Thursday, 2018-10-25

*** vishalmanchanda has quit IRC15:03
gagehugo#startmeeting security15:04
openstackMeeting started Thu Oct 25 15:04:58 2018 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:05
*** openstack changes topic to " (Meeting topic: security)"15:05
openstackThe meeting name has been set to 'security'15:05
* gagehugo totally didn't lose track of time15:05
*** tobberydberg has joined #openstack-meeting15:05
gagehugoping eeiden fungi gagehugo lhinds nickthetait browne redrobot15:06
gagehugoLuzi: o/15:06
* fungi is triple-booked between board of directors call, tc office hour and this meeting, just to set expectations ;)15:06
gagehugoprobably will be a pretty quick meeting, there was one issue in glance15:09
openstackLaunchpad bug 1799588 in OpenStack Security Advisory "non-admin users can see all tenants' images even when image is private" [Undecided,Incomplete]15:09
*** yamamoto has quit IRC15:09
gagehugocould be a policy/configuration issue, but not sure15:10
*** yamamoto has joined #openstack-meeting15:10
gagehugoLuzi: Do you have anything?15:10
gagehugothese meetings are usually pretty informal15:10
Luziyou might have already read it on the ml or in some projects irc meetings15:10
Luziwe want to propose Image encryption to openstack15:11
Luzithis is a cross project proposal and should adress the confidentiality of images15:11
gagehugoThis thread:
Luziwe have already written specs for nova, cinder and glance15:12
gagehugodo you have links for those on you?15:13
*** erlon has quit IRC15:13
*** tobberydberg has quit IRC15:13
Luziit would be nice to have also input from the security side :)15:14
gagehugoI'll put them on the agenda so I remember to read them later15:14
*** jamesmcarthur has joined #openstack-meeting15:15
Luzithank you, it would be nice to discuss this further maybe next week or in the scurity channel :)15:15
gagehugoLuzi: Sure, yeah I'll try to read them over before next meeting15:16
*** yamamoto has quit IRC15:16
Luzigagehugo, thanks :)15:16
gagehugofungi: Not to bug you, did you have anything for this week?15:17
funginothing really, no15:17
fungithanks though!15:17
fungijust barely keeping up with all the conversations going on at once, sorry15:17
gagehugofungi: heh15:17
gagehugoI put the links on the security agenda for Luzi's specs15:17
gagehugootherwise I think we can end early15:17
*** helenafm has quit IRC15:18
gagehugoLuzi fungi thanks for coming!15:19
*** openstack changes topic to "OpenStack Meetings ||"15:19
openstackMeeting ended Thu Oct 25 15:19:45 2018 UTC.  Information about MeetBot at . (v 0.1.4)15:19
openstackMinutes (text):
fungithanks gagehugo!15:20
melwitt#startmeeting nova21:00
openstackMeeting started Thu Oct 25 21:00:08 2018 UTC and is due to finish in 60 minutes.  The chair is melwitt. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:00
*** openstack changes topic to " (Meeting topic: nova)"21:00
openstackThe meeting name has been set to 'nova'21:00
melwitthi everyone, welcome21:00
*** cloudrancher has quit IRC21:01
melwittlet's make a start21:01
melwitt#topic Release News21:01
*** openstack changes topic to "Release News (Meeting topic: nova)"21:02
*** cloudrancher has joined #openstack-meeting21:02
melwitt#link Stein release schedule:
*** larainema has quit IRC21:02
melwitttoday is milestone 1, so we'll be releasing the first nova beta21:02
melwitt#info Today is s-1 and we'll be proposing releases for master and stable branches today. os-traits and python-novaclient have already been released this week. os-vif release has been proposed earlier this week.21:02
melwittstable branches don't have to be today, depending on whether we'll want to land specific things before proposing the release21:03
melwitt#link Stein runway etherpad:
melwitt#link runway #1: (bauzas/naichuan) [END: 2018-11-08] and
*** erlon has quit IRC21:03
melwittonly have one runway occupied at the moment21:03
efriedeek, /me should really be paying attention to that. /me curses $work21:03
efriedthat shouldn't be marked against bp reshape-provider-tree21:04
melwittgibi's nested-resource-allocations recently left a runway but review is still needed, so let's keep paying attention to that. and really we should just put it back in the queue since nothing else is in the queue21:04
efriedI expressed why in one of the reviews.21:04
melwittoh, hm21:04
efriedWe should totally still review it21:05
melwittwhere should it go then? is it part of the catch-all for NRP?21:05
efriedIt's a vgpu thing.21:05
efriedIt should be in the same bp as the rest of the xen vgpu stuff.21:05
melwittok, I'll take a look21:05
mriedemwell, you could argue that for the libvirt change as well then21:05
mriedem(1) reshape to put vgpu inventory on child provider,21:05
mriedem(2) add support for multiple vgpu types21:05
mriedemthe former is the reshape bp, the latter is the vgpu-stein bp21:06
efriedAnd every other blueprint ever in the future that makes use of reshape to satisfy some upgrade scenario related to some feature.21:06
mriedemwe only need to reshape vgpu right now21:06
mriedemi think that was the target for that bp21:06
mriedemstuff like pcpu/vcpu would be part of a different spec imo21:06
efriedwe're not going to pick out some patch in the middle of a bp series in the X release and retroactively mark it against the reshape bp. So we shouldn't do that here either.21:07
efriedwas my reasoning.21:07
mriedemthe reshape bp is targeted to stein you know21:07
mriedemdo you consider it done?21:07
mriedemif not, what gets to done?21:07
efriedFFU script, I think is the only remaining item.21:07
efriedwhich I suppose in the scope of the bp is just framework21:08
efriedand then the feature bps add "plugins" or whatever you want to call them21:08
mriedemso FFU before any driver actually does a reshape?21:08
efriedno, I'm not saying that.21:08
efriedI'm not saying closing the reshaper bp is a prereq to any other bp that's dependent on it.21:09
efriedThis can't be the first time a bp depends on a subset of another bp21:09
efriedbut actually21:09
efriedyes, come to think of it, we need to have the ffu script before we can declare the deps complete in this case.21:10
efriedbecause otherwise we can't ffu to stein with those features in place.21:10
mriedemwell, if you ran it before the drivers did their thing, it wouldn't do anything21:10
mriedemi guess in my mind the FFU change would come after b/c that's what happened with the ironic flavors stuff,21:11
efriedYup, the placement API endpoint also doesn't do anything until you use it.21:11
mriedembut that might not be the best example to follow21:11
mriedemanyway, this probably doesn't really matter besides paperwork21:11
efriedwas gonna say, we don't need to take up everyone's time.21:11
melwittso, is the current targeted bp fine then? or are we gonna talk about this more later and let someone know to change the target?21:12
efriedI will bully mriedem into changing the topic back later.21:12
melwittok, cool.21:12
efriedAll of it is still targeted for stein until/unless something changes.21:12
efriedso as matt says, just paperwork21:12
melwittI just put nested-allocation-candidates back in a runway. last patch from the previous runway is -W so I strikethrough'd it as a note21:13
melwittanything else for release news or runways?21:13
melwitt#topic Bugs (stuck/critical)21:14
*** openstack changes topic to "Bugs (stuck/critical) (Meeting topic: nova)"21:14
melwittno critical bugs in the link21:14
melwitt#link 51 new untriaged bugs (up 1 since the last meeting):
melwitt#link 9 untagged untriaged bugs (up 1 since the last meeting):*&field.status%3Alist=NEW21:14
melwitt#link bug triage how-to:
melwitt#help need help with bug triage21:14
melwittGate status21:15
melwitt#link check queue gate status
melwittI think there was a zuul restart earlier in the morning, so things might need rechecking from that21:15
melwitt3rd party CI21:15
melwitt#link 3rd party CI status
*** bobh has quit IRC21:16
melwittanything else for bugs, gate status, or third party CI?21:16
melwitt#topic Reminders21:16
*** openstack changes topic to "Reminders (Meeting topic: nova)"21:16
melwitt#link Stein Subteam Patches n Bugs:
*** irclogbot_1 has joined #openstack-meeting21:16
melwittI started using the trivial bug section of this etherpad again ^21:17
melwitt#link Create etherpads for Forum sessions:
melwittcreate your etherpads if you haven't already21:18
melwittanything else for reminders?21:18
melwitt#topic Stable branch status21:18
*** openstack changes topic to "Stable branch status (Meeting topic: nova)"21:18
* efried ist noch nicht approbiert21:18
melwitt#link stable/rocky:,n,z21:19
melwittmriedem has a note here that we need to do a stable/rocky release21:19
melwittI agree21:20
melwittas for whether we should wait for I'm biased but I think we should. it would be nice to get the status check and release note out21:20
melwittthat one is about extra instruction needed to handle nova-consoleauth during a rolling upgrade from queens => rocky21:21
mriedemneed another core21:21
mriedemto sign up21:21
melwittand a status check to help with communication21:21
melwittany other opinions?21:22
melwittI know there's only a few of us here21:22
melwittI'll try to get another core tomorrow morning when more people are around21:22
melwittok, moving on I guess21:23
melwitt#link stable/queens:,n,z21:23
melwittlots o backports21:23
melwitt#link stable/pike:,n,z21:23
melwitt#link stable/ocata:,n,z21:23
melwittI was about to say, I wasn't sure if I should keep including ocata21:24
mriedemprobably don't need to21:24
melwitt#info let me know if there are any other stable branch backports you want to get in before we cut stable releases for s-121:25
melwittanything else for stable branch status?21:25
melwitt#topic Subteam Highlights21:25
*** openstack changes topic to "Subteam Highlights (Meeting topic: nova)"21:25
melwittefried: scheduler?21:26
efried#link n-sch meeting minutes
efriedI promised a spec extracting the file format from21:26
efried#link kosamara's device-placement-passthrough spec:
efriedwhile also incorporating some of the tenets of21:26
efried#link jaypipes's Rocky provider-config-file proposal:
efriedThat has since happened:21:26
efried#link Spec: Provider config YAML file
efriedDiscussed nrp series which was until recently based at21:26
efried#link previous bottom of nrp-in-nova series
efriedmriedem had asked for that to be rebased on21:26
efried#link removal of caching scheduler
efriedThat has since happened, and both have merged, along with some other cleanup.21:26
efriedExtraction-wise, cdent proposed the possibility of merging21:26
efried#link stub table creator
efriedtemporarily, but we decided to give alembic stuff a chance to mature for a bit.21:26
efriedAlso extraction-related, we talked about putting some focus on docs in the placement repo. We pressured^wconvinced tetsuro to take on some of the editing work while we figure out what's needed to get the docs actually building. He has since proposed a couple of patches in that vein:21:27
efried#link De-nova-ify doc/README.rst (merged)
efried#link De-nova-ify doc/source/index.rst
efriedAnd cdent is getting us moving toward21:27
efried#link Making tox -ereleasenotes work
efriedWe agreed to start21:27
efried#link a new placement-extract etherpad
efriedConcern was expressed about backporting21:27
efried#link update less in rt
efriedgiven that the related 0.0 allocation ratio fix came later.21:27
openstackLaunchpad bug 1729621 in OpenStack Compute (nova) pike "Inconsistent value for vcpu_used" [Undecided,In progress] - Assigned to Radoslav Gerganov (rgerganov)21:27
mriedemi've also sent an email to the tripleo and osa teams today,21:28
mriedemneeding someone to start working on the upgrade work in those projects21:28
mriedemthe grenade patch is ready to go21:28
efried#link mriedem email soliciting osa/tripleo help for extraction
melwittthanks, was looking for the link and failing21:28
melwitton that bug, I don't quite understand the backport question?21:29
openstackLaunchpad bug 1729621 in OpenStack Compute (nova) pike "Inconsistent value for vcpu_used" [Undecided,In progress] - Assigned to Radoslav Gerganov (rgerganov)21:29
efriedmriedem: that's you. I have only a vague sense of what's going on here, would need to go refresh my memory on all that mess.21:30
mriedemremember when the xenapi CI started posting 0 allocation_ratios21:30
mriedemit's related to that21:30
mriedemwe think that regression was somehow caused by the thing that rgerganov is trying to backport21:30
melwittok, I see. so for queens and earlier we'd need that fix first21:31
efriedfor reference, here's what mriedem said at the time, including a link to code:
mriedemso i said i'm nervous about that, and we should at least make sure those changes go together21:31
melwittok, got it21:31
melwittalright, so we know how to move forward there. cool21:32
melwittgmann left a note for the api subteam "No API office hour this week, Not much to share."21:32
melwitt#topic Stuck Reviews21:32
*** openstack changes topic to "Stuck Reviews (Meeting topic: nova)"21:32
melwittnothing on the agenda. anyone in the room have a stuck review to bring up?21:32
melwitt#topic Open discussion21:33
*** openstack changes topic to "Open discussion (Meeting topic: nova)"21:33
melwittfew items on the agenda21:33
melwittfirst one21:33
melwitt(mriedem): Do we need a specless blueprint to add a config option to run nova-metadata-api per-cell? There was agreement to add this at the PTG (L412 )21:33
mriedemi just don't know how anyone wants that tracked,21:33
mriedemi think the change is simply add a config option which if true means the meta-api won't look at the API DB for anything, like instance mappings, and assume everything is local to the cell db21:34
mriedemyou can, and cern already does, run meta-api per-cell but configured to the api db21:34
mriedemeven though they are just needlessly querying up to the api to find out the instance is in the cell the yare in21:34
melwittah, ok21:34
melwittI think I'd err on the side of specless bp since it's a new config option21:35
melwittany other opinions?21:35
efriedsurely should have a bp; is the question whether to have a spec?21:36
mriedemi don't think it needs a spec21:36
mriedemand no that wasn't the questoin21:36
mriedemquestion was is a specless bp needed21:36
efriedYes, IMO.21:36
efriedFor a new config option.21:36
mriedemi just forgot about this for awhile b/c it wasn't being tracked,21:37
*** jamesmcarthur has quit IRC21:37
mriedemso i wanted to know how to track it21:37
efriedlooks like you answered your own question.21:37
mriedemjust looking for validation21:37
efried"Gee, this thing isn't tracked, how should we track it? By tracking it? Cool."21:37
melwittfair enough to ask if it needs a spec though. I think since this is very straightforward, specless is good. and better than not tracking it21:37
melwittthis is just saying "don't waste api db calls on something configured to run local that doesn't need api db calls"21:38
efriedyuh, was going to say: if we can fit all the words in the bp template, and the spec template sections would be largely "None", no spec.21:38
melwittok, next item21:38
melwitt(mriedem): Has anyone made a list of the various cross-project Forum sessions that should include nova participation and determined that we'll have a representative?21:38
melwittthis is a good question. I think the answer is no21:39
melwittI know that for the change instance ownership session, that's during the nova project update so I can't go to that21:39
mriedemi expect dansmith will be at that21:39
mriedemsince he wrote os-chown21:39
dansmithI've said I would already yeah21:40
mriedemso it would be good to have an etherpad of the obvious xp sessions and make sure we have reps21:40
*** iyamahat_ has joined #openstack-meeting21:40
melwittyeah, so I think last time I made a list of forum sessions of interest to send to the ML. and I should do that again21:40
melwittand yeah, etherpad, I can do that. can probably use our existing forum etherpad
melwittand give a heads up to the ML about it after adding cross-project sessions of interest21:41
melwittthanks for bringing that up mriedem21:41
melwittok, last item is from me, a shout out for sundar21:41
melwitt(melwitt): The cyborg-nova interaction spec has been updated in response to review comments and is ready for review again:
* efried <== still in the middle of it21:41
*** iyamahat has quit IRC21:42
melwittyeah, I figured. just an fyi that he's eagerly awaiting everyone's review :)21:42
*** mahatic has quit IRC21:42
melwittok, that's all in the agenda for open discussion. anyone have anything else they'd like to discuss?21:42
*** kopecmartin is now known as kopecmartin|off21:43
efriedThis guy writes good docs. But has a tendency to be... garrulous21:43
*** efried is now known as pot21:43
*** pot is now known as efried21:43
* melwitt googles21:43
melwittverbose, yes21:43
melwittok, if no one has anything else, we can call it a wrap21:43
melwittthanks everyone21:43
*** openstack changes topic to "OpenStack Meetings ||"21:43
openstackMeeting ended Thu Oct 25 21:43:57 2018 UTC.  Information about MeetBot at . (v 0.1.4)21:43
openstackMinutes (text):
*** jamesmcarthur has joined #openstack-meeting21:44
*** takashin has left #openstack-meeting21:44
mriedemmelwitt: efried:
