| opendevreview | Miguel Lavalle proposed openstack/neutron master: [WIP][DNM][OVN] Change the default firewall policy https://review.opendev.org/c/openstack/neutron/+/839066 | 00:10 |
|---|---|---|
| opendevreview | Merged openstack/neutron-lib master: api-ref: Add dragent scheduler api-ref https://review.opendev.org/c/openstack/neutron-lib/+/870582 | 00:59 |
| opendevreview | Merged openstack/neutron-tempest-plugin master: Pin neutron-tempest-plugin for stable/wallaby jobs https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/871793 | 01:09 |
| opendevreview | Merged openstack/neutron master: Fix get_link_devices() with index argument https://review.opendev.org/c/openstack/neutron/+/820484 | 01:52 |
| opendevreview | liuyulong proposed openstack/neutron master: Notify neutron-server ovs is restarted https://review.opendev.org/c/openstack/neutron/+/872265 | 04:47 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN] Implementation of OVN Neutron Agent https://review.opendev.org/c/openstack/neutron/+/870024 | 07:34 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN] New OVN Neutron Agent extension: QoS for HWOL https://review.opendev.org/c/openstack/neutron/+/870115 | 07:34 |
| ralonsoh | ^^^ hi folks, please check these patches | 07:34 |
| ralonsoh | I needed to rebase (again) on top of master | 07:34 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: Add tox Python3.11 job to the testing queues https://review.opendev.org/c/openstack/neutron/+/869196 | 07:40 |
| ralonsoh | hi folks, please check the following patches | 08:04 |
| ralonsoh | https://review.opendev.org/c/openstack/neutron-lib/+/872272 | 08:04 |
| ralonsoh | https://review.opendev.org/c/openstack/neutron/+/872271 | 08:04 |
| ralonsoh | https://review.opendev.org/c/openstack/neutron/+/744512 | 08:04 |
| ralonsoh | https://review.opendev.org/c/openstack/neutron/+/869196 | 08:04 |
| ralonsoh | thanks in advance | 08:04 |
| lajoskatona | ralonsoh: Hi, these are for sqlalchemy 2, am I right? | 08:07 |
| ralonsoh | execept for the last one, yes | 08:07 |
| opendevreview | Rodolfo Alonso proposed openstack/ovsdbapp master: Accept HA chassis group commands in HAChassisGroupAdd* https://review.opendev.org/c/openstack/ovsdbapp/+/871836 | 08:11 |
| opendevreview | Lajos Katona proposed openstack/neutron-dynamic-routing master: Use SLQAlchemy ORM "relationship" instead of "relation" https://review.opendev.org/c/openstack/neutron-dynamic-routing/+/872384 | 08:15 |
| lajoskatona | ralonsoh: when we change to sqlalchemy2, when we start Bobcat? I checked a few stadiums yesterday and I think on adding a job like you prepared for Neutron | 08:19 |
| ralonsoh | lajoskatona, do you mean the sqlalchemy-master one? | 08:20 |
| ralonsoh | this is a good idea, I think so | 08:20 |
| ralonsoh | I don't know when we are bumping this version | 08:20 |
| ralonsoh | lajoskatona, check the patch CI status: https://review.opendev.org/c/openstack/requirements/+/872065 | 08:21 |
| lajoskatona | ok, anyway I check what kind of job we can have with sqlalchemy-master | 08:21 |
| ralonsoh | most of the projects are breaking | 08:21 |
| sahid | o/ regarding rbacs performance and sqlalchemy, this one is relativly small and safe, and can improve greatly performance of 'network list' on some deployment | 08:27 |
| sahid | https://review.opendev.org/c/openstack/neutron/+/871113 | 08:27 |
| sahid | is basically add a filter on networks.project, instead of having the filter only on networkrbacs.project | 08:28 |
| ralonsoh | this patch is not safe and not tested aenough | 08:28 |
| ralonsoh | I'll check it today but this is not the way | 08:29 |
| ralonsoh | there is another patch related to this bug | 08:29 |
| sahid | since we usually have more entries for networkrbacs than for networks, this can help the filtering | 08:29 |
| sahid | ralonsoh: yes i have noticed the other patch, this one is complementary in all cases, as it is relativly small and safe i guess it would be good to have it | 08:30 |
| ralonsoh | why safe? because is small? | 08:30 |
| ralonsoh | you are introducing a new condition in a sql query | 08:30 |
| ralonsoh | and it is not tested | 08:30 |
| sahid | because it does not change anything, and add the same kind of condition, we filter per rbacs.project, now we also filter per networks.project as-well would say we limit the issues | 08:31 |
| sahid | ralonsoh: what do you mean per "it is not tested?" | 08:32 |
| ralonsoh | what new functional tests, using the database engine, are you implementing in this patch to actually test it? | 08:32 |
| opendevreview | Elvira García Ruiz proposed openstack/neutron master: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/871096 | 08:33 |
| sahid | this is used for openstack network list, it's all already tested | 08:33 |
| sahid | we can notice that the change does not break any of our tests | 08:33 |
| sahid | besides that i understand your concerns, i'm sharing the same for the big one that completly rework the system. It's also why i wanted to work incrementally and trying fixing issues one per one | 08:39 |
| ralonsoh | sahid, https://review.opendev.org/c/openstack/neutron/+/871113/comments/f0252492_e1dd7af1 | 08:41 |
| sahid | ralonsoh: so you had a look on it... ;) | 08:44 |
| sahid | ahah, cool thank you I will see how I can address the test that you are looking for | 08:44 |
| ralonsoh | elvira, hi! qq about https://review.opendev.org/c/openstack/neutron/+/871096/15/neutron/services/logapi/drivers/ovn/driver.py#184 | 08:54 |
| ralonsoh | in this line you are removing the ACL record, right? | 08:54 |
| ralonsoh | no, only the "options" column value | 08:55 |
| lajoskatona | ralonsoh: just to have quick feedback I pushed this dnm: https://review.opendev.org/c/openstack/requirements/+/872386 , but I check how to best add the sqlalachemy master job for example to these stadiums | 08:57 |
| ralonsoh | lajoskatona, we can have periodic jobs related to those repos | 08:58 |
| lajoskatona | ralonsoh: exactly, I see that as the best as usually few patches are for them | 08:58 |
| ralonsoh | will you propose the patches for these projects? | 08:59 |
| lajoskatona | ralonsoh: yes, I started to prepared them | 09:13 |
| ralonsoh | thanks a lot | 09:13 |
| opendevreview | Tobias Urdin proposed openstack/neutron-lib master: Use new get_rpc_client API from oslo.messaging https://review.opendev.org/c/openstack/neutron-lib/+/871155 | 09:24 |
| opendevreview | Rodolfo Alonso proposed openstack/ovsdbapp master: Accept HA chassis group commands in HAChassisGroupAdd* https://review.opendev.org/c/openstack/ovsdbapp/+/871836 | 09:51 |
| opendevreview | Rodolfo Alonso proposed openstack/os-vif master: Implement "BaseCommand" result property https://review.opendev.org/c/openstack/os-vif/+/872391 | 09:53 |
| opendevreview | Tom Weininger proposed openstack/ovn-octavia-provider master: Replace python-neutronclient with openstacksdk https://review.opendev.org/c/openstack/ovn-octavia-provider/+/870514 | 10:01 |
| opendevreview | Tom Weininger proposed openstack/ovn-octavia-provider master: Replace python-neutronclient with openstacksdk https://review.opendev.org/c/openstack/ovn-octavia-provider/+/870514 | 10:08 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [Secure RBAC] Add shared_qos_policy rule https://review.opendev.org/c/openstack/neutron/+/872396 | 10:26 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [Secure RBAC] Add shared_qos_policy rule https://review.opendev.org/c/openstack/neutron/+/872396 | 10:29 |
| opendevreview | Merged openstack/neutron master: Use SLQAlchemy ORM "relationship" instead of "relation" https://review.opendev.org/c/openstack/neutron/+/872271 | 10:31 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [Secure RBAC] Add shared_security_groups rule https://review.opendev.org/c/openstack/neutron/+/872397 | 10:50 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [Secure RBAC] Allow network owner to delete ports plugged to the network https://review.opendev.org/c/openstack/neutron/+/872280 | 10:54 |
| slaweq | ralonsoh amotoki hi, I'm checking https://bugs.launchpad.net/neutron/+bug/2004017 and I'm confused now | 11:02 |
| slaweq | should flavors belong to project? | 11:03 |
| ralonsoh | slaweq, let me check | 11:03 |
| slaweq | in api-ref I don't see project_id: https://docs.openstack.org/api-ref/network/v2/index.html?expanded=create-flavor-detail#create-flavor | 11:03 |
| slaweq | in db there is also no project/tenant-id field: | 11:03 |
| slaweq | mysql> select * from flavors;... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/VGRRHEIqotYFpUmVelIhQENW>) | 11:04 |
| slaweq | but in the API definition it is added: https://github.com/openstack/neutron-lib/blob/master/neutron_lib/api/definitions/flavors.py#L50 | 11:04 |
| slaweq | so I'm not sure if flavors should have owner or not | 11:04 |
| slaweq | IMHO it doesn't makes sense to have owner of the flavor but maybe I'm missing something | 11:05 |
| ralonsoh | slaweq, no, I don't see anything in the code nor in the documentation that assigns flavors to project | 11:06 |
| ralonsoh | this is an independent resource | 11:06 |
| slaweq | ok, so I will modify S-RBAC policy for flavors | 11:07 |
| slaweq | and I will also propose patch to remove tenant_id field from the api definition | 11:07 |
| slaweq | ok for You? | 11:07 |
| ralonsoh | sure | 11:07 |
| slaweq | ++ | 11:07 |
| slaweq | thx for confirmation | 11:07 |
| ralonsoh | slaweq, one sec | 11:07 |
| ralonsoh | "Creation currently limited to administrators. Other users will receive a Forbidden 403 response code with a response body NeutronError message expressing that creation is disallowed by policy." | 11:08 |
| ralonsoh | from the documentation | 11:08 |
| slaweq | yes, create is for ADMIN only, that's ok | 11:08 |
| ralonsoh | ok, just to let you know | 11:08 |
| slaweq | and that don't requires owner field | 11:08 |
| ralonsoh | nope | 11:09 |
| slaweq | it's just that it should be visible for everyone, no matter which project it is | 11:09 |
| opendevreview | Bodo Petermann proposed openstack/neutron-vpnaas master: VPNaaS support for OVN https://review.opendev.org/c/openstack/neutron-vpnaas/+/765353 | 11:10 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron master: [Secure RBAC] Fix policy to get flavors https://review.opendev.org/c/openstack/neutron/+/872400 | 11:24 |
| opendevreview | Merged openstack/neutron-lib master: [sqlalchemy-20] Use ``Session.get_transaction()`` https://review.opendev.org/c/openstack/neutron-lib/+/872272 | 11:34 |
| ralonsoh | slaweq, lucasagomes mlavalle folks, I rebased (again) the OVN monitor patches | 11:37 |
| ralonsoh | https://review.opendev.org/q/topic:bug/1998608+status:open | 11:37 |
| ralonsoh | can you review them again? | 11:38 |
| ralonsoh | another patch was merged and there was a small merge conflict | 11:38 |
| lucasagomes | ralonsoh, yes, will take a look | 11:38 |
| ralonsoh | thanks! | 11:39 |
| amotoki | slaweq: ralonsoh: I followed your discussion on flavors and agree with you. flavor does not belong to a specific tenant. | 11:40 |
| slaweq | ralonsoh it seems that this project_id field in api definition for flavors is somehow needed as without that api tests are failing so I will not touch it now | 11:41 |
| slaweq | but it's not needed in policy for sure | 11:41 |
| amotoki | In the old policy, the policy for get_flavor was "Any" which means flavors are visible to all authenticated users. I believe this is the design intention. | 11:41 |
| amotoki | I checked the initial implementation. tenant_id was added to the API definition without any discussion when updating the change. I guess there was some limitation in the API layer to make it work and it was a workaround. | 11:41 |
| slaweq | amotoki thx for confirmation | 11:41 |
| slaweq | yeah, I think so too | 11:42 |
| slaweq | so we will be good with small adjustment to the API policy for get_flavor only :) | 11:42 |
| slaweq | amotoki++ ralonsoh++ | 11:42 |
| slaweq | thx for help | 11:42 |
| amotoki | slaweq: thanks | 11:43 |
| opendevreview | Slawek Kaplonski proposed openstack/neutron-tempest-plugin master: DNM Lets test our API tests with enforced new RBAC policies https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/867518 | 11:45 |
| slaweq | ralonsoh amotoki ok, now https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/867518 runs on top of all my S-RBAC fixes, lets see if that will make jobs to be green :) | 11:46 |
| ralonsoh | thanks | 11:46 |
| slaweq | if yes, You will have list of patches to review :) | 11:47 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: Improve "sync_ha_chassis_group" method https://review.opendev.org/c/openstack/neutron/+/872023 | 12:03 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: WIP - Add ``OVNGatewayHAChassisGroup`` scheduler class https://review.opendev.org/c/openstack/neutron/+/872033 | 12:03 |
| opendevreview | Elvira García Ruiz proposed openstack/neutron stable/zed: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/872303 | 13:05 |
| opendevreview | Elvira García Ruiz proposed openstack/neutron stable/yoga: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/872304 | 13:06 |
| opendevreview | Elvira García Ruiz proposed openstack/neutron stable/xena: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/872305 | 13:06 |
| opendevreview | Elvira García Ruiz proposed openstack/neutron stable/wallaby: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/872306 | 13:07 |
| opendevreview | Lajos Katona proposed openstack/networking-bagpipe master: CI: Add periodic weekly job with sqlalchemy master https://review.opendev.org/c/openstack/networking-bagpipe/+/872408 | 13:32 |
| opendevreview | Luis Tomas Bolivar proposed openstack/ovn-octavia-provider master: Remove LB from LS belonging to provider networks https://review.opendev.org/c/openstack/ovn-octavia-provider/+/871263 | 13:33 |
| opendevreview | Lajos Katona proposed openstack/networking-bgpvpn master: CI: add oslo_master and sqlalchemy to periodic weekly https://review.opendev.org/c/openstack/networking-bgpvpn/+/861960 | 13:33 |
| *** dasm|off is now known as dasm | 13:44 | |
| slaweq | ralonsoh good news, all api tests are green on the test patch https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/867518 now :) | 13:51 |
| lajoskatona | slaweq: \o/ good job :-) | 13:55 |
| ralonsoh | slaweq, perfect! I'll review the patches now | 14:00 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: Propose replacement of ORM from_self() https://review.opendev.org/c/openstack/neutron/+/744512 | 14:30 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: [OVN] Implementation of OVN Neutron Agent https://review.opendev.org/c/openstack/neutron/+/870024 | 14:37 |
| mlavalle | ralonsoh: of course. I'll review them again | 14:38 |
| ralonsoh | mlavalle, thanks a lot | 14:38 |
| opendevreview | Merged openstack/neutron master: ovn-migration: Stop neutron server while running db sync https://review.opendev.org/c/openstack/neutron/+/871004 | 14:48 |
| opendevreview | Lajos Katona proposed openstack/networking-odl master: CI: Add periodic weekly job with sqlalchemy master https://review.opendev.org/c/openstack/networking-odl/+/872416 | 15:00 |
| ralonsoh | slaweq, all patches reviewed (and approved all) | 15:03 |
| *** ksambor is now known as NICK-afk | 16:08 | |
| slaweq | ralonsoh++ lajoskatona++ thx a lot | 16:15 |
| opendevreview | Rodolfo Alonso proposed openstack/neutron master: Add CI jobs using SQLAlchemy master branch https://review.opendev.org/c/openstack/neutron/+/872273 | 16:31 |
| *** rpittau is now known as elfosardo | 16:34 | |
| *** elfosardo is now known as rpittau | 16:43 | |
| gmann | slaweq: hi, do you have couple of min to discuss RBAC defaults things? | 17:18 |
| gmann | we can discuss tomorrow also if its late for you | 17:18 |
| ralonsoh | gmann, I think he is offline now. BTW, he has pushed some patches to fix the Neutron code | 17:21 |
| ralonsoh | there is a testing patch: https://review.opendev.org/c/openstack/neutron-tempest-plugin/+/867518 | 17:21 |
| gmann | ralonsoh: perfect, I will check those, thanks | 17:22 |
| *** cgoncalves_ is now known as cgoncalves | 17:58 | |
| *** gibi is now known as gibi_pto | 19:04 | |
| opendevreview | Merged openstack/neutron master: Improve message for subnet gateway out of host IP addresses range https://review.opendev.org/c/openstack/neutron/+/872219 | 21:44 |
| opendevreview | Merged openstack/neutron master: [OVN] Allow logging all traffic related to an ACL https://review.opendev.org/c/openstack/neutron/+/871096 | 21:44 |
| opendevreview | Merged openstack/neutron stable/victoria: Never raise an exception in notify() https://review.opendev.org/c/openstack/neutron/+/871988 | 21:44 |
| opendevreview | Merged openstack/neutron master: [Secure RBAC] Allow network owner to delete ports plugged to the network https://review.opendev.org/c/openstack/neutron/+/872280 | 21:44 |
| *** dasm is now known as dasm|off | 22:40 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!