Friday, 2022-01-28

« Thursday, 2022-01-27 Index Saturday, 2022-01-29 »
opendevreviewMerged openstack/neutron-lib stable/ussuri: Enforce policy for qos_policy_id attribute  https://review.opendev.org/c/openstack/neutron-lib/+/82621400:41
opendevreviewMerged openstack/neutron-lib stable/victoria: Enforce policy for qos_policy_id attribute  https://review.opendev.org/c/openstack/neutron-lib/+/82621300:41
opendevreviewyatin proposed openstack/neutron stable/xena: Update irrelevant-files for non scenario jobs  https://review.opendev.org/c/openstack/neutron/+/82681105:34
opendevreviewyatin proposed openstack/neutron stable/wallaby: Update irrelevant-files for non scenario jobs  https://review.opendev.org/c/openstack/neutron/+/82683005:35
opendevreviewyatin proposed openstack/neutron stable/wallaby: [OVN] Correctly set dns_server in dhcpv4/v6 options  https://review.opendev.org/c/openstack/neutron/+/82402205:38
opendevreviewyatin proposed openstack/neutron-lib stable/stein: Dropping lower constraints testing (stable Xena)  https://review.opendev.org/c/openstack/neutron-lib/+/82666805:44
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: WIP: Make ovs-taas start in VLAN only env  https://review.opendev.org/c/openstack/tap-as-a-service/+/81744907:13
opendevreviewyatin proposed openstack/neutron-lib stable/stein: Enforce policy for qos_policy_id attribute  https://review.opendev.org/c/openstack/neutron-lib/+/82661507:18
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: WIP: Make ovs-taas start in VLAN only env  https://review.opendev.org/c/openstack/tap-as-a-service/+/81744907:19
opendevreviewyatin proposed openstack/neutron-tempest-plugin master: Use random name in qos test_list_policy_filter_by_name  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82682708:25
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Use elevated context to update router's external gateway  https://review.opendev.org/c/openstack/neutron/+/82682808:36
slaweqlajoskatona: hi, if You don't mind I would like to add one topic to the drivers meeting for today09:04
slaweqit's not rfe but I would like to talk about https://bugs.launchpad.net/neutron/+bug/195933209:04
slaweqis that possible?09:04
lajoskatonaslaweq: sure, we have only one topic as "on demand"09:14
opendevreviewMerged openstack/neutron-dynamic-routing master: Use TOX_CONSTRAINTS_FILE  https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/82289309:23
slaweqlajoskatona: thx a lot09:38
opendevreviewyatin proposed openstack/neutron-tempest-plugin master: Update irrelevant-files for scenario jobs  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82664709:52
opendevreviewyatin proposed openstack/neutron-tempest-plugin master: [DNM] test patch  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82686709:54
opendevreviewRodolfo Alonso proposed openstack/neutron master: WIP Use neutron db for ovn agents  https://review.opendev.org/c/openstack/neutron/+/81885010:33
opendevreviewMerged openstack/ovn-octavia-provider stable/victoria: [victoria/ussuri] Fix CI jobs  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/82565210:44
ralonsohbcafarel, https://review.opendev.org/c/openstack/neutron/+/82643810:49
ralonsohwhat do you think?10:49
ralonsohI added this comment to justify why I was leaving self.vif_details[VIF_DETAILS_CONNECTIVITY] key10:50
ralonsohin stable releases. It is easier 10:50
fricklerslaweq: I found another bug: "openstack port list" fails with 500 as system-admin. my feeling is that this should be allowed, even as system-reader. but if there is a reason no to allow it, it should at least have a proper return code and not 50010:55
fricklerlike in the server log there is "ERROR oslo_middleware.catch_errors oslo_policy.policy.InvalidScope: rule:get_port requires a scope of ['project'], request was made with system scope."10:55
opendevreviewMerged openstack/ovn-octavia-provider stable/victoria: Set listeners back to ACTIVE upon pool/member action failures  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/82550510:57
opendevreviewMerged openstack/ovn-octavia-provider stable/ussuri: [victoria/ussuri] Fix CI jobs  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/82565310:58
opendevreviewMerged openstack/ovn-octavia-provider stable/ussuri: Set listeners back to ACTIVE upon pool/member action failures  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/82551510:58
opendevreviewLajos Katona proposed openstack/neutron-tempest-plugin master: Use random policy names in test_qos and test_qos_negative  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82687111:02
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: WIP: Install flows to bridge only if the network provider is related  https://review.opendev.org/c/openstack/tap-as-a-service/+/82230211:06
opendevreviewSlawek Kaplonski proposed openstack/neutron master: Handle properly InvalidScope exceptions to not return error 500  https://review.opendev.org/c/openstack/neutron/+/82687211:10
fricklerah, you had a bug open for that already, great11:47
opendevreviewRodolfo Alonso proposed openstack/neutron master: [OVN] Implement floating IP network QoS inheritance  https://review.opendev.org/c/openstack/neutron/+/81779011:53
ralonsohslaweq, bcafarel https://review.opendev.org/c/openstack/neutron/+/82475211:56
ralonsohif you have a couple of mins11:57
ralonsohlajoskatona, ^^ 11:57
ralonsohthanks in advance11:57
ykarelslaweq, ralonsoh lajoskatona when you get chance please check https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82664711:57
ykarelshould help in other tempest-plugin patches11:57
ykarelthanks in advance11:57
bcafarelralonsoh: sure12:18
lajoskatonawill check these (I have chain downstream meetings..... :/)12:27
ralonsohno rush at all12:33
gibilajoskatona: heavy chains indeed :)12:33
opendevreviewLajos Katona proposed openstack/tap-as-a-service master: WIP: Make ovs-taas start in VLAN only env  https://review.opendev.org/c/openstack/tap-as-a-service/+/81744912:39
opendevreviewElvira García Ruiz proposed openstack/neutron master: [OVN] Fix overlapping security group objects not correctly applied  https://review.opendev.org/c/openstack/neutron/+/82209612:52
opendevreviewElvira García Ruiz proposed openstack/neutron master: [OVN] Fix overlapping security group objects not correctly applied  https://review.opendev.org/c/openstack/neutron/+/82209613:24
*** dasm|off is now known as dasm13:30
*** dasm is now known as dasm|rover13:31
lajoskatona#startmeeting neutron_drivers14:00
opendevmeetMeeting started Fri Jan 28 14:00:35 2022 UTC and is due to finish in 60 minutes.  The chair is lajoskatona. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'neutron_drivers'14:00
lajoskatonaHi14:00
mlavalleo/14:00
ralonsohhello14:00
slaweqhi14:00
yamamotohi14:01
obondarev_hi14:01
lajoskatonaHi yamamoto14:01
lajoskatonaOk, let's start14:02
lajoskatonaWe have no RFE for today, but 2 topics in the "on demand agenda"14:02
lajoskatona1 from me, and it is to go back to the question of neutron-fwaas maintenance14:02
lajoskatonasee discussion on #openstack-tc with gmann: https://meetings.opendev.org/irclogs/%23openstack-tc/%23openstack-tc.2022-01-24.log.html14:03
lajoskatonaTC would like to make simpler to have maintainers for fwaas (anything) if I understand well, and to avoid project renaming where possible14:04
lajoskatonaso the question is if Inspur can keep maintaining / developing current fwaas repo in openstack/neutron-fwaas14:04
mlavallewhy don't we go to my original proposal  in December to Inspur?14:05
mlavallewe can have them go though the process of formally rehabilitating the project in the stadium and we have the tamplates to guide us?14:05
slaweqmlavalle: can You remind what was it exactly?14:05
mlavalleI proposed using the template to evaluate stadium projects14:06
lajoskatonaperhaps this was it: http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026425.html14:06
lajoskatonaI mean the mail14:06
lajoskatonamore likely this mail: http://lists.openstack.org/pipermail/openstack-discuss/2021-December/026442.html sorry14:07
mlavalleyes the latter one14:07
lajoskatonathanks mlavalle14:08
mlavallethey already agreed to follow that path14:08
opendevreviewMerged openstack/neutron-lib stable/train: Enforce policy for qos_policy_id attribute  https://review.opendev.org/c/openstack/neutron-lib/+/82622514:08
obondarev_does it contradict with what gmann suggested?14:08
mlavalleand if we follow that process, it will alleviate the concern of adding more workload to the core team, because there will be commitments on th side of Inspur14:09
lajoskatonamlavalle: yes, I think this can work14:09
slaweq++ for that if it will be better to have it in stadium again, instead of moving it to x/14:10
obondarev_+114:10
lajoskatonaIf there is no activity we have still the option to stop fwaas maintenance again14:10
mlavalleobondarev_: a little bit, but I think that Inspur, if they really want to maintain the project, should have some skin in the game14:10
slaweqand regarding question about if we want to have it in stadium or not: I personally am fine with having it in stadium if the inspur team will maintain it14:10
lajoskatona+114:11
mlavalleyeah, as long as we have a commitment14:11
mlavallefrom Inspur14:11
slaweqwe can make some of their developers cores in the neutron-fwaas repo even so we will not need to do a lot there hopefully14:11
ralonsohone question: being in stadium means releasing every cycle, right?14:11
mlavalleand we formalize that commitment in a doc14:11
ralonsoh(a part from other requirements)14:11
slaweqralonsoh: usually yes, but that generally depends on the release model for the project IIIUC14:11
mlavalleralonsoh: yes14:12
ralonsohthanks14:12
ralonsohso +1 from me, good to see people collaborating on Neutron orbit14:12
mlavalleand I think Inspur will have a better offering to their customers. They now can claim that the new FWaaS has the official recornition of being in the Stadium14:13
lajoskatona+1 from me also14:13
mlavallethey can claim that Saint Lajos has annointed the project :-)14:14
lajoskatona:-)14:14
lajoskatonanot me but the team14:14
slaweq+1 from me too14:14
obondarev_+114:15
mlavalle+114:15
yamamoto+114:15
lajoskatonabut I can send the mail about it, so my stamp will be on top ;)14:15
mlavallecool14:15
mlavalleyou got the idea14:15
lajoskatonaok, next topic is from slaweq: https://bugs.launchpad.net/neutron/+bug/195933214:17
slaweqthx lajoskatona 14:17
slaweqeverything is already described in the bug description14:17
slaweqbut I will quickly explain here too14:17
slaweqbasically, with new rbac policies and scopes enforcement, project_admin user can access everything but from one project only14:18
slaweqthere is no "super user" who can access everything14:18
slaweqso basically there is no user which can do "openstack port list" and see ports used as router external gateway14:18
slaweqwith old defaults, project admin (admin) can see all resources so also such ports14:19
slaweqIf we look at code https://github.com/openstack/neutron/blob/d0fd4aa30adc883971bd4d87e0540523bded7a38/neutron/db/l3_db.py#L337 - it is done intentionally that this port don't belongs to any project14:19
ralonsohI was looking for this14:20
slaweqand now the question is - if we want to have those ports visible in api somehow, and if yes, how to solve it :)14:20
ralonsohwhy is that? 14:20
slaweqwhy is what ralonsoh ?14:20
ralonsohto let the port without project14:20
ralonsohthe GW port14:20
slaweqAccording to the comment there, to not expose such ports for regular users14:20
ralonsohthis is not a good reason with RBACs in place now14:21
slaweqwe could probably change it to belong to tenant and add policy rule so such ports would be available only for admin users14:21
lajoskatonawith new RBAC model whose project_id should be there?14:21
ralonsohfor project admin/users yes14:22
slaweqlajoskatona: IMO it should be same owner as of router14:22
mlavalleyeah I think so14:22
lajoskatonaok14:22
ralonsohI agree with the second alternative you propose: to assign the project ID14:22
mlavalleme too14:22
ralonsohmatching the router project ID14:22
mlavalleis the cleanest14:22
ralonsoh(of course, for sure that will have a ton of issue will see later)14:22
obondarev_yeah, the one without "hardcode" word in description :)14:23
slaweqand new policy rule to make such ports available only for the PROJECT_ADMIN by default, right?14:23
lajoskatonathat's sounds reasonable14:23
ralonsohyes14:23
slaweqso operator will even be able to modify it if will want to expose such ports to users14:23
mlavalleyeah, but that's probably the shake up that needs to happen as a consequence of implementing the new RBAC model OpenStack wide14:23
slaweqsounds like step in good direction with new rbac14:23
slaweqmlavalle: I think that there will be many such shake ups there :)14:24
slaweqthis is really huge change14:24
mlavalleyeap, me too14:24
slaweqok, thx for Your opinions on this14:25
slaweqI think I know what to do now14:25
mlavallebtw, I think that we should not only fix this in Neutron, but also we should share the "incident" with the new RBAC czars leading this at the OpenStack weide level14:25
slaweqso I will summarize this discussion in the Launchpad and will propose some patch14:25
mlavallethey should see the consequences of their decisions14:25
mlavallemaybe there is a learning in this for them too14:26
slaweqmlavalle: sure, I will add people responsible by RBAC to the review of that patch and will explain it to them14:26
mlavallethey might even have suggestions based on the impact they've seen in other projects14:27
slaweqTBH I don't think so - this is probably something specific to neutron that resource which normally belongs to the project, don't belong to any project in some case14:28
lajoskatonaI see long discussions again for the PTG :-)14:28
mlavallelol14:28
slaweqand it sounds for me like "hack/workaround" on our side :)14:28
mlavallecool14:28
slaweqthx for Your feedback and suggestions on this14:28
slaweqthat was all from me14:29
lajoskatonathanks for bringing it here and taking care of it14:29
mlavallethanks for bringing this up14:29
lajoskatonaIf there's nothing more, we can close the meeting for today14:30
slaweq++14:30
mlavallenothing else from me14:30
lajoskatona#endmeeting14:30
opendevmeetMeeting ended Fri Jan 28 14:30:45 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:30
opendevmeetMinutes:        https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.html14:30
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.txt14:30
opendevmeetLog:            https://meetings.opendev.org/meetings/neutron_drivers/2022/neutron_drivers.2022-01-28-14.00.log.html14:30
mlavalleo/14:30
lajoskatonao/14:30
ralonsohbye14:30
mlavallehave a nice weekend14:30
obondarev_o/14:30
slaweqhave a great weekend!14:30
slaweqo/14:30
yamamotogood night14:30
lajoskatonaThanks, have a nice weekend!14:31
opendevreviewSlawek Kaplonski proposed openstack/ovn-octavia-provider master: Fix finding logical router of the logical switch  https://review.opendev.org/c/openstack/ovn-octavia-provider/+/82689614:58
opendevreviewMerged openstack/neutron master: Ensure subports status is aligned with parent port  https://review.opendev.org/c/openstack/neutron/+/82437815:11
opendevreviewMerged openstack/neutron-tempest-plugin master: Update irrelevant-files for scenario jobs  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82664715:12
opendevreviewMerged openstack/neutron-tempest-plugin master: Add local ip scenario tests  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82300715:12
opendevreviewMerged openstack/neutron master: Add "bound_drivers" information to port "vif_details"  https://review.opendev.org/c/openstack/neutron/+/82651215:13
opendevreviewMerged openstack/neutron master: Fix reference before assignment error in the dhcp_rpc module  https://review.opendev.org/c/openstack/neutron/+/82644915:15
*** ykarel_ is now known as ykarel15:54
opendevreviewLucas Alvares Gomes proposed openstack/neutron master: [OVN] Migrate "reside-on-redirect-chassis" for distributed FIP  https://review.opendev.org/c/openstack/neutron/+/82691216:09
opendevreviewLuis Tomas Bolivar proposed openstack/neutron stable/xena: Ensure subports status is aligned with parent port  https://review.opendev.org/c/openstack/neutron/+/82684316:43
opendevreviewLuis Tomas Bolivar proposed openstack/neutron stable/wallaby: Ensure subports status is aligned with parent port  https://review.opendev.org/c/openstack/neutron/+/82691916:51
opendevreviewMerged openstack/neutron master: [OVN] Fix overlapping security group objects not correctly applied  https://review.opendev.org/c/openstack/neutron/+/82209617:33
opendevreviewFrode Nordahl proposed openstack/neutron master: [OVN] Extend port binding parameter validation  https://review.opendev.org/c/openstack/neutron/+/81842017:55
opendevreviewFrode Nordahl proposed openstack/neutron master: WIP ovn: Off-path SmartNIC DPU Port Binding with OVN  https://review.opendev.org/c/openstack/neutron/+/80896117:55
opendevreviewMerged openstack/neutron master: Reduce iptables version check from 1.6.2 to 1.6.0  https://review.opendev.org/c/openstack/neutron/+/82256220:24
*** dasm|rover is now known as dasm|off21:47
opendevreviewMerged openstack/neutron stable/ussuri: Properly clean up ovn-northd in functional tests  https://review.opendev.org/c/openstack/neutron/+/82572523:51
opendevreviewMerged openstack/neutron-tempest-plugin master: Use random policy names in test_qos and test_qos_negative  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82687123:51
opendevreviewMerged openstack/neutron-tempest-plugin master: Use random name in qos test_list_policy_filter_by_name  https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/82682723:52
opendevreviewMerged openstack/neutron master: Add diff log on mech_logger  https://review.opendev.org/c/openstack/neutron/+/82627523:52
« Thursday, 2022-01-27 Index Saturday, 2022-01-29 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!