Monday, 2016-07-04

« Sunday, 2016-07-03 Index Tuesday, 2016-07-05 »
*** armax has joined #openstack-stable00:04
*** armax has quit IRC00:07
*** mriedem has quit IRC04:18
*** rcernin has joined #openstack-stable06:02
*** armax has joined #openstack-stable06:16
*** kashyap has joined #openstack-stable06:23
kashyapMorning folks. can someone review this CVE fix for stable/liberty? https://review.openstack.org/#/c/327624/06:23
*** pcaruana has joined #openstack-stable06:38
*** armax has quit IRC06:44
ttxkashyap: +206:56
kashyapttx: Excellent, thank you.07:09
*** tesseract- has joined #openstack-stable07:59
-openstackstatus- NOTICE: setuptools 24.0.0 broke dsvm tests, we've gone back to old images, it's safe to recheck now if you had a failure related to setuptools 24.0.0 (processor_architecture) - see bug 159852508:15
*** kzaitsev_ws has quit IRC08:48
*** kzaitsev_ws has joined #openstack-stable08:49
*** Kiall has quit IRC09:55
*** Kiall has joined #openstack-stable09:57
*** apevec has joined #openstack-stable10:04
*** apevec has quit IRC10:22
*** amrith has quit IRC10:27
*** amrith has joined #openstack-stable10:28
*** apevec has joined #openstack-stable10:28
kashyapapevec or anyone else would like to give the final ACK on this - https://review.openstack.org/#/c/327624/10:48
apeveckashyap, thanks for persiting on that backport :)10:49
apevecpersisting even!10:49
kashyapapevec: Heh, thanks for noticing10:49
kashyapNot just me though, there are others too, who pushed for it and chimed in.10:49
kashyapSo, the only addition here is that I added an explicit check for the ProcessLimits attribute -- if it's not present error out wtih a nice message.10:50
kashyapapevec: ^10:50
apevecyep, that was a compromise vs bumping min.ver10:51
kashyapYeah, seemed reasonable.  I agree (after some convincing by others) that doing a global-req bump might be a bit too disruptive.10:52
apeveckashyap, hmm, late comment from danpb ?11:04
apevecI've pulled +W for now11:05
kashyapapevec: Looking11:05
apevecit's already in gate queue, not sure if removing +w will prevent merge11:07
kashyapapevec: init_host() where?11:07
apevecdunno, ask danpb11:08
kashyapI'll check on -nova11:08
apevecbut probably he meant compute.manager ?11:08
apevecor add conditional and not use that attribute if missing11:09
apevecin qemu_img_info11:09
kashyapapevec: Yeah, I'm looking at the source to see where this could be it11:10
apeveckashyap, I'm not sure what woud relocating to init_host bring11:11
apevecit would still need conditional in qemu_img_info11:11
kashyapYeah, I don't have that code in my 'cache' in the head11:11
kashyapSo, add another conditional in qemu_img_info()  for QEMU_IMG_LIMITS?11:12
apevecyeah, that would avoid crash&burn danpb pointed out11:14
apevectry block is catching only processutils.ProcessExecutionError11:15
apevecand this would be NameError11:16
apevecNameError: name 'QEMU_IMG_LIMITS' is not defined11:16
kashyapapevec: So wrap the 'try' block in qemu_img_info() also under a similar the hasattr() check?11:17
* kashyap tries11:18
apeveckashyap, or just set QEMU_IMG_LIMITS = 0 in else? keyword param should be ignored in older oslo?11:25
kashyapapevec: You mean: QEMU_IMG_LIMITS = None?11:27
* kashyap will check11:29
apevecnm, it won't work11:32
apevecyou'll get UnknownArgumentError11:32
apeveckashyap, ^11:32
kashyapapevec: Thanks for confirming.  Did you also see the cpu_time attribute11:33
kashyaps/also see/also see Dan's comment on/11:33
kashyapOh, it's taken care by the first check anyway.11:34
apevecdamn oslo incompatibilities :)11:34
kashyapYeah, I'm not so involved in Oslo stuff so far :-)11:35
* kashyap back in a few, lunch11:37
apeveckashyap, what danpb is saying, that hasattr(processutils, 'ProcessLimits') is not enough, cpu_time was added only in 3.8.0 : https://github.com/openstack/oslo.concurrency/commit/8af826953d1ad2cab2ecf360e0c794de70a367c311:38
apevecah np, it was backported11:39
apevechttps://github.com/openstack/oslo.concurrency/commit/d65d931da8490576f0abf30f124ca3a032b481c711:39
apevecso issue is if someone is running some older versions from master, not latest stable/liberty11:40
kashyapapevec: Back now.  Reading your comment11:51
kashyapYeah, it was backported indeed11:51
apevecright, so issue would be for someone mixing liberty nova and certain range of master/mitaka oslo lib versions11:52
kashyapapevec: You mean "newer versions from master"?  Or some version that is not latest stable/liberty11:52
kashyapOh, dear.  Yeah...11:52
apevecthat would be under "unsupported" but still might want to catch that edge case11:52
apevecafaict ProcessLimits would throw ValueError11:53
kashyapapevec: Okay, thought this would be a straightforward one.  Now here I am... :-)11:57
kashyapThanks for your comments, so far!11:57
apevecI've added comment in review for danpb to see it11:58
kashyapapevec: Yeah, just noticed.  Thanks for adding it there (better place than here) too11:59
apeveckashyap, confirmed, oslo_concurrency 3.4.0 throws ValueError: invalid limits: cpu_time12:00
kashyapapevec: You just tested it?12:01
apevecyeah, in git checkout 3.4.012:01
apevecit is silly edge case, but let's make danpb happy ;)12:01
kashyapapevec: :-) Noted12:02
apevecimport oslo_concurrency.processutils as utils12:03
apevecutils.ProcessLimits(cpu_time=1)12:03
kashyapapevec: The error message while catching the ValueError would be would be:12:03
apeveckashyap, ^ works >= 3.6.012:03
kashyap"Please use oslo.concurrency" version 3.6.0 or above"12:04
kashyap?12:04
apevec"dude, Oslo and Nova branches do not mix well"12:04
kashyapLOL12:04
apeveckashyap, 3.8.0 or higher12:04
kashyapOkido, let me try the code locally12:05
apevecsorry, works >= 3.6.0 before was wrong!12:05
kashyapYeah, noted.12:06
apevec3.6.0 still fails, cpu_time came only in 3.812:06
kashyapapevec: Oh, right.  It's a mess12:07
kashyapSo: 3.6.1 or higher12:08
apevecno12:08
kashyapSigh, you said 3.8.0.  /me makes a proper note of what came in where first, to avoid confusing self12:09
apevecthere isn't 3.6.1 :)12:09
apevec3.8.0 is what worked12:10
apevecon master12:10
kashyapYeah12:10
kashyapThanks for testing!12:11
apevec3.7.1 was stable/mitaka backport which works too12:11
apevecso safest is to say >= 3.8.012:11
kashyapapevec: Yeah, makese sense12:15
*** mriedem has joined #openstack-stable12:43
kashyapapevec: When you get a sec, any quick comment on this diff? - http://paste.openstack.org/show/525592/12:46
kashyapNew change (the try block is now around 'prlimit') http://paste.openstack.org/show/525595/12:58
kashyapDisregard the above, needs a little more rework.13:12
*** mriedem has quit IRC13:45
apeveckashyap, you need to catch valueerror above, where setting cpu_time13:45
kashyapapevec: In the new change, I just used the try/except block around the creation of QEMU_IMG_LIMITS (and not checking on any attributes): https://review.openstack.org/#/c/327624/13:45
kashyapapevec: Please look at this new change (just using try/except at the creation of 'prlimit') without any explicit attribute check -- https://review.openstack.org/#/c/327624/7/nova/virt/images.py13:46
kashyapapevec: The above way, no need to explicitly check for attributes.  I hope it looks reasonable now.  Will let Jenkins run13:49
apeveckashyap, so that will only log error on init, but later will produce UnknownArgumentError  in qemu_img_info13:49
apevecwith incompat oslo.concurrecy13:49
apevecyou still need conditional there13:50
kashyapapevec: Okay, I'll add an explicit check around what you said there then13:50
kashyapI'll make a quick post here, if you don't mind.  (Instead of waiting on yet another CI run.)13:50
kashyapapevec: Does this look okay? - http://paste.openstack.org/show/525611/13:53
kashyapapevec: The conditional you request13:53
kashyaps/request/requested/13:53
apevecthat will still produce NameError: name 'QEMU_IMG_LIMITS' is not defined13:55
apevecunless you set NameError: QEMU_IMG_LIMITS = None is exception block13:55
apevecabove13:55
kashyapapevec: I see13:56
apevecalso not sure about raising value error13:56
kashyapapevec: I'll just raise regular exception13:56
*** tristanC has joined #openstack-stable13:56
kashyapapevec: Please comment when you have a sec: https://review.openstack.org/#/c/327624/8/nova/virt/images.py14:08
kashyapThanks for your patience.  Feel free to ignore this and get to something else :-)14:11
*** armax has joined #openstack-stable14:28
*** catintheroof has joined #openstack-stable14:33
apeveckashyap, almost there, just move one line :)14:48
kashyapapevec: Yeah, was out for a break14:48
kashyapapevec: Responding to Dan, _why_ updating global-req. is not an option, with the rationale pointer to the discussion here: https://review.openstack.org/#/c/333403/14:48
apevecyeah, I linked to that in my reply too14:50
kashyapOh, cool.14:53
*** armax has quit IRC14:57
*** amrith has quit IRC15:06
kashyapapevec: Before I upload, a quick once-over, does this address sahid/your comments: http://paste.openstack.org/show/525621/15:09
apeveckashyap, yes, that will work15:09
kashyapapevec: Thank you, let me submit that.15:09
*** amrith has joined #openstack-stable15:10
apeveclol, so we have declared madness now :)15:12
kashyapapevec: Haha, indeed15:13
kashyapapevec: I was just telling Dan on -nova that I wasn't disregarding his comment, but uploaded that PS9 _before_ noticing his comment15:14
kashyapapevec: Should I raise that thread to the mailing list?15:18
kashyapWith some thread like "Qorum on XYZ bug" with some context?15:19
*** arif-ali has quit IRC15:20
kashyapI'll just let it sit.  I'm done with it for today.15:20
kashyap(Until Matt comments with his stance.)15:21
apevecreqs change is already merged with u-c change only, we'll need new change with g-r bump15:24
kashyapapevec: I'll post that and let it continue there, maybe15:24
apevecI've commented in 33340315:25
* kashyap looks15:26
kashyapThanks for putting up with this15:26
kashyapapevec: https://review.openstack.org/337277 Bump 'global-requirements' for 'oslo.concurrency' to 2.6.115:37
kashyapHope the commit message gives some context to those just catching up15:37
apevec+215:42
kashyapThanks!15:45
*** rcernin has quit IRC16:03
*** arif-ali has joined #openstack-stable16:03
*** number80 has quit IRC16:20
*** number80 has joined #openstack-stable16:22
*** rcernin has joined #openstack-stable17:08
*** tesseract- has quit IRC17:09
*** pcaruana has quit IRC17:34
*** number80 has quit IRC17:37
*** number80 has joined #openstack-stable17:41
*** armax has joined #openstack-stable18:07
*** armax has quit IRC18:13
*** armax has joined #openstack-stable18:13
*** armax has quit IRC18:29
*** e0ne has joined #openstack-stable19:07
*** e0ne has quit IRC19:11
*** arif-ali has quit IRC19:31
*** arif-ali has joined #openstack-stable19:50
*** e0ne has joined #openstack-stable20:08
*** e0ne has quit IRC20:21
*** e0ne_ has joined #openstack-stable20:22
*** e0ne_ has quit IRC20:40
tonybstable meeting in ~5mins20:54
*** rcernin has quit IRC22:15
*** apevec has quit IRC22:24
*** catintheroof has quit IRC22:24
« Sunday, 2016-07-03 Index Tuesday, 2016-07-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!