Thursday, 2018-09-20

« Wednesday, 2018-09-19 Index Friday, 2018-09-21 »
*** longkb has joined #openstack-meeting00:29
*** gyee has quit IRC00:42
*** imacdonn has quit IRC00:49
*** hongbin_ has joined #openstack-meeting01:00
*** dalvarez has quit IRC01:00
*** mathiasb has quit IRC01:00
*** vabada has quit IRC01:00
*** tetsuro has joined #openstack-meeting01:07
*** mriedem_away has quit IRC01:08
*** imacdonn has joined #openstack-meeting01:09
*** slaweq has joined #openstack-meeting01:11
*** imacdonn has quit IRC01:14
*** vkmc|afk is now known as vkmc01:15
*** imacdonn has joined #openstack-meeting01:15
*** slaweq has quit IRC01:16
*** jamesmcarthur has joined #openstack-meeting01:25
*** dkrol has quit IRC01:32
*** erlon has joined #openstack-meeting01:35
*** _pewp_ has quit IRC01:46
*** _pewp_ has joined #openstack-meeting01:47
*** _hemna has quit IRC01:47
*** _hemna has joined #openstack-meeting01:49
*** erlon has quit IRC01:52
*** hyunsikyang has joined #openstack-meeting01:54
*** jamesmcarthur has quit IRC02:05
*** armax has joined #openstack-meeting02:05
*** yamahata has quit IRC02:09
*** iyamahat has quit IRC02:09
*** dtruong has quit IRC02:10
*** jamesmcarthur has joined #openstack-meeting02:22
*** iyamahat has joined #openstack-meeting02:27
*** ijw has quit IRC02:30
*** jamesmcarthur has quit IRC02:32
*** jamesmcarthur has joined #openstack-meeting02:39
*** yamahata has joined #openstack-meeting02:45
*** hongbin_ has quit IRC03:02
*** slaweq has joined #openstack-meeting03:11
*** slaweq has quit IRC03:16
*** radeks has joined #openstack-meeting03:19
*** radeks has quit IRC03:27
*** jamesmcarthur has quit IRC03:32
*** radeks has joined #openstack-meeting03:41
*** bobh has quit IRC03:45
*** bobh has joined #openstack-meeting03:58
*** jamesmcarthur has joined #openstack-meeting04:00
*** bobh has quit IRC04:03
*** tetsuro has quit IRC04:06
*** ijw has joined #openstack-meeting04:10
*** bobh has joined #openstack-meeting04:10
*** radeks has quit IRC04:11
*** ijw has quit IRC04:14
*** bobh has quit IRC04:15
*** bobh has joined #openstack-meeting04:21
*** bobh has quit IRC04:26
*** bobh has joined #openstack-meeting04:30
*** yamamoto has quit IRC04:35
*** yamamoto has joined #openstack-meeting04:35
*** yamamoto has quit IRC04:36
*** bobh has quit IRC04:38
*** jamesmcarthur has quit IRC04:49
*** janki has joined #openstack-meeting05:02
*** jamesmcarthur has joined #openstack-meeting05:03
*** jamesmcarthur has quit IRC05:08
*** jamesmcarthur has joined #openstack-meeting05:09
*** yamamoto has joined #openstack-meeting05:10
*** jamesmcarthur has quit IRC05:14
*** jamesmcarthur has joined #openstack-meeting05:20
*** jamesmcarthur has quit IRC05:24
*** alexchadin has joined #openstack-meeting05:39
*** Luzi has joined #openstack-meeting05:44
*** cloudrancher has joined #openstack-meeting05:46
*** cloudrancher has quit IRC05:50
*** jamesmcarthur has joined #openstack-meeting05:52
*** aojea has joined #openstack-meeting05:53
*** dtruong has joined #openstack-meeting05:54
*** kopecmartin has joined #openstack-meeting06:08
*** alexchadin has quit IRC06:08
*** cloudrancher has joined #openstack-meeting06:09
*** jamesmcarthur has quit IRC06:12
*** tetsuro has joined #openstack-meeting06:19
*** cloudrancher has quit IRC06:21
*** diablo_rojo has quit IRC06:25
*** ykatabam has quit IRC06:31
*** hyunsikyang has quit IRC06:33
*** cloudrancher has joined #openstack-meeting06:33
*** cloudrancher has quit IRC06:34
*** belmoreira has joined #openstack-meeting06:39
*** cloudrancher has joined #openstack-meeting06:39
*** slaweq has joined #openstack-meeting06:46
*** kopecmartin has quit IRC06:54
*** rcernin has quit IRC07:02
*** e0ne has joined #openstack-meeting07:16
*** janki has quit IRC08:13
*** janki has joined #openstack-meeting08:20
*** jamesmcarthur has joined #openstack-meeting08:24
*** janki has quit IRC08:28
*** jamesmcarthur has quit IRC08:28
*** jchhatba_ has joined #openstack-meeting08:29
*** kopecmartin has joined #openstack-meeting08:41
*** wznoinsk_ is now known as wznoinsk08:52
*** Bhujay has joined #openstack-meeting09:00
*** tetsuro has quit IRC09:28
*** jchhatba_ has quit IRC09:31
*** janki has joined #openstack-meeting09:31
*** belmoreira has quit IRC09:38
*** janki has quit IRC09:45
*** janki has joined #openstack-meeting09:51
*** jlvillal has quit IRC09:54
*** jlvillal has joined #openstack-meeting09:54
*** jchhatbar has joined #openstack-meeting10:00
*** janki has quit IRC10:03
*** pcaruana has joined #openstack-meeting10:04
*** alexchadin has joined #openstack-meeting10:27
*** alexchadin has quit IRC10:28
*** alexchadin has joined #openstack-meeting10:28
*** kopecmartin has quit IRC10:30
*** alexchadin has quit IRC10:33
*** ijw has joined #openstack-meeting10:34
*** ijw has quit IRC10:38
*** cloudrancher has quit IRC10:43
*** cloudrancher has joined #openstack-meeting10:43
*** cloudrancher has quit IRC10:43
*** jlvillal has quit IRC10:50
*** jlvillal has joined #openstack-meeting10:53
*** jchhatbar is now known as janki10:56
*** belmoreira has joined #openstack-meeting10:57
*** tetsuro has joined #openstack-meeting10:59
*** erlon has joined #openstack-meeting11:07
*** ijw has joined #openstack-meeting11:09
*** ijw has quit IRC11:13
*** pcaruana has quit IRC11:15
*** pcaruana has joined #openstack-meeting11:20
*** cloudrancher has joined #openstack-meeting11:20
*** kopecmartin has joined #openstack-meeting11:28
*** dangtrinhnt_x has joined #openstack-meeting11:28
*** alexchadin has joined #openstack-meeting11:28
*** pcaruana has quit IRC11:32
*** alexchadin has quit IRC11:33
*** longkb has quit IRC11:35
*** pcaruana has joined #openstack-meeting11:39
*** tssurya has joined #openstack-meeting11:39
*** ijw has joined #openstack-meeting11:45
*** dangtrinhnt_x has quit IRC11:45
*** ijw has quit IRC11:49
*** pcaruana has quit IRC11:50
*** ykatabam has joined #openstack-meeting11:58
*** kopecmartin has quit IRC12:00
*** kopecmartin has joined #openstack-meeting12:00
*** kopecmartin has quit IRC12:01
*** priteau has joined #openstack-meeting12:04
*** rbudden has joined #openstack-meeting12:07
*** alexchadin has joined #openstack-meeting12:08
*** dangtrinhnt_x has joined #openstack-meeting12:11
*** kopecmartin has joined #openstack-meeting12:12
*** dustins has joined #openstack-meeting12:26
*** dustins has quit IRC12:31
*** tpsilva has joined #openstack-meeting12:34
*** aloga has quit IRC12:35
*** dustins has joined #openstack-meeting12:35
*** aloga has joined #openstack-meeting12:36
*** davidsha has joined #openstack-meeting12:38
*** radeks has joined #openstack-meeting12:42
*** yamamoto has quit IRC12:42
*** yamamoto has joined #openstack-meeting12:42
*** dustins has quit IRC12:43
*** dustins has joined #openstack-meeting12:43
*** Bhujay has quit IRC12:43
*** ijw has joined #openstack-meeting12:44
*** Bhujay has joined #openstack-meeting12:44
*** Bhujay has quit IRC12:45
*** Bhujay has joined #openstack-meeting12:45
*** alexchadin has quit IRC12:48
*** alexchadin has joined #openstack-meeting12:48
*** ijw has quit IRC12:49
*** janki has quit IRC12:50
*** ykatabam has quit IRC12:51
*** cloudrancher has quit IRC12:56
*** raildo has joined #openstack-meeting12:58
*** alexchadin has quit IRC13:01
*** dangtrinhnt_x has quit IRC13:01
*** mriedem has joined #openstack-meeting13:06
*** finix has joined #openstack-meeting13:27
*** yamamoto has quit IRC13:29
*** liuyulong has joined #openstack-meeting13:42
*** ijw has joined #openstack-meeting13:45
*** mjturek has joined #openstack-meeting13:45
*** alexchadin has joined #openstack-meeting13:46
*** takashin has joined #openstack-meeting13:46
*** helenafm has joined #openstack-meeting13:47
*** johnthetubaguy has joined #openstack-meeting13:48
*** e0ne has quit IRC13:48
*** ijw has quit IRC13:49
*** mdbooth has joined #openstack-meeting13:50
*** radeks has quit IRC13:50
*** longkb has joined #openstack-meeting13:54
*** awaugama has joined #openstack-meeting13:56
*** litao has quit IRC14:00
gibi#startmeeting nova notification14:00
openstackMeeting started Thu Sep 20 14:00:13 2018 UTC and is due to finish in 60 minutes.  The chair is gibi. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: nova notification)"14:00
openstackThe meeting name has been set to 'nova_notification'14:00
gibihello everyone I will be your host today14:00
efriedō/14:00
takashino/14:00
dansmith\Oj14:00
*** mhen has joined #openstack-meeting14:00
bauzasnova notification ?14:00
Luzio/14:00
bauzaso_O14:00
efriedgibi: Incorrect meeting title14:00
mriedemo/14:00
tssurya0/14:00
gibi#endmeeting14:00
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:00
openstackMeeting ended Thu Sep 20 14:00:55 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/nova_notification/2018/nova_notification.2018-09-20-14.00.html14:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/nova_notification/2018/nova_notification.2018-09-20-14.00.txt14:00
openstackLog:            http://eavesdrop.openstack.org/meetings/nova_notification/2018/nova_notification.2018-09-20-14.00.log.html14:01
gibi#startmeeting nova14:01
openstackMeeting started Thu Sep 20 14:01:02 2018 UTC and is due to finish in 60 minutes.  The chair is gibi. Information about MeetBot at http://wiki.debian.org/MeetBot.14:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: nova)"14:01
openstackThe meeting name has been set to 'nova'14:01
mriedemo/^214:01
takashino/14:01
efriedō/ again14:01
dansmith\Oj14:01
gibisorry for the mixup14:01
mheno/14:01
bauzas\o14:01
Luzio/14:01
gibiold habits :)14:01
edleafe\o14:01
gibilet's get started14:02
*** annp_ has joined #openstack-meeting14:02
gibi#topic release news14:02
*** openstack changes topic to "release news (Meeting topic: nova)"14:02
gibiwe have a Stein release schedule #link Stein release schedule: https://wiki.openstack.org/wiki/Nova/Stein_Release_Schedule14:02
gibi#link Stein runway etherpad: https://etherpad.openstack.org/p/nova-runways-stein14:02
gibi#link runway #1: Resource retrieving: add changes-before filter (brinzhang) [END: 2018-10-01] ; patch is the gate queue14:03
gibi#link runway #2: https://blueprints.launchpad.net/nova/+spec/api-extensions-merge-stein (gmann) [END: 2018-10-03] ; one patch left #link https://review.openstack.org/#/c/603831/14:03
gibi#link runway #3: <empty>14:03
gibithe queue is empty so the last slot is still empty14:03
*** cdent has joined #openstack-meeting14:03
gibiif you have someting that is ready for review then put that on the etherpad14:03
*** jaypipes is now known as jaypipes-ooo14:03
gibianyting else about release or runways to talk about?14:04
*** bobh has joined #openstack-meeting14:04
gibi#topic bugs14:04
*** openstack changes topic to "bugs (Meeting topic: nova)"14:05
gibithere is no Critical bug on our list14:05
gibi#link 65 new untriaged bugs (up 15 since the last meeting): https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New14:05
gibi#link 24 untagged untriaged bugs (up 14 since the last meeting): https://bugs.launchpad.net/nova/+bugs?field.tag=-*&field.status%3Alist=NEW14:05
gibi#link bug triage how-to: https://wiki.openstack.org/wiki/Nova/BugTriage#Tags14:05
gibi#help need help with bug triage14:05
gibithere is an increase in the bugtriage queue most probably due to the PTG last week14:05
gibianything bug related we need to discuss?14:06
*** mdbooth has quit IRC14:06
*** mdbooth has joined #openstack-meeting14:07
gibigate status #link check queue gate status http://status.openstack.org/elastic-recheck/index.html14:07
gibizuul is slow due to missing resources: #link http://lists.openstack.org/pipermail/openstack-dev/2018-September/134867.html14:07
mriedemthe gate is f'ed14:07
mriedemit's not only missing nodes14:07
mriedemwe need to get the categorization rate up on http://status.openstack.org/elastic-recheck/data/integrated_gate.html14:08
bauzasyup14:08
mriedem13.3% means we don't know what is failing14:08
mriedembut lots of stuff is failing and resetting the gate14:08
mriedemwhich is why it's taking multiple days to merge anything14:08
mriedemthat's it14:09
*** mschuppert has joined #openstack-meeting14:09
gibimriedem: thanks. then we need to do categorization and file bugs for not yet reported problems I guess14:09
bauzasuncategorized doesn't really see a pattern for me but I can try to look at14:09
gibibauzas: thanks14:10
*** annabelleB has joined #openstack-meeting14:10
gibi#topic reminders14:10
*** openstack changes topic to "reminders (Meeting topic: nova)"14:10
gibi#link Forum session topic call for presentations is due Sept 26: https://etherpad.openstack.org/p/nova-forum-stein14:10
gibi#link Stein Subteam Patches n Bugs: https://etherpad.openstack.org/p/stein-nova-subteam-tracking14:11
gibianything else we need to remind ourselves?14:11
mriedemon the forum thing,14:12
mriedemour etherpad cupboard is very bare https://etherpad.openstack.org/p/nova-forum-stein14:12
* stephenfin wanders in14:12
mriedemi don't have any great ideas, except nominating dan to talk about something14:13
mriedemalthough,14:13
mriedemdansmith: i noticed yesterday the public cloud wg already has a forum session proposal for changing ownership, so this would just roll into that14:13
dansmithah cool14:13
mriedemhttps://etherpad.openstack.org/p/BER-forum-public-cloud14:13
mriedemwould be nice if we could see what other people are submitting like the before times...14:14
mriedemtobberydberg: ^14:14
mriedemwe can move on14:14
gibimriedem: one thing I can think of is checking on cyborg-nova integration status as we talked a lot about that in Denver last week14:14
johnthetubaguycould do a policy and quota direction refresh thing? but that is probably covered in keystone proposed sessions, I would assume14:15
mriedemyou think a lot is going to be done by the time we get to berlin?14:15
mriedemjohnthetubaguy: without knowing what's been proposed it's hard to tell...14:15
mriedemi feel a rant coming on in the ML14:15
johnthetubaguyyeah14:15
gibimriedem: I hope there will be progress in cyborg-nova. at least issues discovered during spec writing14:16
bauzaswell14:16
bauzasI feel it's too early to ask operators to chime on cyborg/nova14:16
bauzasgiven they don't exactly know how things will work, right?14:16
bauzaslike, I could be tempted to ask operators to come by and talk about vGPUs14:17
gibibauzas: right14:17
johnthetubaguythe previous forum session on that topic was fairly pointless, not sure there is new info yet14:17
bauzasbut honestly, the numbers of people both interested and running queens would be super low14:17
bauzasI was thinking of a bug triage session to see whether we could get some operators helping us14:18
gibiOK, at least we tried to gather ideas about forum sessions :)14:18
bauzasfiling a bug is one thing14:18
bauzastriaging the bug could be a thing for some operators that have good experience on the product14:18
*** nguyenhai has quit IRC14:18
bauzasand that would one way to get more involved on projects (heh, tobberydberg)14:19
bauzaswould be*14:19
*** nguyenhai has joined #openstack-meeting14:19
gibibauzas: let's add that idea to the etherpad14:19
bauzasgibi: well, the etherpad is one thing, but the submissions are already open14:19
bauzasI can post a proposal, but nobody will be able to review it14:20
bauzasand I don't know who the review committee is14:20
*** cloudrancher has joined #openstack-meeting14:20
bauzasTC ?14:20
gibibauzas: I think it is worth trying to gather operators for bug triage14:20
johnthetubaguysome folks from TC + UC I think14:20
bauzasanyway, 20 mins just for that is too long, we should move on14:20
bauzasI'll just write a proposal and see what people think14:20
mriedemit's hard enough to get operators to report bugs, i don't think there is much hope for getting them to also triage bugs14:20
mriedemif we can even get our core team to triage bugs14:20
mriedem*can't14:21
*** claudiub has joined #openstack-meeting14:21
mriedembut yeah let's move on14:21
dansmithplease14:21
*** alexchadin has quit IRC14:21
gibi#topic stable branch status14:21
*** openstack changes topic to "stable branch status (Meeting topic: nova)"14:21
gibi#link stable/rocky: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/rocky,n,z14:21
gibi#link stable/queens: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/queens,n,z14:21
gibi#link stable/pike: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/pike,n,z14:21
gibi#link stable/ocata: https://review.openstack.org/#/q/status:open+project:openstack/nova+branch:stable/ocata,n,z14:22
gibithere are stable patches waiting in the gate queue as far as I see14:22
mriedemyes, lots,14:22
mriedemi have release requests up for rocky, queens and pike, stacked up,14:22
bauzastime for reviews then14:22
mriedembut was waiting for the rocky/queens approved changes to flush through before doing the actual release14:22
mriedemthe reviews have happened for the most part,14:22
mriedemi mean, feel free - there are lots of open pike reviews14:23
mriedembut i'm waiting for what's approved to merge before doing the release14:23
mriedemand that's taking 3+ days because of the gate issues14:23
gibimriedem: thanks for the update14:23
gibianything else about the stable branches?14:23
*** radeks has joined #openstack-meeting14:23
gibi#topic subteam highlights14:24
*** openstack changes topic to "subteam highlights (Meeting topic: nova)"14:24
gibidansmith: cellv214:24
dansmithno cells meeting this week, not much to report since ptg14:24
gibiefried: scheduler14:24
*** alexchadin has joined #openstack-meeting14:25
efriedI was not present; jaypipes-ooo ran the meeting. I assume ooo means he's not here to talk about it (either that or we're just supposed to be really impressed)14:25
cdenti'm pretty sure there was no scheduler meeting. efried was out, i was out, and last I checked there was no log14:25
gibithanks14:25
efriedThe logs are here: http://eavesdrop.openstack.org/meetings/scheduler/2018/scheduler.2018-09-17-13.59.log.html (jaypipes-ooo used 'scheduler' instead of 'nova_scheduler')14:25
gibigibi: notification14:26
gibithere was no meeting14:26
bauzaswe had a scheduler meeting14:26
gibibauzas: do you have a summary?14:26
bauzaswell, I was a bit off for 20 mins during that meeting14:26
mriedemtetsuro has a spec up for the !member_of thing14:27
gibiI was also there but don't have memories14:27
cdentthanks efried14:27
mriedemi think that was about it14:27
gibiOK14:27
mriedemand i asked for a recap on the consumer generation series14:28
gibimriedem: ohh yes now I remember about that :)14:28
bauzaswe basically discussed a bit of CPU pinning PCPU resources, about the negative member_of, some reshape questions and some NUMATopologyFilter case14:28
bauzasnothing really more than a PTG follow-up14:28
gibiOK14:28
gibiSo there was no notification meeting but I sent the word out about the deprecation we agreed about on the PTG #link http://lists.openstack.org/pipermail/openstack-dev/2018-September/134721.html14:29
gibithat is all about notifications14:29
gibigmann: API14:29
gibithere is notes on the agenda14:29
gibiNo API office hour this week.14:29
gibiAdded the API cleanup items in spec. need Feedback on those -https://review.openstack.org/#/c/603969/14:29
gibiany other subteam active at the moment?14:30
gibi#topic stuck reviews14:30
*** openstack changes topic to "stuck reviews (Meeting topic: nova)"14:30
gibinothing on the agenda14:30
gibi#topic open discussion14:31
*** openstack changes topic to "open discussion (Meeting topic: nova)"14:31
gibithere is one item on the agenda14:31
gibi(gibi): seeking for approval of the specless bp https://blueprints.launchpad.net/nova/+spec/use-nested-allocation-candidates14:31
claudiubalso, review the mock autospec patch? :D https://review.openstack.org/#/c/470775/14:31
gibiclaudiub: sure :)14:32
claudiubwoohoo :D14:32
gibias we discussed this bp is prerequisit for every nested scheduling work in nova14:32
mriedemi'm good with https://blueprints.launchpad.net/nova/+spec/use-nested-allocation-candidates of course, it's needed to make sure we can even use NRPs including scheduling to child VGPU providers14:32
gibiI've rebased the patch series14:32
gibiand also added more functional tests to cover nested allocations during instance move operations14:33
gibithis last step uncovered some faulty edge cases as we expected14:33
gibibut there is a lot of patch in the series before that to review14:33
gibithe impl series starts here https://review.openstack.org/#/c/59159714:34
gibimriedem: thank14:34
mriedemdansmith: bauzas: i'm assuming you're ok with this too14:34
mriedemi'll approve if so14:34
efriedso we decided we don't need a spec or anything that enumerates all the bits and pieces we want to be checking for nrp viability?14:34
gibiany objection approving the bp?14:34
efriedbecause it's basically try-everything-and-see-what-breaks-and-fix-it?14:35
bauzasmriedem: yup14:35
gibiefried: I think we did.14:35
gibiefried: I addes a short summary in the bp14:35
dansmithyeah14:35
bauzasefried: I think we tried to identify the gaps for n-rp at PTG and none was requiring a spec, rather14:35
efriedwfm, just making sure.14:36
gibiefried: also if you feel I missed things in the test coverage then I'm happy to add more tests14:36
gibicool14:36
efriedgibi? Miss a test? NEVER!14:36
gibimriedem: thanks for the approve14:36
mriedemthrow it in runways14:36
gibimriedem: I will after the meeting14:36
gibimriedem: at least the first couple of patches14:36
gibimoving on14:36
gibiclaudiub: do you want to talk about your patch?14:37
claudiubeh, it had a +2 from stephenfin14:37
*** Luzi has quit IRC14:37
claudiubthere are a few changes outside of nova/tests though14:38
gibiclaudiub: OK, I will try to get to it14:38
claudiubsince some signatures weren't being respected in some cases.14:38
mriedemhttps://review.openstack.org/#/c/470775/38/nova/test.py is the meat right?14:39
mriedemmock the mock14:39
claudiubsorry, i didn't quite get what you meant14:40
mriedemi mean,14:40
mriedemMockAutospecFixture is globally mocking mock so that all mock.patch* calls are autospeccing14:40
claudiubyep14:40
mriedemis there a significant time difference in the test runs with this?14:40
mriedemdoesn't look like it14:41
claudiub~30 seconds maybe14:41
*** rbudden has quit IRC14:41
claudiubin total14:41
mriedemok14:41
gibianything else to discuss before we close the meeting?14:42
mheno/14:42
gibimhen: go ahead14:42
mhensorry I didn't put it on the agenda14:42
gibimhen: no problem14:42
mhenhttps://bugs.launchpad.net/nova/+bug/179315914:42
openstackLaunchpad bug 1793159 in OpenStack Compute (nova) "no signature check for cached images" [Undecided,New]14:42
mhenI'd like to discuss the proposal there14:43
johnthetubaguyoh, right, I think I pointed someone at a email thread from when we removed the md5 checks on cached images14:44
mhenthat was presumably Luzi, she's on my team14:44
johnthetubaguyyes, that's right, it was Luzi14:44
* johnthetubaguy is trying to find the link again14:44
mhenhowever, this is about actual signatures (as stored in Glance metadata) - I assume the md5 check was some local hash only used by Novas caching mechanism?14:45
johnthetubaguybefore we said it provides minimal extra protection, as once you have access to the cache its game over14:45
johnthetubaguyit was md5 matching the glance md5, as thats all the signature we had at the time14:45
mhenoh I see14:45
johnthetubaguythere was a bit rot discussion, and we decided protecting against bit rot is out of scope for Nova really14:46
mhenin our case it's not against bit rot but rather against tampering14:47
mhenI pointed out some arguments in the bug report I linked14:47
johnthetubaguyright, that was the previous comment, if you can tamper with the image cache, its basically game over, you have root on the hypervisor14:47
*** yamamoto has joined #openstack-meeting14:48
johnthetubaguyright, NFS is a different attack surface I guess14:48
mhenmaybe some of you can provide some more input on the bug report, I don't want to hijack the meeting for a detailed technical discussion about this14:49
johnthetubaguyI guess we need clarity on the specific use case this helps, sounds like image cache on external storage, but local instance disk encrypted?14:49
mhenjohnthetubaguy, you're right about the scenario14:49
*** gagehugo has joined #openstack-meeting14:50
gibimhen: could you add the specific use case to the bug. I hope that mbooth and mriedem will check back on the bug report14:50
johnthetubaguy+114:51
mhenI kinda described it within my comments on the report so far, but if desired I can also add a summarized use case additionally14:51
gibimhen: cool, thanks14:51
*** Bhujay has quit IRC14:51
gibianything else to discuss today?14:52
mriedemthis is way over my head fwiw14:52
mriedemwhich is why i roped mdbooth into it14:52
gibimriedem: and as you typed the proper irc name he is now pinged :)14:52
gibiif nothing else then thanks for everyone14:53
mhenthanks guys, I will add a use case scenario description to the report14:53
gibimhen: thanks14:53
gibi#endmeeting14:53
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:53
openstackMeeting ended Thu Sep 20 14:53:49 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:53
openstackMinutes:        http://eavesdrop.openstack.org/meetings/nova/2018/nova.2018-09-20-14.01.html14:53
mdboothjohnthetubaguy: I was extremely sceptical of the security argument.14:53
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/nova/2018/nova.2018-09-20-14.01.txt14:53
openstackLog:            http://eavesdrop.openstack.org/meetings/nova/2018/nova.2018-09-20-14.01.log.html14:53
johnthetubaguymdbooth: me too14:54
*** takashin has left #openstack-meeting14:54
johnthetubaguymdbooth: seems like "security theatre" stuff, i.e. no real extra protection, but stops auditors getting twitchy about things14:55
cdentthanks gibi14:55
mdboothjohnthetubaguy: But costs actual compute resources and complicates the code.14:56
*** cdent has left #openstack-meeting14:56
*** e0ne has joined #openstack-meeting14:56
*** Swami has joined #openstack-meeting14:57
*** annp_ has quit IRC14:57
mhenI see it as a defense-in-depth mechanism honestly - about the cost: making it optional via a config entry (defaulting to off) would be fine imo, nova's ephemeral storage encryption isn't active per default either, but helps in security focused environments14:58
*** mdbooth has quit IRC15:00
*** mdbooth has joined #openstack-meeting15:00
gagehugo#startmeeting security15:01
openstackMeeting started Thu Sep 20 15:01:09 2018 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
*** openstack changes topic to " (Meeting topic: security)"15:01
openstackThe meeting name has been set to 'security'15:01
gagehugo#chair lhinds15:01
openstackCurrent chairs: gagehugo lhinds15:01
*** helenafm has left #openstack-meeting15:01
*** longkb has quit IRC15:01
* fungi is around, but also in tc office hour15:01
gagehugoping eeiden fungi gagehugo lhinds nickthetait browne redrobot15:02
gagehugoo/15:02
*** zaneb has quit IRC15:02
gagehugo#link https://etherpad.openstack.org/p/security-agenda15:02
gagehugoagenda15:02
*** bswartz has joined #openstack-meeting15:03
*** zaneb has joined #openstack-meeting15:03
*** yamamoto has quit IRC15:03
*** alexchadin has quit IRC15:04
gagehugo#topic OSSN/OSSA15:04
*** openstack changes topic to "OSSN/OSSA (Meeting topic: security)"15:04
*** dklyle has joined #openstack-meeting15:04
gagehugoThere has been discussion about: https://bugs.launchpad.net/neutron/+bug/146105415:05
openstackLaunchpad bug 1461054 in neutron kilo "[OSSA 2015-012] Adding 0.0.0.0/0 to allowed address pairs breaks l2 agent (CVE-2015-3221)" [Critical,Fix committed] - Assigned to Tristan Cacqueray (tristan-cacqueray)15:05
fungiyeah, i just switched that to public a couple hours ago15:06
gagehugoah15:06
fungiconsensus seems to be that documentation somewhere should mention this as a potential foot cannon15:06
fungiand probably also warrants an ossn15:07
gagehugowait15:07
gagehugo#link https://bugs.launchpad.net/neutron/+bug/179302915:07
openstackLaunchpad bug 1793029 in OpenStack Security Notes "adding 0.0.0.0/0 address pair to a port bypasses all other vm security groups" [Undecided,New]15:07
gagehugowrong bug :p15:07
fungioh, yep!15:07
* gagehugo grabbed a stray launchpad link in the thread15:07
*** longkb has joined #openstack-meeting15:08
*** longkb has quit IRC15:08
fungiit had a very similar-looking title ;)15:08
fungifooled me for a sec too15:08
gagehugoheh15:08
gagehugoother than that, I don't remember seeing anything else15:08
fungithat's the only new public one i'm aware of15:09
fungithere were some oslo library security fixes which i think may have been switched to public just before or during the ptg, but not for deliverables overseen by the vmt15:09
*** rbudden has joined #openstack-meeting15:10
fungiin the future it might be nice to get more of oslo under vmt oversight15:10
gagehugogood point15:10
*** finix has quit IRC15:10
gagehugodo you know which ones are covered currently?15:11
*** finix has joined #openstack-meeting15:11
fungialso a semi-vulnerability in openstackclient got posted recently i think (depending on how you use the --password option it may include the password string in its debug logs)15:11
fungicastellan and oslo.config15:12
fungi#link https://governance.openstack.org/tc/reference/tags/vulnerability_managed.html#tag-vulnerability-managed15:12
* gagehugo bookmarks15:12
fungithat's also linked from the vmt process document:15:13
fungi#link https://security.openstack.org/vmt-process.html#supported-versions15:13
gagehugooslo.cache has a draft up to be covered15:13
gagehugobut it'd be nice to get the other ones too15:13
gagehugo#topic documentation15:15
*** openstack changes topic to "documentation (Meeting topic: security)"15:15
gagehugono updates here afaik15:15
gagehugo#topic vmt managed15:16
*** openstack changes topic to "vmt managed (Meeting topic: security)"15:16
gagehugooslo.cache draft is here: https://review.openstack.org/#/c/527202/15:16
gagehugoalong with pycadf: https://review.openstack.org/#/c/529945/15:17
gagehugoand keystoneauth: https://review.openstack.org/#/c/526476/15:17
gagehugo#topic General Discussion15:17
*** openstack changes topic to "General Discussion (Meeting topic: security)"15:17
*** jamesmcarthur has joined #openstack-meeting15:18
gagehugofungi: any other updates?15:18
*** kopecmartin has quit IRC15:18
funginope. did anyone have any highlights from the ptg?15:18
fungii wasn't able to hang out in the security/barbican room any15:19
gagehugoI was in there on Tue, only session we had was a presentation about Unified Trust Management15:19
gagehugohttps://etherpad.openstack.org/p/security-stein-ptg15:19
fungiis there a plan to get a summary posted to the -dev ml?15:19
gagehugofungi: I will do that today or tomorrow15:20
fungino rush, just curious. thanks!15:20
* fungi has as a ptl sometimes taken nearly a momth to post ptg summaries, fwiw)15:21
fungier, month15:21
gagehugoheh15:21
gagehugowell it will be a short summary15:21
*** cloudrancher has quit IRC15:21
*** redrobot has joined #openstack-meeting15:22
*** kopecmartin has joined #openstack-meeting15:22
gagehugowill give everyone a few mins extra back15:23
gagehugofungi: thanks!15:23
gagehugo#endmeeting15:23
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:23
openstackMeeting ended Thu Sep 20 15:23:50 2018 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:23
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2018/security.2018-09-20-15.01.html15:23
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2018/security.2018-09-20-15.01.txt15:23
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2018/security.2018-09-20-15.01.log.html15:23
fungithanks gagehugo!15:25
*** cloudrancher has joined #openstack-meeting15:48
*** gyee has joined #openstack-meeting15:58
*** finix has quit IRC16:00
*** cloudrancher has quit IRC16:13
*** liuyulong has quit IRC16:13
*** annabelleB has quit IRC16:15
*** kopecmartin is now known as kopecmartin|away16:21
*** annabelleB has joined #openstack-meeting16:24
*** devananda has joined #openstack-meeting16:28
*** jamesmcarthur has quit IRC16:30
*** aojea has quit IRC16:32
*** diablo_rojo has joined #openstack-meeting16:36
*** Swami has quit IRC16:36
*** Bhujay has joined #openstack-meeting16:40
*** e0ne has quit IRC16:41
*** Bhujay has quit IRC16:41
*** Bhujay has joined #openstack-meeting16:42
*** radez has quit IRC16:42
*** radez has joined #openstack-meeting16:43
*** mdbooth has quit IRC16:43
*** ekcs has quit IRC16:48
*** afazekas has joined #openstack-meeting16:52
*** davidsha has quit IRC16:57
*** devananda has quit IRC17:00
*** yamamoto has joined #openstack-meeting17:03
*** jamesmcarthur has joined #openstack-meeting17:04
*** devananda has joined #openstack-meeting17:04
*** jamesmcarthur has quit IRC17:05
*** jamesmcarthur has joined #openstack-meeting17:05
*** Swami has joined #openstack-meeting17:05
*** yamamoto has quit IRC17:20
*** tssurya has quit IRC17:20
*** mjturek has quit IRC17:28
*** ekcs has joined #openstack-meeting17:30
*** rbudden has quit IRC17:32
*** Bhujay has quit IRC17:34
*** dtruong has quit IRC17:34
*** iyamahat has quit IRC17:45
*** yamahata has quit IRC17:45
*** annabelleB has quit IRC17:50
*** yamamoto has joined #openstack-meeting17:50
*** mjturek has joined #openstack-meeting17:50
*** yamamoto has quit IRC17:56
*** iyamahat has joined #openstack-meeting17:57
*** jamesmcarthur has quit IRC18:00
*** annabelleB has joined #openstack-meeting18:01
*** iyamahat_ has joined #openstack-meeting18:02
*** slaweq has quit IRC18:03
*** iyamahat has quit IRC18:04
*** jamesmcarthur has joined #openstack-meeting18:07
*** e0ne has joined #openstack-meeting18:10
*** slaweq has joined #openstack-meeting18:11
*** yamahata has joined #openstack-meeting18:14
*** slaweq has quit IRC18:16
*** munimeha1 has joined #openstack-meeting18:16
*** Leo_m has joined #openstack-meeting18:28
*** annabelleB has quit IRC18:30
*** annabelleB has joined #openstack-meeting18:33
*** gagehugo has left #openstack-meeting18:34
*** dtruong has joined #openstack-meeting18:35
*** radeks has quit IRC18:46
*** radeks has joined #openstack-meeting18:46
*** e0ne has quit IRC19:03
*** radeks has quit IRC19:22
*** dustins has quit IRC19:22
*** jamesmcarthur has quit IRC19:25
*** e0ne has joined #openstack-meeting19:30
*** jamesmcarthur has joined #openstack-meeting19:33
*** jamesmcarthur has quit IRC19:33
*** e0ne has quit IRC19:34
*** belmoreira has quit IRC19:35
*** tssurya has joined #openstack-meeting19:35
*** awaugama has quit IRC19:41
*** jamesmcarthur has joined #openstack-meeting19:42
*** e0ne has joined #openstack-meeting19:43
*** slaweq has joined #openstack-meeting19:53
*** yamamoto has joined #openstack-meeting19:58
*** yamamoto has quit IRC20:06
*** erlon has quit IRC20:07
*** slaweq has quit IRC20:08
*** rbudden has joined #openstack-meeting20:09
*** slaweq has joined #openstack-meeting20:11
*** dustins has joined #openstack-meeting20:12
*** priteau has quit IRC20:13
*** slaweq has quit IRC20:15
*** bobh has quit IRC20:25
*** bobh_ has joined #openstack-meeting20:25
*** tssurya has quit IRC20:35
*** dtruong has quit IRC20:47
*** raildo has quit IRC21:02
*** bobh_ has quit IRC21:06
*** claudiub has quit IRC21:15
*** mjturek has quit IRC21:27
*** munimeha1 has quit IRC21:29
*** dustins has quit IRC21:31
*** rbudden has quit IRC21:33
*** tetsuro has quit IRC21:35
*** ykatabam has joined #openstack-meeting21:36
*** e0ne has quit IRC21:36
*** tetsuro has joined #openstack-meeting21:37
*** radeks has joined #openstack-meeting21:38
*** bobh has joined #openstack-meeting21:45
*** rbudden has joined #openstack-meeting21:49
*** jamesmcarthur has quit IRC21:50
*** jamesmcarthur has joined #openstack-meeting21:51
*** jamesmcarthur has quit IRC21:53
*** bobh has quit IRC21:53
*** dtruong has joined #openstack-meeting21:54
*** jamesmcarthur has joined #openstack-meeting21:55
*** bobh has joined #openstack-meeting21:59
*** bobh has quit IRC21:59
*** ekcs has quit IRC22:02
*** DinaBelova has quit IRC22:04
*** DinaBelova has joined #openstack-meeting22:06
*** ekcs has joined #openstack-meeting22:06
*** jamesmcarthur has quit IRC22:06
*** jamesmcarthur has joined #openstack-meeting22:07
*** yamamoto has joined #openstack-meeting22:08
*** dtruong has quit IRC22:09
*** dtruong has joined #openstack-meeting22:09
*** radeks has quit IRC22:10
*** radeks has joined #openstack-meeting22:11
*** jamesmcarthur has quit IRC22:13
*** jamesmcarthur has joined #openstack-meeting22:13
*** jamesmcarthur has quit IRC22:20
*** jamesmcarthur has joined #openstack-meeting22:20
*** jamesmcarthur has quit IRC22:23
*** yamamoto has quit IRC22:24
*** rbudden has quit IRC22:25
*** radeks_ has joined #openstack-meeting22:28
*** radeks has quit IRC22:31
*** xyang has quit IRC22:48
*** david-lyle has joined #openstack-meeting22:49
*** annabelleB has quit IRC22:50
*** dklyle has quit IRC22:51
*** manjeets has quit IRC22:51
*** Leo_m has quit IRC22:52
*** rcernin has joined #openstack-meeting22:53
*** ekcs has quit IRC23:00
*** mriedem is now known as mriedem_away23:10
*** slaweq has joined #openstack-meeting23:11
*** slaweq has quit IRC23:16
*** erlon has joined #openstack-meeting23:16
*** radeks_ has quit IRC23:20
*** hongbin has quit IRC23:24
*** andreykurilin has quit IRC23:34
*** andreykurilin has joined #openstack-meeting23:35
*** rcernin has quit IRC23:36
*** rcernin has joined #openstack-meeting23:36
*** gyee has quit IRC23:41
*** jamesmcarthur has joined #openstack-meeting23:43
*** Swami has quit IRC23:45
*** jamesmcarthur has quit IRC23:46
*** jamesmcarthur_ has joined #openstack-meeting23:46
*** dtruong has quit IRC23:46
*** dtruong has joined #openstack-meeting23:47
« Wednesday, 2018-09-19 Index Friday, 2018-09-21 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!