Thursday, 2019-07-25

« Wednesday, 2019-07-24 Index Friday, 2019-07-26 »
*** artom has joined #openstack-meeting00:00
*** whoami-rajat has quit IRC00:01
*** yamamoto has joined #openstack-meeting00:02
*** larainema_ has joined #openstack-meeting00:48
*** iyamahat has quit IRC00:49
*** larainema_ is now known as larainema00:49
*** gyee has quit IRC00:49
*** ricolin has joined #openstack-meeting00:55
*** igordc has quit IRC01:04
*** yamamoto has quit IRC01:04
*** slaweq has joined #openstack-meeting01:11
*** slaweq has quit IRC01:15
*** tdasilva has quit IRC01:20
*** tdasilva has joined #openstack-meeting01:21
*** brinzhang has joined #openstack-meeting01:28
*** enriquetaso has quit IRC01:40
*** mriedem has quit IRC01:49
*** iyamahat has joined #openstack-meeting01:55
*** yamamoto has joined #openstack-meeting02:46
*** Liang__ has joined #openstack-meeting03:00
*** Liang__ is now known as LiangFang03:01
*** whoami-rajat has joined #openstack-meeting03:06
*** slaweq has joined #openstack-meeting03:11
*** slaweq has quit IRC03:16
*** dviroel has quit IRC03:37
*** psachin has joined #openstack-meeting03:38
*** yamamoto has quit IRC03:42
*** yamamoto has joined #openstack-meeting03:46
*** yamamoto has quit IRC03:51
*** yamamoto has joined #openstack-meeting03:53
*** rcernin has quit IRC03:55
*** yamamoto has quit IRC03:57
*** imsurit has joined #openstack-meeting03:58
*** yamamoto has joined #openstack-meeting04:02
*** links has joined #openstack-meeting04:15
*** pcaruana has joined #openstack-meeting04:44
*** vishalmanchanda has joined #openstack-meeting04:46
*** boxiang has quit IRC04:48
*** boxiang has joined #openstack-meeting04:48
*** pcaruana has quit IRC04:56
*** Luzi has joined #openstack-meeting05:03
*** slaweq has joined #openstack-meeting05:11
*** slaweq has quit IRC05:16
*** kopecmartin|offf is now known as kopecmartin05:18
*** rcernin has joined #openstack-meeting05:33
*** brault has quit IRC05:35
*** ykatabam has joined #openstack-meeting05:42
*** tetsuro has joined #openstack-meeting05:56
*** rcernin has quit IRC06:03
*** tetsuro has quit IRC06:04
*** yamamoto has quit IRC06:07
*** belmoreira has joined #openstack-meeting06:08
*** brinzhang has quit IRC06:10
*** brinzhang has joined #openstack-meeting06:11
*** slaweq has joined #openstack-meeting06:11
*** slaweq has quit IRC06:15
*** yamamoto has joined #openstack-meeting06:18
*** rcernin has joined #openstack-meeting06:19
*** pcaruana has joined #openstack-meeting06:21
*** rcernin has quit IRC06:21
*** rcernin has joined #openstack-meeting06:22
*** slaweq has joined #openstack-meeting06:33
*** dtrainor has quit IRC06:38
*** dtrainor has joined #openstack-meeting06:43
*** yaawang has quit IRC06:55
*** yaawang has joined #openstack-meeting06:57
*** apetrich has quit IRC07:00
*** jamesmcarthur has joined #openstack-meeting07:04
*** dmacpher has joined #openstack-meeting07:05
*** rcernin has quit IRC07:06
*** ykatabam has quit IRC07:10
*** tesseract has joined #openstack-meeting07:15
*** boxiang has quit IRC07:30
*** boxiang_ has joined #openstack-meeting07:30
*** tssurya has joined #openstack-meeting07:33
*** priteau has joined #openstack-meeting07:45
*** hyunsikyang__ has quit IRC07:57
*** ralonsoh has joined #openstack-meeting08:13
*** moguimar has quit IRC08:15
*** ttsiouts has joined #openstack-meeting08:18
*** apetrich has joined #openstack-meeting08:24
*** belmoreira has quit IRC08:28
*** panda has quit IRC08:28
*** belmoreira has joined #openstack-meeting08:29
*** belmoreira has quit IRC08:29
*** panda has joined #openstack-meeting08:31
*** tetsuro has joined #openstack-meeting08:37
*** jamesmcarthur has quit IRC08:48
*** apetrich has quit IRC08:53
*** apetrich has joined #openstack-meeting09:02
*** lpetrut has joined #openstack-meeting09:15
*** lpetrut has quit IRC09:16
*** lennyb has joined #openstack-meeting09:16
*** lpetrut has joined #openstack-meeting09:16
*** tetsuro has quit IRC09:28
*** tetsuro has joined #openstack-meeting09:29
*** e0ne has joined #openstack-meeting09:32
*** LiangFang has quit IRC09:33
*** yamamoto has quit IRC09:39
*** apetrich has quit IRC09:42
*** moguimar has joined #openstack-meeting09:47
*** Lucas_Gray has joined #openstack-meeting09:55
*** cheng1 has quit IRC10:01
*** Lucas_Gray has quit IRC10:06
*** iyamahat has quit IRC10:08
*** yamamoto has joined #openstack-meeting10:17
*** ttsiouts has quit IRC10:17
*** ttsiouts has joined #openstack-meeting10:18
*** ttsiouts has quit IRC10:22
*** carloss has joined #openstack-meeting10:23
*** yamamoto has quit IRC10:27
*** yamamoto has joined #openstack-meeting10:27
*** brtknr has quit IRC10:27
*** brtknr has joined #openstack-meeting10:33
*** yamamoto has quit IRC10:54
*** brtknr has quit IRC10:56
*** brtknr has joined #openstack-meeting10:56
*** imsurit_ofc has joined #openstack-meeting11:00
*** yamamoto has joined #openstack-meeting11:01
*** imsurit has quit IRC11:01
*** imsurit_ofc is now known as imsurit11:01
*** yamamoto has quit IRC11:06
*** baojg has quit IRC11:17
*** tetsuro has quit IRC11:24
*** yamamoto has joined #openstack-meeting11:32
*** raildo has quit IRC11:33
*** raildo has joined #openstack-meeting11:33
*** yamamoto has quit IRC11:37
*** imsurit has quit IRC11:41
*** pcaruana has quit IRC11:42
*** igordc has joined #openstack-meeting11:43
*** ttsiouts has joined #openstack-meeting11:50
*** dviroel has joined #openstack-meeting11:51
*** mriedem has joined #openstack-meeting11:51
*** apetrich has joined #openstack-meeting11:58
*** armax has quit IRC11:58
*** armax has joined #openstack-meeting11:59
*** yamamoto has joined #openstack-meeting12:11
*** takashin has joined #openstack-meeting12:13
*** yamamoto has quit IRC12:17
*** yamamoto has joined #openstack-meeting12:18
*** pcaruana has joined #openstack-meeting12:22
*** yamamoto has quit IRC12:27
*** raildo has quit IRC12:42
*** raildo has joined #openstack-meeting12:42
*** yamamoto has joined #openstack-meeting13:00
*** yamamoto has quit IRC13:14
*** jhesketh has quit IRC13:22
*** jhesketh has joined #openstack-meeting13:26
*** _hemna has joined #openstack-meeting13:30
*** Luzi has quit IRC13:33
*** _hemna has quit IRC13:35
*** ricolin has quit IRC13:36
*** AlanClark has joined #openstack-meeting13:41
*** apetrich has quit IRC13:43
*** yamamoto has joined #openstack-meeting13:44
*** apetrich has joined #openstack-meeting13:47
*** yamamoto has quit IRC13:48
*** mhen has joined #openstack-meeting13:50
*** enriquetaso has joined #openstack-meeting13:52
*** cdent has joined #openstack-meeting13:59
*** efried has joined #openstack-meeting14:00
efried#startmeeting nova14:00
openstackMeeting started Thu Jul 25 14:00:40 2019 UTC and is due to finish in 60 minutes.  The chair is efried. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: nova)"14:00
openstackThe meeting name has been set to 'nova'14:00
takashino/14:00
cdentahoy hoy14:01
efried#link agenda https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting14:01
artomo/14:01
dansmithOj <- here but on a call14:02
efriedcute14:02
efrieddansmith getting away with murder as usual14:03
cdenthttps://youtu.be/8K2JYdY2Hok?t=1314:03
dansmithum14:03
*** yamamoto has joined #openstack-meeting14:04
*** yamamoto has quit IRC14:04
artomdansmith, so you drive white Ford Bronco, right?14:04
dansmithoooh, OJ, I see. <groan>14:04
efriedyeah, sorry about that14:05
efriedokay, let's go14:05
efried#topic Last meeting14:05
efried#link Minutes from last meeting: http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-07-18-21.00.html14:05
*** openstack changes topic to "Last meeting (Meeting topic: nova)"14:05
efriedany old bidniss?14:05
* mriedem shows up late14:05
efried#topic Release News14:06
efriedSpec freeze today14:06
efried#link spec review notice on ML (with handy review.o.o search) http://lists.openstack.org/pipermail/openstack-discuss/2019-July/008019.html14:06
*** openstack changes topic to "Release News (Meeting topic: nova)"14:06
efriedAbove thread draws attention to four specs (two in the original post, two in mriedem's response) that stand a chance of making it today.14:06
efriedif you are core-like, please cast your eyes thereupon14:07
efried(or even if you're not)14:07
efriedbut it would be polite of us to at least ack the remainder, if nothing else then with a -1 "this isn't far enough along to make freeze, please propose to backlog" or similar.14:08
efriedAny discussion on spec freeze?14:08
*** wwriverrat has quit IRC14:08
mriedemi'll be updating those other 2 i pointed out14:08
mriedemsince they just need cleaning14:08
efriedThanks mriedem.14:09
*** ttsiouts has quit IRC14:09
efriedAny other release news (other than stable, which is later)?14:09
*** ttsiouts has joined #openstack-meeting14:09
efried#topic Bugs (stuck/critical)14:10
efriedNo Critical bugs14:10
efried#link 67 new untriaged bugs (-2 since the last meeting): https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New14:10
efried#link 3 untagged untriaged bugs (-1 since the last meeting): https://bugs.launchpad.net/nova/+bugs?field.tag=-*&field.status%3Alist=NEW14:10
*** openstack changes topic to "Bugs (stuck/critical) (Meeting topic: nova)"14:10
efriedany bug discussion?14:10
efried#topic Gate status14:10
efried#link check queue gate status http://status.openstack.org/elastic-recheck/index.html14:10
efried#link 3rd party CI status (seems to be back in action) http://ciwatch.mmedvede.net/project?project=nova14:10
*** openstack changes topic to "Gate status (Meeting topic: nova)"14:10
*** ayoung has joined #openstack-meeting14:10
mriedemnot really gate related, but ci related, i've got a change up which converts nova-next to zuulv3 native https://review.opendev.org/#/c/670196/14:11
efriedgate hasn't been *horrible* lately. Spurious failure rates feel normal-ish, but response time seems somewhat improved.14:11
mriedemi plan on eventually doing that for nova-lvm next14:11
cdent(obvmwareciexcuse: all the internal quota is used up on internal testing)14:11
cdent(someone is "working to get more")14:12
efriedmriedem: yay, anything that reduces the amount of sh-in-yaml is a win as far as I'm concerned.14:12
efriedI'm probably not qualified to +2 that one, but I'll have a look.14:12
mriedemalso,14:12
*** baojg has joined #openstack-meeting14:12
mriedemlong-term i think that will allow us to break apart the now-getting-big post_stack_test.sh14:13
mriedeminto separate ansible tasks14:13
*** ttsiouts has quit IRC14:14
efriedwhat's the zoomed-out result of that?14:14
efriedShorter jobs on more nodes?14:14
mriedemno14:14
mriedemmanageability of the script14:14
mriedemi.e. not a huge ass bash script14:14
efriedack14:14
efried#topic Reminders14:16
efriedany?14:16
*** openstack changes topic to "Reminders (Meeting topic: nova)"14:16
efried#topic Stable branch status14:16
efried#link stable/stein: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/stein14:16
efried#link stable/rocky: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/rocky14:16
efried#link stable/queens: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/queens14:16
*** openstack changes topic to "Stable branch status (Meeting topic: nova)"14:16
efriedmriedem: stable news?14:16
mriedemmel and i flushed a few stein backports14:16
mriedembut probably not any release plans right now14:16
efriedoh, that reminds me, back on release news - are we (nova) responsible for any "libraries" that need a pro forma m-2 release?14:17
efriedlike novaclient or os-vif?14:17
mriedemidk if the release team automatically does those, but i'd assume they don't, so it's probably not a bad idea to do a release, though we just recently did a novaclient release14:18
mriedembut idk about os-vif14:18
mriedemso todo to look at releasing os-vif14:18
efriedOh, it's cycle-with-intermediary libs that need a release http://lists.openstack.org/pipermail/openstack-discuss/2019-July/008018.html14:19
efriedpython-novaclient is cycle-with-intermediary14:20
efried...as is os-vif14:20
efriedso yeah.14:20
efriedand based on --^ it looks like we're probably responsible for making sure those get proposed, or we'll be shunted to cycle-with-rc14:20
efriedso14:21
efried#action efried to (delegate or) ensure releases as appropriate for python-novaclient and os-vif14:21
*** AlanClark has quit IRC14:21
efriedmoving on14:21
mriedemlike i said, we just did novaclient so i don't think we need another now14:21
mriedembut os-vif probably14:21
efriedack14:22
efriedI'll poke (and possibly delegate to) sean about it.14:22
efried#topic Sub/related team Highlights14:22
efriedPlacement (cdent)14:22
efried#link latest pupdate http://lists.openstack.org/pipermail/openstack-discuss/2019-July/007907.html14:22
*** openstack changes topic to "Sub/related team Highlights (Meeting topic: nova)"14:22
cdentnothing critical to report. tssurya has made some progress on consumer types14:22
*** bobh has joined #openstack-meeting14:23
cdentall the nested magic stuff that we planned to do is done, so if there are nova folk who need/want to use it, it's there and we should talk about it14:23
cdenteof14:24
efriedYeah, I was sort of hoping that14:25
efried#link NUMA modeling spec https://review.opendev.org/#/c/552924/14:25
efriedwould get refreshed in time to do something in Train, but that hasn't happened.14:25
efriedwhich means we may want to re-look at14:25
efried#link best-effort VGPU affinity spec https://review.opendev.org/55292414:25
efrieddoh14:25
efried#undo14:25
openstackRemoving item from minutes: #link https://review.opendev.org/55292414:25
efried#link best-effort VGPU affinity spec https://review.opendev.org/#/c/650963/14:26
*** ykatabam has joined #openstack-meeting14:26
*** ykatabam has left #openstack-meeting14:26
efriedI know RH is pretty interested in getting some kind of VGPU affinity landed in Train.14:26
efriedHow are other cores feeling about making this go?14:27
efriedmriedem: dansmith14:27
mriedemshrug14:27
dansmithI thought you already nak'd it?14:27
efriedI -1d, I did not -214:27
mriedemi would have to reload the context since at one time it was talking about limits and all sorts of crap14:28
mriedemidk if it was a new weigher or passing limits down to compute or what14:28
dansmithso, I think that bauzas has probably refocused at this point as a result of that, given proximity to the deadline14:28
efriedand my -1 was based on the possibility of doing the real stuff in Train.14:28
dansmithso restarting now is probably going to be rough14:28
dansmith(and yes, I wanted you to make a call one way or the other, so I'm not complaining)14:28
dansmithmriedem: yep, that's what it is14:29
mriedemi also think our plate is already full so...14:29
mriedemand i'm still not getting reviews on my mega series so...14:29
mriedemdouble meh14:29
mriedemRH should be focused on numa aware live migration imo14:30
mriedemand windriver14:30
artomI am :)14:30
mriedemsince starlingx assumes we're just going to deliver it14:30
mriedemon a platter14:30
artom(When I'm not putting out product fires, which have abated for a bit)14:30
mriedemmoving on?14:32
efriedOkay, well, I'll leave this alone for now, and bauzas can request a SFE if necessary.14:32
efriedAPI (gmann)14:32
efriedNo update this week. I was in opensource/openstack days Tokyo for full week.14:32
efriedgmann: anything to add?14:33
efried#topic Stuck Reviews14:34
efriedany?14:34
*** openstack changes topic to "Stuck Reviews (Meeting topic: nova)"14:34
*** ttsiouts has joined #openstack-meeting14:34
efried#topic Review status page14:35
*** openstack changes topic to "Review status page (Meeting topic: nova)"14:35
efried#link http://status.openstack.org/reviews/#nova14:35
efriedCount: 462 (+1); Top score: 1331 (-102)14:35
efried#help Pick a patch near the top, shepherd it to closure14:35
efriedI just abandoned the top one since it had had no activity for >1y14:35
*** mnaser has joined #openstack-meeting14:36
efried#topic Open discussion14:36
*** openstack changes topic to "Open discussion (Meeting topic: nova)"14:36
efriedCan we talk summit/PTG for a bit?14:36
efriedIt is not at all clear whether we're going to have critical mass to warrant a room at the PTG.14:37
efriedI'm not sure whether I'll be able to attend.14:37
mriedemi've been told to not think about booking until late sept/oct14:37
*** ayoung has quit IRC14:37
mriedemso i'm not sure i'll be there yet14:37
efriedmriedem: and give up discounted ticket price??14:38
mriedemheh...14:38
mriedemi know lots of people aren't going14:38
efriedand yet, we have to tell them whether we want a room in like two weeks.14:38
mriedemwell,14:38
mriedemi know alex_xu and Fred Li (huawei) have organized meetups in china,14:38
mriedemso what i'd probably do is reach out to them to see if they have ideas on local numbers for ptg attendance14:39
artomWhere's that etherpad of people going/not going?14:39
mriedemyou'd likely not need a huge ballroom like we normally have, but at least a side meeting room14:39
efried#link shanghai nova ptg etherpad https://etherpad.openstack.org/p/nova-shanghai-ptg14:39
mriedemi can ask alex/fred in wechat if that helps14:39
efriedthanks, that would be neat. Alex has acked on the etherpad14:39
mriedemi've asked in a wechat room14:41
mriedemwill let you know14:41
efriedtbh this is the main thing that's keeping me up nights.14:41
mriedemalso pinged shane wang14:41
mriedembauzas: isn't in there but i thought he was requesting approval14:42
artomefried, the PTG attendee situation>14:42
dansmithefried: what, lack of critical mass at ptg?14:42
dansmithefried: if so, I don't think you need to worry about that, just MHO14:42
dansmithnobody (including the foundation, I expect) is surprised that attendance is going to be very low at this one, so it's going to be whatever it's going to be14:43
*** yamamoto has joined #openstack-meeting14:43
mriedemefried: yeah i'll let you know what i hear, if there are choices on room size i'd say not a ballroom but a meeting room is probably fine14:44
efriedYeah, like on a personal level my family and I are not very happy (understatement) about the prospect of a trip to China in general. If we wind up not running a room, I'd feel better about saying no.14:44
mriedemif you personally can't travel that's a different thing, but alex could run the room or something14:44
dansmithefried: there will be people there regardless14:44
mriedemlike they have at local bug smash events14:45
dansmithright, alex or any of the people already saying they're going14:45
dansmithopportunity to step up and all14:45
mriedemright - good management speak there dan14:45
efriedoo, I like that line.14:45
* dansmith puffs up his chest14:45
efriedAnd who knows who will be PTL by then14:45
mriedemthat's twice in one week14:45
mriedemibm can sniff new first line management potential already14:45
clarkbmriedem: there are a range of room sizes14:46
mriedemok, so i'd just say "not a cavernous hall please"14:46
mriedemwhoever makes it makes it14:47
mriedempick a room lead later14:47
mriedemdo as much pre-ptg in ML like placement did last time as possible14:47
efried++14:47
efriedOkay, any other open discussion?14:47
* mriedem awkwardly hugs eric to make him feel....different14:48
efriedmission accomplished14:48
efriedThanks all.14:48
efriedo/14:48
efried#endmeeting14:48
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:48
openstackMeeting ended Thu Jul 25 14:48:47 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:48
openstackMinutes:        http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-07-25-14.00.html14:48
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-07-25-14.00.txt14:48
openstackLog:            http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-07-25-14.00.log.html14:48
*** takashin has left #openstack-meeting14:49
*** lbragstad has joined #openstack-meeting14:51
*** yamamoto has quit IRC14:53
*** zaneb has joined #openstack-meeting14:56
*** zaneb has quit IRC15:02
*** gagehugo has joined #openstack-meeting15:03
*** zaneb has joined #openstack-meeting15:03
gagehugo#startmeeting security15:03
openstackMeeting started Thu Jul 25 15:03:47 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:03
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:03
*** openstack changes topic to " (Meeting topic: security)"15:03
openstackThe meeting name has been set to 'security'15:03
*** brault has joined #openstack-meeting15:03
fungialoha15:03
gagehugosorry still in a meeting15:04
fungino worries, me too ;)15:04
mheno/15:04
gagehugoShould be done soon15:04
gagehugoo/15:04
*** cdent has left #openstack-meeting15:04
*** nickthetait has joined #openstack-meeting15:04
*** zbitter has joined #openstack-meeting15:05
*** dkehn has joined #openstack-meeting15:06
*** artom has quit IRC15:06
fungi#link https://etherpad.openstack.org/p/security-agenda Security SIG Weekly Meeting Agenda15:06
gagehugothanks, I was failing on my phone15:07
fungino worries, there's another bugset i can add15:08
gagehugo#topic CIDR's of the form 12.34.56.78/0 should be an error Edit15:08
*** openstack changes topic to "CIDR's of the form 12.34.56.78/0 should be an error Edit (Meeting topic: security)"15:08
gagehugo#link https://bugs.launchpad.net/horizon/+bug/183733915:08
openstackLaunchpad bug 1837339 in OpenStack Security Advisory "CIDR's of the form 12.34.56.78/0 should be an error" [Undecided,Incomplete]15:08
*** zaneb has quit IRC15:08
gagehugoLooks like this is a good security hardening opportunity15:09
gagehugoIf interested, feel free to take a look15:11
gagehugo#topic IFLA_BR_AGEING_TIME of 0 causes flooding across bridges15:11
*** openstack changes topic to "IFLA_BR_AGEING_TIME of 0 causes flooding across bridges (Meeting topic: security)"15:11
gagehugo#link https://bugs.launchpad.net/os-vif/+bug/183725215:12
openstackLaunchpad bug 1837252 in os-vif "IFLA_BR_AGEING_TIME of 0 causes flooding across bridges" [High,Confirmed] - Assigned to sean mooney (sean-k-mooney)15:12
fungiyeah, at the moment it's in a good place to weigh in on what you think the correct user interface is for horizon's handling of cidrs15:12
fungi1837339 i mean15:12
fungi1837252 got brought to my attention today15:12
gagehugoyeah I will take a look at it today15:14
*** artom has joined #openstack-meeting15:14
fungithere's also another linked in the agenda which was known as a potential vulnerability for a while (via one of its marked duplicates), and seems to have very similar symptoms but is thought to stem from somewhere else15:14
gagehugoah ok15:14
gagehugo#link https://bugs.launchpad.net/neutron/+bug/173206715:15
openstackLaunchpad bug 1732067 in neutron "openvswitch firewall flows cause flooding on integration bridge" [High,In progress] - Assigned to LIU Yulong (dragon889)15:15
* gagehugo will read those later15:16
gagehugofungi: anything else to add to those?15:16
*** zbitter is now known as zaneb15:16
*** wwriverrat has joined #openstack-meeting15:16
funginothing i haven't already put in comments on the bugs themselves, no15:17
gagehugook15:17
gagehugo#topic open discussion15:17
*** openstack changes topic to "open discussion (Meeting topic: security)"15:17
gagehugofloor is open if anyone has anything15:17
fungiassistance in reproducing/fixing those public reports would be most appreciated15:17
gagehugo^15:17
*** dklyle has quit IRC15:17
* mhen raises hand15:17
fungiespecially figuring out whether they're related15:17
*** _erlon_ has joined #openstack-meeting15:18
mhenI'd like to discuss a topic regarding API policy files15:18
*** dklyle has joined #openstack-meeting15:18
mhenrecently I tried enforcing non-default rules in Cinder and Nova and happened to notice that: 1) Nova only accepted json but not yaml and 2) Cinder did accept only yaml but not json for the policy.yaml or policy.json respectively15:19
gagehugointeresting15:20
mhenCinder does override [1] the default from oslo policy [2], whereas Nova doesn't seem to do that15:20
mhen[1] https://github.com/openstack/cinder/blob/0ec28f84289490c80688a58244e091224c9c8393/cinder/policy.py#L3115:20
mhen[2] https://github.com/openstack/oslo.policy/blob/1e3f81c89b49451bd4c32a12f5a338441c5c1e56/oslo_policy/opts.py#L3815:20
gagehugocinder's commit for that was https://github.com/openstack/cinder/commit/8c132193923168150fdc7f62a20e2d887cde723b15:21
*** larainema has quit IRC15:21
mhenSo if an operator/provider deploys their own policy files and doesn't pay attention, one of their files might be ignored without them immediately noticing15:22
mhenif you search online, there is much talk about the json or yaml but it's hard to find a resource telling you exactly where to use which15:22
*** ricolin has joined #openstack-meeting15:22
gagehugoI thought there was a movement a while ago to use yaml, but I could be remembering that wrong15:23
gagehugoobv still supporting json15:23
bnemecyaml was preferred because it allows comments15:23
gagehugoah yeah15:23
mhenyaml has advantages, but simply ignoring a supplied json silently doesn't look good to me15:23
*** e0ne has quit IRC15:23
bnemecSo it's what we're shipping for sample policy configs because it allows us to inline the description text.15:23
bnemecAgreed that neither should be ignored though. Both are still supported.15:24
*** kopecmartin is now known as kopecmartin|off15:24
nickthetaitthis does sound like a security bug to me15:24
*** dmacpher has quit IRC15:25
gagehugocould open one against cinder and nova and get to the bottom of this15:25
mhennote: you can change this in the respective components config (e.g. nova.conf) but the problem here is that the defaults are different15:25
gagehugomhen: what release are you using?15:25
mhengagehugo, queens currently15:25
gagehugook15:25
mhenbut looked up the code in master15:25
mhenseems to be no different in master either, see links above15:26
mhenNova says json: https://github.com/openstack/nova/blob/a37a035c9d359b29fed6ea08bc99b93e51164e61/doc/source/configuration/index.rst15:26
gagehugotheir documentation might need updating15:26
gagehugotheir policy generator says policy.yaml15:27
gagehugohttps://github.com/openstack/nova/blob/master/etc/nova/nova-policy-generator.conf15:27
mhengagehugo, but I wasn't able to find the overriding part in Nova as found in Cinder, so Nova falls back to json as per oslo.policy code if I got that right15:27
mhensee [1] and [2] above15:28
gagehugook15:28
mhenat least that's what I observe in queens right now and looking at the code, in master it hasn't changed15:29
* gagehugo takes notes of all this15:29
mhenthanks15:31
gagehugomhen: ok, I can dig into this a bit15:31
mhenthank you!15:32
gagehugothanks for bringing this up!15:32
gagehugoanything else?15:32
nickthetaitI have a bit of news on security guide updates15:32
nickthetaitsubmitted first few patches https://review.opendev.org/#/q/is:open+owner:nickthetait15:33
gagehugonice15:33
nickthetaitpretty minor stuff so far, needing reviews15:33
*** ricolin_ has joined #openstack-meeting15:33
nickthetaitand one quick questions, is this "future" section right at the bottom of this page still needed? https://docs.openstack.org/security-guide/identity/federated-keystone.html15:34
gagehugoI'll take a look15:34
gagehugonickthetait: I can ask in keystone15:34
nickthetaitthx15:34
nickthetaitthats all I have15:35
gagehugothanks!15:35
* gagehugo needs to run15:35
gagehugothanks everyone! have a good rest of the week15:35
gagehugo#endmeeting15:35
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:35
nickthetaittake care15:35
openstackMeeting ended Thu Jul 25 15:35:40 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:35
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2019/security.2019-07-25-15.03.html15:35
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2019/security.2019-07-25-15.03.txt15:35
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2019/security.2019-07-25-15.03.log.html15:35
*** ricolin has quit IRC15:36
*** ricolin_ is now known as ricolin15:38
*** gyee has joined #openstack-meeting15:44
*** artom has quit IRC15:46
*** altlogbot_0 has quit IRC15:48
*** altlogbot_1 has joined #openstack-meeting15:50
*** tesseract has quit IRC15:50
*** links has quit IRC15:52
*** nickthetait has left #openstack-meeting15:53
*** ttsiouts has quit IRC16:00
*** brault has quit IRC16:04
*** tssurya has quit IRC16:04
*** brault has joined #openstack-meeting16:05
*** enriquetaso has quit IRC16:09
*** brault has quit IRC16:09
*** artom has joined #openstack-meeting16:12
*** mattw4 has joined #openstack-meeting16:14
*** brinzhang_ has quit IRC16:18
*** brinzhang has quit IRC16:18
*** mattw4 has quit IRC16:23
*** mattw4 has joined #openstack-meeting16:23
*** lpetrut has quit IRC16:29
*** iyamahat has joined #openstack-meeting16:31
*** ricolin has quit IRC16:39
*** iyamahat has quit IRC16:41
*** ayoung has joined #openstack-meeting16:43
*** links has joined #openstack-meeting16:45
*** links has quit IRC16:47
*** igordc has quit IRC16:58
*** igordc has joined #openstack-meeting16:58
*** diablo_rojo has joined #openstack-meeting17:11
*** armax has quit IRC17:13
*** jaypipes has quit IRC17:18
*** ralonsoh has quit IRC17:24
*** igordc has quit IRC17:28
*** bobh has quit IRC17:39
*** psachin has quit IRC17:50
*** armax has joined #openstack-meeting17:50
*** iyamahat has joined #openstack-meeting17:58
*** bobh has joined #openstack-meeting18:11
*** mattw4 has quit IRC18:11
*** mattw4 has joined #openstack-meeting18:11
*** dklyle has quit IRC18:11
*** dklyle has joined #openstack-meeting18:12
*** priteau has quit IRC18:13
*** jamesmcarthur has joined #openstack-meeting18:17
*** bobh has quit IRC18:17
*** igordc has joined #openstack-meeting18:22
*** brault has joined #openstack-meeting18:23
*** brault has quit IRC18:27
*** brault has joined #openstack-meeting18:27
*** brinzhang has joined #openstack-meeting18:37
*** brinzhang_ has joined #openstack-meeting18:37
*** eharney has quit IRC18:39
*** brinzhang_ has quit IRC18:42
*** brinzhang has quit IRC18:42
*** brinzhang has joined #openstack-meeting18:43
*** brinzhang_ has joined #openstack-meeting18:43
*** lbragstad has quit IRC18:51
*** mriedem has quit IRC18:54
*** mriedem has joined #openstack-meeting19:03
*** armstrong has joined #openstack-meeting19:04
*** bobh has joined #openstack-meeting19:05
*** enriquetaso has joined #openstack-meeting19:09
*** igordc has quit IRC19:09
*** senrique_ has joined #openstack-meeting19:10
*** bobh has quit IRC19:11
*** enriquetaso has quit IRC19:13
*** jaypipes has joined #openstack-meeting19:16
*** iyamahat has quit IRC19:18
*** igordc has joined #openstack-meeting19:25
*** igordc has quit IRC19:32
*** e0ne has joined #openstack-meeting19:39
*** jamesmcarthur has quit IRC19:40
*** jamesmcarthur has joined #openstack-meeting19:41
*** bbowen has quit IRC19:41
*** jamesmcarthur has quit IRC19:46
*** dasp has quit IRC19:51
*** senrique_ is now known as enriquetaso19:52
*** ayoung has quit IRC19:52
*** dasp has joined #openstack-meeting19:54
*** ayoung has joined #openstack-meeting20:06
*** igordc has joined #openstack-meeting20:08
*** jamesmcarthur has joined #openstack-meeting20:11
*** ayoung has quit IRC20:13
*** iyamahat has joined #openstack-meeting20:14
*** jamesmcarthur has quit IRC20:19
*** gyee has quit IRC20:22
*** wwriverrat has quit IRC20:26
*** jamesmcarthur has joined #openstack-meeting20:30
*** zbr_ has quit IRC20:35
*** zbr has joined #openstack-meeting20:37
*** diablo_rojo has quit IRC20:40
*** boxiang_ has quit IRC20:48
*** boxiang_ has joined #openstack-meeting20:48
*** mriedem has quit IRC20:52
*** mriedem has joined #openstack-meeting20:53
*** bobh has joined #openstack-meeting20:53
*** iyamahat has quit IRC20:59
*** bobh has quit IRC20:59
*** gyee has joined #openstack-meeting20:59
*** iyamahat has joined #openstack-meeting21:00
*** jamesmcarthur has quit IRC21:00
*** Lucas_Gray has joined #openstack-meeting21:00
*** jamesmcarthur has joined #openstack-meeting21:01
*** bbowen has joined #openstack-meeting21:02
*** zbr has quit IRC21:11
*** jamesmcarthur has quit IRC21:13
*** slaweq has quit IRC21:15
*** diablo_rojo has joined #openstack-meeting21:19
*** iyamahat has quit IRC21:25
*** zbr has joined #openstack-meeting21:26
*** whoami-rajat has quit IRC21:28
*** pcaruana has quit IRC21:28
*** enriquetaso has quit IRC21:31
*** enriquetaso has joined #openstack-meeting21:32
*** zbr has quit IRC21:32
*** panda has quit IRC21:34
*** panda has joined #openstack-meeting21:34
*** brault has quit IRC21:36
*** jamesmcarthur has joined #openstack-meeting21:46
*** jamesmcarthur has quit IRC21:51
*** e0ne has quit IRC21:56
*** slaweq has joined #openstack-meeting22:11
*** Liang__ has joined #openstack-meeting22:15
*** slaweq has quit IRC22:16
*** rcernin has joined #openstack-meeting22:16
*** jamesmcarthur has joined #openstack-meeting22:38
*** carloss has quit IRC22:38
*** armax has quit IRC22:40
*** Liang__ has quit IRC22:43
*** jamesmcarthur has quit IRC22:44
*** ykatabam has joined #openstack-meeting22:59
*** _erlon_ has quit IRC23:07
*** mriedem has quit IRC23:18
*** jamesmcarthur has joined #openstack-meeting23:20
*** jamesmcarthur has quit IRC23:24
*** brinzhang has quit IRC23:24
*** brinzhang has joined #openstack-meeting23:25
*** armax has joined #openstack-meeting23:30
*** brault has joined #openstack-meeting23:36
*** brault has quit IRC23:40
*** jamesmcarthur has joined #openstack-meeting23:50
*** brinzhang_ has quit IRC23:52
*** brinzhang_ has joined #openstack-meeting23:53
*** enriquetaso has quit IRC23:55
*** jamesmcarthur has quit IRC23:55
*** armstrong has quit IRC23:55
*** smcginnis has quit IRC23:56
« Wednesday, 2019-07-24 Index Friday, 2019-07-26 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!