Thursday, 2019-08-01

« Wednesday, 2019-07-31 Index Friday, 2019-08-02 »
*** armax has quit IRC00:00
*** lseki has quit IRC00:09
*** brinzhang has joined #openstack-meeting00:17
*** brinzhang_ has quit IRC00:20
*** enriquetaso has quit IRC00:27
*** armax has joined #openstack-meeting00:44
*** nitinuikey has joined #openstack-meeting00:46
*** efried has quit IRC00:51
*** nitinuikey has quit IRC00:53
*** efried has joined #openstack-meeting00:59
*** ricolin has joined #openstack-meeting01:04
*** tetsuro has joined #openstack-meeting01:12
*** radeks_ has joined #openstack-meeting01:19
*** radeks_ has quit IRC01:24
*** igordc has quit IRC01:31
*** bobh has joined #openstack-meeting01:34
*** armax has quit IRC01:39
*** gyee has quit IRC02:00
*** baojg has joined #openstack-meeting02:03
*** ykatabam has joined #openstack-meeting02:08
*** ykatabam has quit IRC02:08
*** ykatabam has joined #openstack-meeting02:08
*** slaweq has joined #openstack-meeting02:11
*** slaweq has quit IRC02:15
*** bobh has quit IRC02:19
*** tetsuro has quit IRC02:24
*** bobh has joined #openstack-meeting02:26
*** tetsuro has joined #openstack-meeting02:48
*** bobh has quit IRC02:56
*** notmyname has quit IRC03:20
*** notmyname has joined #openstack-meeting03:20
*** tetsuro has quit IRC03:21
*** diablo_rojo has quit IRC03:27
*** bobh has joined #openstack-meeting03:33
*** bobh has quit IRC03:38
*** whoami-rajat has joined #openstack-meeting03:41
*** hongbin has joined #openstack-meeting03:45
*** hongbin has quit IRC03:46
*** psachin has joined #openstack-meeting03:55
*** imsurit has joined #openstack-meeting03:59
*** slaweq has joined #openstack-meeting04:11
*** slaweq has quit IRC04:17
*** Luzi has joined #openstack-meeting04:25
*** tetsuro has joined #openstack-meeting04:28
*** tetsuro has quit IRC05:02
*** diablo_rojo has joined #openstack-meeting05:21
*** ociuhandu has joined #openstack-meeting05:22
*** diablo_rojo has quit IRC05:25
*** jamesmcarthur has quit IRC05:26
*** dansmith has quit IRC05:26
*** ociuhandu has quit IRC05:27
*** dansmith has joined #openstack-meeting05:28
*** tetsuro has joined #openstack-meeting05:43
*** kopecmartin|off is now known as kopecmartin05:46
*** iyamahat has quit IRC05:48
*** tetsuro has quit IRC05:48
*** belmoreira has joined #openstack-meeting05:50
*** belmoreira has quit IRC05:50
*** radeks has joined #openstack-meeting05:52
*** belmoreira has joined #openstack-meeting05:52
*** slaweq has joined #openstack-meeting06:04
*** radeks has quit IRC06:08
*** slaweq has quit IRC06:09
*** imsurit has quit IRC06:10
*** slaweq has joined #openstack-meeting06:11
*** imsurit has joined #openstack-meeting06:11
*** takamatsu has joined #openstack-meeting06:13
*** slaweq has quit IRC06:16
*** bobh has joined #openstack-meeting06:19
*** imsurit has quit IRC06:21
*** janki has joined #openstack-meeting06:22
*** bobh has quit IRC06:23
*** ricolin_ has joined #openstack-meeting06:26
*** ricolin has quit IRC06:29
*** imsurit has joined #openstack-meeting06:45
*** e0ne has joined #openstack-meeting06:57
*** e0ne has quit IRC06:59
*** ykatabam has quit IRC06:59
*** belmoreira has quit IRC07:01
*** belmoreira has joined #openstack-meeting07:03
*** slaweq has joined #openstack-meeting07:04
*** _pewp_ has quit IRC07:11
*** _pewp_ has joined #openstack-meeting07:12
*** pcaruana has quit IRC07:12
*** tetsuro has joined #openstack-meeting07:13
*** imsurit has quit IRC07:17
*** tetsuro has quit IRC07:17
*** tesseract has joined #openstack-meeting07:20
*** imsurit has joined #openstack-meeting07:24
*** belmoreira has quit IRC07:28
*** tssurya has joined #openstack-meeting07:32
*** belmoreira has joined #openstack-meeting07:35
*** ralonsoh has joined #openstack-meeting07:39
*** ociuhandu has joined #openstack-meeting07:39
*** boxiang has joined #openstack-meeting07:40
*** ralonsoh has quit IRC07:40
*** ralonsoh has joined #openstack-meeting07:40
*** pcaruana has joined #openstack-meeting07:42
*** e0ne has joined #openstack-meeting07:53
*** ociuhandu has quit IRC07:56
*** electrofelix has joined #openstack-meeting07:58
*** boxiang has quit IRC07:59
*** boxiang has joined #openstack-meeting07:59
*** belmoreira has quit IRC08:01
*** lpetrut has joined #openstack-meeting08:03
*** lpetrut has quit IRC08:04
*** lpetrut has joined #openstack-meeting08:04
*** belmoreira has joined #openstack-meeting08:07
*** belmoreira has quit IRC08:09
*** belmoreira has joined #openstack-meeting08:11
*** boxiang has quit IRC08:17
*** lpetrut has quit IRC08:29
*** priteau has joined #openstack-meeting08:53
*** belmoreira has quit IRC08:54
*** psachin has quit IRC09:00
*** cheng1 has quit IRC09:02
*** belmoreira has joined #openstack-meeting09:03
*** cheng1 has joined #openstack-meeting09:03
*** bobh has joined #openstack-meeting09:07
*** janki has quit IRC09:08
*** janki has joined #openstack-meeting09:09
*** bobh has quit IRC09:12
*** jchhatbar has joined #openstack-meeting09:17
*** janki has quit IRC09:17
*** belmoreira has quit IRC09:22
*** jchhatbar has quit IRC09:25
*** belmoreira has joined #openstack-meeting09:26
*** asmita_s has joined #openstack-meeting09:27
*** e0ne_ has joined #openstack-meeting09:36
*** asmita_s has quit IRC09:36
*** yamamoto has joined #openstack-meeting09:36
*** e0ne has quit IRC09:37
*** priteau has quit IRC09:43
*** priteau has joined #openstack-meeting09:44
*** priteau has quit IRC09:50
*** priteau has joined #openstack-meeting09:52
*** belmoreira has quit IRC09:53
*** ociuhandu has joined #openstack-meeting09:57
*** belmoreira has joined #openstack-meeting10:00
*** ociuhandu has quit IRC10:01
*** yamamoto has quit IRC10:07
*** ricolin__ has joined #openstack-meeting10:28
*** yamamoto has joined #openstack-meeting10:30
*** yamamoto has quit IRC10:30
*** ricolin_ has quit IRC10:31
*** bbowen has joined #openstack-meeting10:44
*** bbowen has quit IRC10:45
*** bbowen has joined #openstack-meeting10:46
*** yamamoto has joined #openstack-meeting10:51
*** yamamoto has quit IRC10:55
*** rcernin has quit IRC10:58
*** yamamoto has joined #openstack-meeting11:10
*** belmoreira has quit IRC11:17
*** belmoreira has joined #openstack-meeting11:19
*** ociuhandu has joined #openstack-meeting11:20
*** ociuhandu has quit IRC11:21
*** panda is now known as panda|eat11:25
*** qinhaizhong has joined #openstack-meeting11:26
*** e0ne has joined #openstack-meeting11:29
*** e0ne_ has quit IRC11:30
*** qinhaizhong has quit IRC11:31
*** qinhaizhong has joined #openstack-meeting11:32
*** qinhaizhong has quit IRC11:43
*** imsurit has quit IRC11:44
*** raildo has joined #openstack-meeting11:45
*** bobh has joined #openstack-meeting11:45
*** priteau has quit IRC11:46
*** bobh has quit IRC11:50
*** jamesmcarthur has joined #openstack-meeting11:51
*** ociuhandu has joined #openstack-meeting12:01
*** ociuhandu has quit IRC12:05
*** jamesmcarthur has quit IRC12:06
*** ociuhandu has joined #openstack-meeting12:15
*** bobh has joined #openstack-meeting12:16
*** Lucas_Gray has joined #openstack-meeting12:22
*** ociuhandu has quit IRC12:25
*** ociuhandu has joined #openstack-meeting12:27
*** ociuhandu has quit IRC12:31
*** ociuhandu has joined #openstack-meeting12:31
*** Lucas_Gray has quit IRC12:32
*** panda|eat is now known as panda12:34
*** Lucas_Gray has joined #openstack-meeting12:35
*** tssurya_ has joined #openstack-meeting12:37
*** tssurya has quit IRC12:37
*** tssurya_ is now known as tssurya12:37
*** artom has quit IRC12:37
*** Lucas_Gray has quit IRC12:42
*** jamesmcarthur has joined #openstack-meeting12:44
*** belmoreira has quit IRC12:48
*** Luzi has quit IRC12:55
*** belmoreira has joined #openstack-meeting13:06
*** bobh has quit IRC13:12
*** enriquetaso has joined #openstack-meeting13:13
*** enriquetaso has quit IRC13:15
*** yamamoto has quit IRC13:21
*** ociuhandu has quit IRC13:26
*** dmacpher has joined #openstack-meeting13:26
*** ociuhandu has joined #openstack-meeting13:27
*** mriedem has joined #openstack-meeting13:27
*** priteau has joined #openstack-meeting13:28
*** ociuhandu has quit IRC13:31
*** lseki has joined #openstack-meeting13:33
*** AlanClark has joined #openstack-meeting13:36
*** carloss has joined #openstack-meeting13:36
*** enriquetaso has joined #openstack-meeting13:42
*** yamamoto has joined #openstack-meeting13:43
*** eharney has joined #openstack-meeting13:46
*** priteau has quit IRC13:53
*** lbragstad has joined #openstack-meeting13:59
*** priteau has joined #openstack-meeting14:01
*** ociuhandu has joined #openstack-meeting14:07
*** belmoreira has quit IRC14:10
*** ociuhandu has quit IRC14:16
*** ociuhandu has joined #openstack-meeting14:19
*** AlanClark has quit IRC14:22
*** iyamahat has joined #openstack-meeting14:22
*** jhesketh has quit IRC14:23
*** ociuhandu has quit IRC14:23
*** artom has joined #openstack-meeting14:25
*** nickthetait has joined #openstack-meeting14:27
*** zbitter is now known as zaneb14:32
*** mhen has joined #openstack-meeting14:43
*** priteau has quit IRC14:56
*** gagehugo has joined #openstack-meeting14:59
gagehugo#startmeeting security15:00
openstackMeeting started Thu Aug  1 15:00:12 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: security)"15:00
openstackThe meeting name has been set to 'security'15:00
gagehugo#link https://etherpad.openstack.org/p/security-agenda15:00
*** thgcorrea has joined #openstack-meeting15:00
gagehugoo/15:00
nickthetaithi15:00
mheno/15:01
gagehugowe will start in a couple minutes15:01
*** sfernand has joined #openstack-meeting15:01
*** yamamoto has quit IRC15:02
gagehugook15:03
gagehugo#topic Security Bug15:03
*** openstack changes topic to "Security Bug (Meeting topic: security)"15:03
gagehugo#link https://bugs.launchpad.net/os-vif/+bug/183725215:04
openstackLaunchpad bug 1837252 in os-vif trunk "IFLA_BR_AGEING_TIME of 0 causes flooding across bridges" [High,In progress] - Assigned to sean mooney (sean-k-mooney)15:04
*** yamamoto has joined #openstack-meeting15:04
*** yamamoto has quit IRC15:04
gagehugoif anyone can take a look at ^, it would be appreciated15:04
gagehugoit looks a bit similar to other bugs, but there's comments stating that its affecting multiple network backends15:05
*** yamamoto has joined #openstack-meeting15:05
gagehugo#topic Security Guide Updates15:05
fungihey, sorry, our broadband provider seems to have lost contact with the mainland at 15:00z precisely (i'm back on through a wireless modem for now)15:05
*** openstack changes topic to "Security Guide Updates (Meeting topic: security)"15:05
gagehugofungi: oh no15:06
fungiit happens with some regularity15:06
fungii need to get around to hooking a wireless modem directly to my home firewall as a backup connection15:06
gagehugonickthetait: I asked cmurphy about the federation guide, it's quite out of date and it would probably be best to just link directly to the keystone federation guide15:06
gagehugo#link https://docs.openstack.org/keystone/latest/admin/federation/introduction.html15:07
nickthetaitok good deal15:07
gagehugoalso, one less page for us to keep up-to-date15:07
nickthetaitexactly15:08
gagehugonickthetait: any other issues currently?15:08
gagehugoI saw a bunch of changes got merged15:08
nickthetaitno issues and yes first changes have landed :)15:09
gagehugo\o/15:09
nickthetaitone question about checklists15:09
*** yamamoto has quit IRC15:09
gagehugosure15:09
nickthetaitfor example https://docs.openstack.org/security-guide/identity/checklist.html15:09
nickthetaithow can I verify these are relevant and still useful?15:09
*** ociuhandu has joined #openstack-meeting15:10
gagehugoyou would need to be aware of the current state of that project haha15:12
gagehugo04 is not relevent15:12
gagehugoPKI tokens are gone15:12
gagehugoI think 05 can be changed15:12
gagehugoI would need to check the value off the top of my head15:13
gagehugoI can't remember*15:13
*** yamamoto has joined #openstack-meeting15:13
*** yamamoto has quit IRC15:13
gagehugonickthetait: I'll look through those and let you know15:13
nickthetaithmm so there will be some serious work to get those sorted out15:13
nickthetaitthx15:14
gagehugo#action gagehugo to look through https://docs.openstack.org/security-guide/identity/checklist.html15:14
*** yamamoto has joined #openstack-meeting15:14
gagehugothe other services likely will need updates as well15:14
nickthetaityes for sure15:14
gagehugo#topic Cinder/Nova Policy Follow-Up15:15
*** openstack changes topic to "Cinder/Nova Policy Follow-Up (Meeting topic: security)"15:15
*** bbowen has quit IRC15:15
gagehugomhen: o/15:15
*** bbowen has joined #openstack-meeting15:15
mhenhi :)15:15
gagehugoI looked at this briefly, and I saw you commented on that nova ps15:16
mhensorry but I had to give a -1 for now on the ps15:16
gagehugooh no worries15:16
mhenI think the proposed documentation change is tackling the problem from the wrong side to be honest15:16
gagehugoit probably is :)15:16
mhenwe could introduce clear statements of all the different cases where either yaml or json is required/expected in the docs15:18
mhenbut the root problem imo is still that Nova behaves differently than Cinder15:18
*** yamamoto has quit IRC15:18
gagehugoyeah, each service tends to do that15:18
gagehugoI agree though, we can addon to that ps to tackle all of the cases15:19
gagehugoI think your comment also clarified more of the issue for me as well15:20
mhenby the way, the change required to make one of the services adapt to the other's default in regards to policy format is one line of code only for either15:20
gagehugobut I also have been heads-down the last week, so haven't had much time to look deeper into it, but it's calmed down a bit here15:20
gagehugoyeah, more to bring them in sync15:21
mhengagehugo, no problem. I hope my comment can help understanding the problem.15:21
mhenwouldn't the default policy format (as a security related decision) important to be consistent across OpenStack?15:23
gagehugooh yes15:23
gagehugothere's been other policy related groups at various summits as well, so it's not only a "security" topic15:24
fungiunified policy management has been a long time need opwnstack-wise15:25
fungier, openstack-wide15:25
gagehugoyes15:25
gagehugo#action: follow up on nova ps, check cinder's docs/policy generation, attempt to unify them15:26
mhenis anybody aware of other component's default format? (aside from Nova and Cinder) I haven't looked into others yet ...15:27
*** gyee has joined #openstack-meeting15:27
gagehugokeystone's sample is json iirc15:27
gagehugobut it generates a yaml if you genpolicy15:28
mhenthe sample might be misleading btw, it's important what the service is actually trying to parse during startup when no config option is set15:28
*** tssurya has quit IRC15:30
gagehugowell, services also have policy-in-code as well15:31
mhenanyway, if it turns out either Nova or Cinder is the only one using a different default across OpenStack, we could possibly convince them to change it, no?15:31
gagehugoIf we have a clear directive to get the services to follow the same format, it should be fine15:31
fungii think so, yes. though that may require time if it means behavior changes for folks at upgrade15:31
gagehugothat is true15:32
fungiin the past we've taken tactics like deprecating the old options and introducing new options which default to the new value but you have to remove the old option for them to take effect15:32
fungistuff like that15:32
fungiso that on upgrade the behavior doesn't change, but the defaults do either when you remove the old option or pass the end of the deprecation period when the service no longer recognizes the old option at all15:33
mhennon-trivial, I see15:34
mhenanother option would be to convince Cinder to try looking up a json if yaml isn't found (in case the assumption that Cinder is the only one using yaml per default currently, holds true)15:35
gagehugomhen: so if you specify "policy.yaml" in the config, but you have json, it will look for either?15:36
*** e0ne has quit IRC15:37
mhengagehugo, that might actually be a bit problematic. I'd suggest only looking for json as well if 'policy_file' is not explicitly set at all in Cinder15:37
gagehugoI believe if you don't specify a file most services use the default in-code policy15:38
mhenfrom my experience, they will also load whatever is their default format if available15:39
mhenso, if you place a '/etc/nova/policy.json' it will be loaded if existing even if the config entry isn't specified15:39
gagehugoI know that the services all don't work the same, so that could very well be the case15:39
gagehugofor some, but not others15:39
mhenfrom a quick browse through the code, it seems both Glance and Keystone also use the oslo.config default setting which is json, which hints at Cinder possibly being the only one loading yaml per default15:41
mhengagehugo, you mean there are services which will not load any policy file at all unless specified in their config as 'policy_file = <path>'?15:42
gagehugomhen: I am not 100% sure, they're all different15:43
gagehugothis was one of the pain-points about the policy-in-code movement iirc15:43
mhenif that is true, the whole inconsistency situation is a lot worse than I thought :D15:44
gagehugoI mean, we explicitly deploy with a custom policy file that we specify in each service's config15:44
gagehugowhat each service does for "default" behavior though, that's a good quesiton15:44
gagehugoquestion*15:45
mhenit's always better to define everything explicitly but sadly not everyone does that15:45
fungiyeah, the desire with policy-in-code, if i understand correctly, is that shipping policy as configuration meant a lot of boilerplate users had to manage, so instead it should be possible to get a working deployment with no explicit policy configuration at all (relying on the implicit default policies provided by the services)15:45
mhenhaving sane defaults helps a lot imo15:45
fungiwell, as does documenting what the explicit equivalent of the implicit defaults looks like15:46
mhensure15:46
*** jamesmcarthur has quit IRC15:46
gagehugofungi: yes15:47
*** ociuhandu has quit IRC15:47
*** dmacpher has quit IRC15:48
*** priteau has joined #openstack-meeting15:50
*** whoami-rajat has quit IRC15:51
gagehugomhen: so I guess the path forward is to just keep this topic going, and follow up on nova/cinder for now15:52
mhengagehugo, agreed15:52
gagehugook cool15:53
gagehugo#topic open discussion15:53
*** openstack changes topic to "open discussion (Meeting topic: security)"15:53
gagehugo7 minutes left, anyone have anything else?15:53
nickthetaiti do15:53
nickthetaithttps://docs.openstack.org/security-guide/identity/tokens.html15:54
nickthetaitfernet tokens have been the default for a while now15:54
nickthetaitok to delete any non-fernet stuff on that page?15:54
gagehugouh15:54
gagehugoyes, but also add JWT tokens15:54
nickthetaitwill do15:54
gagehugolemme grab a link here real quick15:54
*** moguimar has quit IRC15:55
gagehugohttps://docs.openstack.org/keystone/stein/admin/tokens-overview.html#token-providers15:55
gagehugo(we could just link to ^ as well)15:55
nickthetaitok15:55
gagehugootherwise update the page with info from ^15:56
gagehugoif we are discussing tokens from a security perspective, rather than a deployment one15:56
nickthetaityes exactly :)15:56
gagehugook15:57
gagehugothanks everyone, have a good rest of the week + weekend15:57
gagehugo#endmeeting15:57
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:58
openstackMeeting ended Thu Aug  1 15:57:59 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:58
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2019/security.2019-08-01-15.00.html15:58
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2019/security.2019-08-01-15.00.txt15:58
mhenthanks!15:58
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2019/security.2019-08-01-15.00.log.html15:58
nickthetaito/15:58
*** armax has joined #openstack-meeting15:58
*** rsimai is now known as rsimai_away16:03
*** artom has quit IRC16:04
*** nickthetait has left #openstack-meeting16:07
*** igordc has joined #openstack-meeting16:08
*** yaawang has quit IRC16:09
*** yaawang has joined #openstack-meeting16:13
*** lbragstad has quit IRC16:29
*** artom has joined #openstack-meeting16:29
*** yaawang has quit IRC16:30
*** yaawang has joined #openstack-meeting16:32
*** enriquetaso has quit IRC16:48
*** igordc has quit IRC17:03
*** priteau has quit IRC17:05
*** electrofelix has quit IRC17:06
*** bobh has joined #openstack-meeting17:11
*** bobh has quit IRC17:11
*** whoami-rajat has joined #openstack-meeting17:15
*** raildo has quit IRC17:17
*** ralonsoh has quit IRC17:20
*** kopecmartin is now known as kopecmartin|off17:24
*** igordc has joined #openstack-meeting17:27
*** ricolin__ is now known as ricolin17:30
*** igordc has quit IRC17:30
*** slaweq has quit IRC17:42
*** igordc has joined #openstack-meeting17:42
*** ociuhandu has joined #openstack-meeting17:44
*** enriquetaso has joined #openstack-meeting17:44
*** senrique_ has joined #openstack-meeting17:47
*** ociuhandu has quit IRC17:48
*** enriquetaso has quit IRC17:49
*** yamamoto has joined #openstack-meeting17:57
*** slaweq has joined #openstack-meeting17:57
*** senrique_ has quit IRC17:59
*** yamamoto has quit IRC18:04
*** jamesmcarthur has joined #openstack-meeting18:23
*** eharney has quit IRC18:32
*** eharney has joined #openstack-meeting18:36
*** thgcorrea has quit IRC18:40
*** diablo_rojo has joined #openstack-meeting18:43
*** armstrong has joined #openstack-meeting18:50
*** senrique_ has joined #openstack-meeting19:17
*** tesseract has quit IRC19:23
*** raildo has joined #openstack-meeting19:44
*** raildo has quit IRC19:59
*** senrique_ has quit IRC20:03
*** radez has quit IRC20:03
*** eharney has quit IRC20:03
*** Luzi has joined #openstack-meeting20:06
*** raildo has joined #openstack-meeting20:07
*** jamesmcarthur has quit IRC20:16
*** raildo has quit IRC20:24
*** raildo has joined #openstack-meeting20:24
*** diablo_rojo has quit IRC20:35
*** e0ne has joined #openstack-meeting20:40
*** efried has left #openstack-meeting20:49
*** efried has joined #openstack-meeting20:49
*** takashin has joined #openstack-meeting20:50
efried#startmeeting nova21:00
openstackMeeting started Thu Aug  1 21:00:26 2019 UTC and is due to finish in 60 minutes.  The chair is efried. Information about MeetBot at http://wiki.debian.org/MeetBot.21:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:00
*** openstack changes topic to " (Meeting topic: nova)"21:00
openstackThe meeting name has been set to 'nova'21:00
takashino/21:00
LuziO/21:01
mriedem.21:01
melwitto/21:01
efried#link agenda https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting21:02
efried#topic Last meeting21:03
efried#link Minutes from last meeting: http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-07-25-14.00.html21:03
*** openstack changes topic to "Last meeting (Meeting topic: nova)"21:03
efriedaction from last time21:03
efriedefried to (delegate or) ensure releases as appropriate for python-novaclient and os-vif21:03
efried21:03
efriedother old business?21:04
efried#topic Release News21:04
*** openstack changes topic to "Release News (Meeting topic: nova)"21:04
efriedspec freeze exceptions will be discussed in opens21:05
efriedother release news?21:05
efried#topic Bugs (stuck/critical)21:05
efriedNo Critical bugs21:05
efried#link 67 new untriaged bugs (-0 since the last meeting): https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New21:05
efried#link 2 untagged untriaged bugs (-1 since the last meeting): https://bugs.launchpad.net/nova/+bugs?field.tag=-*&field.status%3Alist=NEW21:05
*** openstack changes topic to "Bugs (stuck/critical) (Meeting topic: nova)"21:05
efriedanything on bugs?21:05
efried#topic Gate status21:06
efried#link check queue gate status http://status.openstack.org/elastic-recheck/index.html21:06
efried#link 3rd party CI status (seems to be back in action) http://ciwatch.mmedvede.net/project?project=nova21:06
*** openstack changes topic to "Gate status (Meeting topic: nova)"21:06
efried#topic Reminders21:07
*** openstack changes topic to "Reminders (Meeting topic: nova)"21:07
efriedany?21:07
mriedemgeneral reminder,21:07
mriedembut if anyone wants to hack on compute osc gaps https://etherpad.openstack.org/p/compute-api-microversion-gap-in-osc21:07
mriedemand want help or whatever ping me21:07
mriedemi've been semi busy in osc lately21:07
efriedcool21:08
efried#topic Stable branch status21:08
*** openstack changes topic to "Stable branch status (Meeting topic: nova)"21:08
efried#link stable/stein: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/stein21:08
efried#link stable/rocky: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/rocky21:08
efried#link stable/queens: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/queens21:08
mriedemquite a few stein and rocky changes just flushed this week21:08
mriedemlots of rocky and queens yet21:09
efriedcool21:09
efried#topic Sub/related team Highlights21:10
efriedPlacement (cdent)21:10
efried#link latest pupdate http://lists.openstack.org/pipermail/openstack-discuss/2019-July/008053.html21:10
*** openstack changes topic to "Sub/related team Highlights (Meeting topic: nova)"21:10
efriedPretty quiet in placement-land, at least for stuff nova cares about21:10
efriedAPI (gmann)21:11
efriedDid not push the updates on ML. Main updates are below:21:11
efried1. API cleanup code is ready for review and it is on runway.21:11
efried2. I am working on 'Default policy refresh' and making first API policies (os-services) seq of changes up. That will be used to get early feedback and direction we will follow for all the API policies. I should be ready with that by Monday.21:11
efriedSome followup nits of merged spec are fixed in this, need review on this spec-nits-update patch- https://review.opendev.org/#/c/669196/.21:11
efried3. There are few more API related BPs up for review or under review (you can fetch the links from API updates ML of last week).21:11
efried(1st person above is gmann of course)21:11
efried#topic Stuck Reviews21:11
*** openstack changes topic to "Stuck Reviews (Meeting topic: nova)"21:11
efriedany?21:11
efried#topic Review status page21:12
efried#link http://status.openstack.org/reviews/#nova21:12
efriedCount: 461 (-1); Top score: 1352 (+21)21:12
efried#help Pick a patch near the top, shepherd it to closure21:12
*** openstack changes topic to "Review status page (Meeting topic: nova)"21:12
*** Lucas_Gray has joined #openstack-meeting21:13
efried#topic Open discussion21:13
efriedTrain Spec Freeze Exception Process21:13
*** openstack changes topic to "Open discussion (Meeting topic: nova)"21:13
efriedlet's do21:13
efried#link Nova Part of Image Encryption: https://review.opendev.org/#/c/60869621:13
efriedfirst since Luzi is here21:13
efriedLuzi: your mic21:13
Luzihi o/21:13
Luzifirst: I answered mriedem's questions -  it's a good thing to add a trait - i also read your comment efried21:14
Luzimriedem, was that (trait and upgrade) your only concerns?21:15
mriedemmy main concerns were around handling upgrades and support for non-libvirt computes21:15
mriedemi think the trait solves that21:15
mriedemtrait + some request filter thing21:16
mriedemas for the rest, johnthetubaguy and dansmith were most vocal in the forum session from the nova team from what i remember so i'll defer to them on whether or not this should be an exception for train21:16
Luziyes trait + filter, I would add this to the spec21:16
mriedemit also depends on the glance and cinder stuff getting done right? or at least glance/barbican?21:16
Luzithe cinder spec is merged21:16
mriedemsure, but that doesn't mean the code is going to make train21:17
Luziand barbican is working on the secret consumer API21:17
mriedemiow, this smells like backlog for U to me, but i'm not blocking it21:17
mriedemand like i said i'll defer to john and dan21:17
efriedmriedem: How long should we be waiting for johnthetubaguy and dansmith to respond?21:17
mriedemdan is out this week, and i wouldn't expect him to want to jump on this post-spec freeze first thing when he's back next week (if at all)21:18
mriedemjohn....idk, he's streaky21:18
mriedemdragging FFEs past the deadline also sucks21:18
*** senrique_ has joined #openstack-meeting21:18
mriedemb/c why have a deadline.21:18
efriedWell21:18
efriedimo it's for things like this that were really close and just needed a little push over the edge21:18
mriedemwell i guess i'd try to get dan to take a look by end of next week21:19
mriedemonce the upgrade related stuff and non-libvirt considerations are written up21:19
efriedto me, this is a pretty small an non-invasive effort, and obviously the deps have to be met or it won't go, but that's not on us.21:19
efriedokay, wfm21:19
mriedem"small an non-invasive effort" famous last words21:19
efriedI know, I know.21:20
mriedemanything involve multiple nova services let alone multiple openstack services is not small....21:20
mriedemlike i said i'm not blocking21:20
efriedPoint is, if all the other stars align, it would suck for it to not make Train purely because "we didn't get the spec approved by the freeze date".21:20
efriedI would rather punt an approved spec to U21:21
mriedemi don't disagree21:21
mordredI agree with everything21:21
mriedemdon't want this to become another john hopkins trusted certs thing21:21
mriedemwhich they pushed for 4 releases or something, landed a thing and then lost their grant and moved on21:21
mriedemso who knows if anyone is using ^ or it works anymore21:22
efriedso okay, we have a plan:21:22
efried#action Luzi to update spec per comments21:22
efried#action dansmith (and if possible johnthetubaguy) to review and make a call by end of next week21:22
efriedmriedem is +0 and I'm in favor, so whatever Dan (& John) say goes.21:22
efriedmelwitt: do you have an opinion?21:22
* mriedem puts curmudgeon pin away21:22
efriedsince you're the other core in the room?21:23
melwittnot really, I haven't been through that spec21:23
efriedOkay.21:23
mriedemwould be cool if mnaser et al ops could read it,21:23
mriedemsince in berlin there was a session about encrypted * and this was one of the items21:23
mriedemtotal hands off user encrypted images21:23
efriedI added mnaser to the review21:24
efriedLuzi: Anything else to bring up before we move on?21:24
Luzino21:24
efriedokay, next:21:24
efried#link Use PCPU and VCPU in One Instance: https://review.opendev.org/#/c/668656/21:24
mriedemthis came in pretty late21:25
mriedemjuly 221:25
efriedWhere we're at on this one is that stephenfin and sean (and we think alex) have agreed on the approach21:26
efriedand have come up with and documented in the21:26
efried#link blueprint https://blueprints.launchpad.net/nova/+spec/use-pcpu-and-vcpu-in-one-instance21:26
efrieda set of provisos/conditions that must be met21:26
efriedobviously it's got a hard dep on cpu-resources; ^ states that that must be done a couple weeks before feature freeze or this one dies.21:27
mriedembut neither of them have voted on it21:28
mriedemat least the latest21:28
efriedno, it was just updated21:28
efried...per guidance from Stephen & Sean.21:29
mriedemi haven't read it in detail nor would i probably grok it21:29
mriedemso i'll defer to dan (again)21:29
mriedemand he'll ugh it all day long probably21:29
efriedWas Dan invoved on the cpu-resources work?21:29
mriedempretty sure he was involved in the shape of that spec21:29
mriedemat least when jay was involved21:29
efriedI don't see him involved in that spec review other than one comment back in April.21:31
mriedemplus irc,21:31
mriedemplus ptg/summit21:31
mriedemwhatever, anyway, if you ask me i'll say goto dansmith21:31
mriedemand he'll probably say goto /dev/null21:31
mriedembut he can speak for himself when he's back :)21:32
efriedOkay.21:32
efriedI should probably recuse myself here because a) I don't understand the technical side very well, and b) this is an Intel ask.21:32
efriedso if you're punting, then I guess21:33
efried#action dansmith to decide on all the things next week.21:33
efriedAny other open discussion before we blow this popsicle stand?21:33
melwittI have a thing21:33
efriedhit it21:33
melwittwould like for ppl to look over https://blueprints.launchpad.net/nova/+spec/policy-rule-for-host-status-unknown and let me know if they think it still needs a spec or not21:34
efriedHeh. Spec freeze exception by killing spec.21:34
melwittbecause the original proposal evolved into a policy rule thing and I have seen us do new policy rules as wishlist bug before21:34
melwitthaha, yeah. I'm not getting my hopes up but wanted to throw it out there, in case it is no longer spec worthy21:35
efriedoh, this one21:35
melwittso if anyone has feedback about that, let me know. doesn't have to be right now21:35
mriedemyou mean like https://review.opendev.org/#/c/526558/21:35
melwittyeah that's the example I was thinking about21:35
efriedI thought this one was under debate for reasons of "do we really want to expose UNKNOWN"21:36
mriedemthis is different21:36
mriedemthis is expose host_status but only if UNKNOWN21:36
melwittthe debate was about overwriting the cosmetic instance "status"21:36
mriedemnot change server status to UNKNOWN if host_status is UNKNOWN21:36
melwittright21:36
mriedemwhich is much more targeted21:36
efriedis there code for this?21:37
melwittno but there can be. I didn't do anything yet21:37
mriedemi'm not against this,21:37
melwittthe only potentially weird area on this one is, what to show if host_status it not UNKNOWN. I was thinking empty string rather than omitting the field21:38
efriedno microversion right?21:38
mriedemi think the proposed policy rule needs to conform to the new standards but that's impl details21:38
mriedemi also have performance concerns when listing servers, but that's impl21:38
melwittno microversion21:38
mriedemif you're adding a new field to the response by default that's a change21:38
mriedemhost_status was new in 2.16 from what i remember21:38
mriedemyup (man my long term memory is outstanding)21:39
*** artom has quit IRC21:39
mriedemso would it only show up if >= 2.16 and policy passes?21:39
melwittby default for whom? I mean, host_status is there for admins by default. are you saying making it be there by default for non admins would be considered an API change?21:39
melwittyeah21:39
mriedemi meant regardless of microversion21:40
mriedemif you're >= 2.16 then that's less of an issue21:40
mriedemidk about just returning an empty string21:40
melwittoh. yeah, when I said no microversion I meant not adding a new microversion for this21:40
mriedemwe have some apis that don't return fields based on policy21:41
melwittyeah, I'm not sure either. I was thinking it might be weird to return the field only if it is UNKNOWN21:41
mriedemif only there were a spec to discuss this in review....21:41
melwittbecause that is not really based on policy. it would be unpredictable21:41
melwittok, guess that answers my question21:41
mriedemwell,21:41
efriedgibi is back next week too, and it was based on his feedback that the latest PS was pushed, yah?21:42
mriedemthis would be unpredictable w/o a microversion depending on which cloud you're talking to anyway21:42
mriedemthe docs say, "This attribute appears in the response only if the policy permits."21:42
mriedemso i think that means it's cool to not show it if you don't pass policy21:42
mriedemand if you do pass policy but the value is not UNKNOWN, we still don't show it21:42
melwittok, if that is kosher, then that would be easier for me21:43
mriedemeither way the client needs to handle it21:43
mriedemi can leave some comments on the bp whiteboard21:43
melwittthanks21:43
efriedare we done then?21:44
melwittyeah, I think I'm good21:44
efriedOkay. Thanks all21:44
efriedo/21:44
efried#endmeeting21:44
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"21:44
openstackMeeting ended Thu Aug  1 21:44:58 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:45
openstackMinutes:        http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-08-01-21.00.html21:45
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-08-01-21.00.txt21:45
openstackLog:            http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-08-01-21.00.log.html21:45
*** takashin has left #openstack-meeting21:45
*** Luzi has quit IRC21:46
*** mriedem has quit IRC21:53
*** slaweq has quit IRC22:10
*** senrique_ has quit IRC22:10
*** slaweq has joined #openstack-meeting22:11
*** slaweq has quit IRC22:16
*** diablo_rojo has joined #openstack-meeting22:21
*** patrickeast_ has joined #openstack-meeting22:29
*** jamespage_ has joined #openstack-meeting22:29
*** dustinc_ has joined #openstack-meeting22:29
*** mnasiadka_ has joined #openstack-meeting22:30
*** kmalloc_ has joined #openstack-meeting22:30
*** patrickeast has quit IRC22:37
*** mordred has quit IRC22:37
*** mnasiadka has quit IRC22:37
*** jamespage has quit IRC22:37
*** kmalloc has quit IRC22:37
*** dustinc has quit IRC22:37
*** patrickeast_ is now known as patrickeast22:37
*** mnasiadka_ is now known as mnasiadka22:37
*** kmalloc_ is now known as kmalloc22:37
*** jamespage_ is now known as jamespage22:37
*** dustinc_ is now known as dustinc22:37
*** panda has quit IRC22:41
*** panda has joined #openstack-meeting22:42
*** mordred has joined #openstack-meeting22:44
*** e0ne_ has joined #openstack-meeting22:45
*** e0ne has quit IRC22:46
*** e0ne has joined #openstack-meeting22:47
*** e0ne_ has quit IRC22:50
*** e0ne has quit IRC22:52
*** whoami-rajat has quit IRC22:55
*** bbowen has quit IRC23:06
*** igordc has quit IRC23:10
*** ianychoi has quit IRC23:12
*** rcernin has joined #openstack-meeting23:21
*** ykatabam has joined #openstack-meeting23:25
*** sfernand has quit IRC23:51
*** artom has joined #openstack-meeting23:52
*** trident has quit IRC23:54
*** diablo_rojo is now known as diablo_rojo_23:56
*** diablo_rojo_ is now known as diablo__rojo_23:56
*** diablo__rojo_ is now known as diablo_rojoooooo23:57
*** diablo_rojoooooo is now known as diablo_rojo23:57
*** trident has joined #openstack-meeting23:59
« Wednesday, 2019-07-31 Index Friday, 2019-08-02 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!