevermind my foolness16:50
bauzasyeah, so that'a tuple (libvirt, compute) for accepted versions16:50
sean-k-mooneywell it may or may not again it depend on if our min version is above or below the ersion that intoduced it16:50
bauzasyou need libvirt AND compute versions to be recent enough16:50
enriquetasooh, the volume doesnt have anything special, it just volume type=nfs and encrypted=true sean-k-mooney 16:50
dansmithsean-k-mooney: yeah, well, that's a good reason not to just add the compute+libvirt+qemu into a trait IMHO16:51
sean-k-mooneydansmith: right which is not what i suggested16:51
dansmithI know :)16:51
sean-k-mooneyi very explictly said have a triat for the capablity to supprot lux in qcow16:51
gibidansmith: on the trait pollution: either we encode a list of versions as a capability on the compute side, or we expose those versions to the scheduler / placement and code up a similar mapping of capability - versions in the sceduler side. We just move around similar logic16:52
dansmithgibi: yeah, understand, it's just that traits are supposed to be timeless right?16:52
bauzaswe have 5 mins to find a solution or defer to a spec, honestly 16:52
dansmithI'm not saying I know which solution (combination) is best, I'm just saying nothing feels particularly natural to me16:53
sean-k-mooneyso i was suggestign have the driver check the requirements and report COMPUTE_LUKS_IN_QCOW if it supprots it 16:53
sean-k-mooneyand have a prefilter requesst that if the voluem was nfs and qcow and encrypted=true16:53
gibidansmith: we will have a bunch of traits yes, but I don't see what problem that causes. We never remove min compute version checks from the code either16:54
sean-k-mooneyand addtional have a min compute service check for the rooling upgrade case16:54
sean-k-mooneythe other thing about traits is they are ment to be virt driver independent16:54
gibiLUKS_IN_QCOW does not seem to be libvirt dependent16:55
sean-k-mooneyto dans timeless point i.e. if we add one it shoudl be resuable by other virt driver16:55
sean-k-mooneyya i was just thinking that16:55
sean-k-mooneyits the qcow bit but16:55
sean-k-mooneywe have that alredy 16:55
sean-k-mooneyhttps://github.com/openstack/os-traits/blob/master/os_traits/compute/ephemeral.py#L18 and https://github.com/openstack/os-traits/blob/master/os_traits/compute/image.py#L2816:56
sean-k-mooneyalmost would work togather16:56
sean-k-mooneybtu we cant assume that epmeral encryption supprot for lux means nfs also works16:56
enriquetasoLUKS_IN_QCOW is already a config option on Nova gibi ?16:56
sean-k-mooneyenriquetaso: not really16:57
sean-k-mooneyor not that im aware of16:57
sean-k-mooneyin the context of cinder16:57
gibienriquetaso: we are discussing creating a new placement trait to represent if a compute supports luks in qcow16:57
enriquetasogibi++ thanks16:57
bauzasI honestly think we need to settle the dust16:58
bauzasgiven the very short time we have left I hereby propose enriquetaso to create a spec and describe the feature16:58
bauzaswe could then chime on the upgrade concerns16:58
enriquetasookay u.u16:59
bauzasenriquetaso: are you familiar with the spec process ?16:59
enriquetasois it too different from the cinder one?16:59
enriquetasobauzas, do you a have a doc? :P16:59
bauzasenriquetaso: I can provide you pointers and more than that : guidance16:59
enriquetasosure bauzas 17:00
bauzas#agreed enriquetaso to provide a spec for this feature17:00
bauzas#action bauzas to provide enriquetaso details on the spec process17:00
bauzaswe're on time17:00
bauzasthe agenda is done17:00
bauzasso thanks all and see you next week17:00
bauzas#endmeeting17:01
opendevmeetMeeting ended Tue May  2 17:01:01 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:01
opendevmeetMinutes:        https://meetings.opendev.org/meetings/nova/2023/nova.2023-05-02-16.00.html17:01
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/nova/2023/nova.2023-05-02-16.00.txt17:01
opendevmeetLog:            https://meetings.opendev.org/meetings/nova/2023/nova.2023-05-02-16.00.log.html17:01
elodillesthanks o/17:01
enriquetasothansk!!17:01
bauzasenriquetaso: gimme a sec17:01
enriquetasosure bauzas 17:01
bauzasenriquetaso: so the spec process is quite simple : it's a doc17:01
bauzasenriquetaso: we have a template you can reuse https://specs.openstack.org/openstack/nova-specs/specs/2023.2/approved/2023.2-template.html17:01
enriquetasolooks good17:02
bauzasenriquetaso: what you have to do is to write your own rst file based on that template and propose it for the approved/ directory 17:02
bauzaslike https://review.opendev.org/q/project:openstack/nova-specs+is:open17:02
enriquetasobauzas, do you remember when is the spec freeze?17:03
sean-k-mooneyits milestone 217:03
sean-k-mooneyso after the physical ptg at the end of  july17:03
bauzasenriquetaso: sure, look https://releases.openstack.org/bobcat/schedule.html#b-nova-spec-review-day17:03
bauzasdamn17:04
sean-k-mooneyjuly 6th actullly so start of july17:04
sean-k-mooneyhttps://releases.openstack.org/bobcat/schedule.html#b-nova-spec-freeze17:04
bauzasyup, my link was wrong17:04
bauzasenriquetaso: honestly, as you understood, most of the review process on that file will consist on us to agree on the upgrade concerns17:05
bauzaswhich are not only the rolling upgrade concerns but also the fact that we need a recent libvirt17:05
bauzasenriquetaso: you know our minimum libvirt versions we support, right?17:05
enriquetasosorry17:06
enriquetasoit desconnect 17:06
enriquetasoi'm back17:06
bauzasenriquetaso: no worries17:06
enriquetasobut I think I have all the info i need sean-k-mooney bauzas 17:06
bauzasI was mentioning that most of the spec review will be about the upgrade concerns17:06
bauzasenriquetaso: our current minimums for libvirt are https://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L219-L22217:07
bauzassean-k-mooney: have you already proposed the libvirt min bump ?17:07
sean-k-mooneyno i asked kashyap to do that17:08
sean-k-mooneyi dont think they have had time to propose any patches17:08
kashyapsean-k-mooney: Yes; it's on my list for this week17:09
bauzasack17:09
sean-k-mooneyif our currnt mins are enough this is simple as its just a min comptue service bump. if we have a min os-brick we can do that by raising or min os-brick17:09
kashyapRight now I'm chasing down the kernel crash Dan pointed out earlier17:09
dansmithcan't do the min bump until I finish the ceph job stuff I think17:10
sean-k-mooneyit might be possibel but im ok waiting to m2 i guess17:10
sean-k-mooneyi would have preferd to do it at m117:10
sean-k-mooneybut i think ceph is a higher piority17:11
bauzasI was under the impression that the nfs encryption was requiring a recent libvirt version but I could be wrong and mixing two things17:12
enriquetasommmh, I'm not sure17:15
sean-k-mooneyi donthing think libvirt matters17:15
sean-k-mooneybut qemu-img might17:15
sean-k-mooneyand qemu17:16
enriquetasoI can check and add this information on the spec if the feature need a min version of libvirt or qemu17:17
enriquetasookay, I'm going to disconnect now17:18
enriquetasothank you so much again17:19
« Monday, 2023-05-01 Index Wednesday, 2023-05-03 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!