Monday, 2019-07-29

« Sunday, 2019-07-28 Index Tuesday, 2019-07-30 »
*** brinzhang has joined #openstack-nova00:24
*** brinzhang has quit IRC00:32
*** brinzhang has joined #openstack-nova01:00
*** brinzhang has quit IRC01:05
*** igordc has quit IRC01:24
*** huaqiang has joined #openstack-nova01:55
*** tetsuro has joined #openstack-nova02:01
*** brinzhang has joined #openstack-nova02:08
*** brinzhang_ has joined #openstack-nova02:09
*** brinzhang_ has quit IRC02:10
*** brinzhang_ has joined #openstack-nova02:10
*** brinzhang_ has joined #openstack-nova02:12
*** brinzhang has quit IRC02:13
*** eharney has quit IRC02:23
*** markvoelker has joined #openstack-nova02:29
openstackgerritTakashi NATSUME proposed openstack/nova master: Retrun 400 if invalid query parameters are specified  https://review.opendev.org/67044002:36
openstackgerritTakashi NATSUME proposed openstack/nova master: Add a live migration regression test  https://review.opendev.org/64120002:37
openstackgerritTakashi NATSUME proposed openstack/nova master: Add database schema upgrade check  https://review.opendev.org/66704702:38
*** rcernin has quit IRC02:45
*** rcernin has joined #openstack-nova02:47
*** bhagyashris has joined #openstack-nova02:49
*** ricolin_ has joined #openstack-nova03:06
*** psachin has joined #openstack-nova03:31
*** psachin has quit IRC03:34
*** tetsuro has quit IRC03:37
*** psachin has joined #openstack-nova03:37
*** psachin has quit IRC03:55
*** udesale has joined #openstack-nova03:59
*** brinzhang has joined #openstack-nova04:04
*** tetsuro has joined #openstack-nova04:06
*** brinzhang_ has quit IRC04:07
alex_xusean-k-mooney: kashyap a question for https://review.opendev.org/#/c/670189/, whether we will break the guest if change the machine type after upgrade.04:21
*** Luzi has joined #openstack-nova05:06
*** brtknr has quit IRC05:17
*** brtknr has joined #openstack-nova05:19
*** whoami-rajat has joined #openstack-nova05:22
*** jaosorior has joined #openstack-nova05:26
*** tetsuro has quit IRC05:30
*** sridharg has joined #openstack-nova05:42
*** ratailor has joined #openstack-nova05:47
*** ratailor_ has joined #openstack-nova05:50
*** ratailor has quit IRC05:52
*** huaqiang has quit IRC06:00
*** mdbooth_ has joined #openstack-nova06:00
*** mdbooth has quit IRC06:03
*** takashin has quit IRC06:04
*** brinzhang_ has joined #openstack-nova06:16
*** brinzhang has quit IRC06:19
openstackgerritpengyuesheng proposed openstack/os-vif master: Bump the openstackdocstheme extension to 1.20  https://review.opendev.org/67285706:19
*** dpawlik has joined #openstack-nova06:27
*** brinzhang_ has quit IRC06:28
*** mkrai has joined #openstack-nova06:36
*** tetsuro has joined #openstack-nova06:38
*** maciejjozefczyk has joined #openstack-nova06:42
*** ttsiouts has joined #openstack-nova06:56
*** slaweq has joined #openstack-nova06:58
*** janki has joined #openstack-nova07:02
*** brinzhang has joined #openstack-nova07:05
*** tesseract has joined #openstack-nova07:08
*** rcernin has quit IRC07:11
*** rpittau|afk is now known as rpittau07:11
*** tssurya has joined #openstack-nova07:14
*** tetsuro has quit IRC07:17
*** bhagyashris has quit IRC07:19
*** ttsiouts has quit IRC07:25
*** pcaruana has joined #openstack-nova07:31
kashyapalex_xu: Morning, will check07:32
*** jchhatbar has joined #openstack-nova07:34
*** janki has quit IRC07:38
*** brault has joined #openstack-nova07:38
*** jangutter has joined #openstack-nova07:38
*** arxcruz|off is now known as arxcruz07:38
*** mdbooth has joined #openstack-nova07:39
*** mdbooth_ has quit IRC07:41
kashyapalex_xu: On that machine type question for Windows --07:43
kashyapalex_xu: ... I don't quite parse your question.  The answer is "it depends"07:43
kashyapBecause, if the operator knowingly updated the machine type, then there won't be any problems.  But if their Windows+App was running 'pc' and was "suddenly" changed to 'q35', then there _might_ be issues depending on what the application expects07:44
*** tetsuro has joined #openstack-nova07:45
alex_xukashyap: sorry, I didn't describe clearly07:46
alex_xukashyap: with that patch, we changed the machine_type from q35 to pc for the compute node didn't set any machine type explicitly07:46
*** jchhatbar has quit IRC07:46
kashyapalex_xu: You changed it in nova.conf, and then stop + started the windows guest?07:48
alex_xukashyap: emm...I thougth the windows guest os will complain for the license. Do you mean the APP in the guest windows os depending on the machine type?07:48
alex_xukashyap: yes07:48
kashyapalex_xu: Hmm, let me check with another QEMU guy07:49
*** tetsuro has quit IRC07:50
*** jchhatbar has joined #openstack-nova07:50
*** lpetrut has joined #openstack-nova07:51
alex_xukashyap: sorry, I mean no value for CONF.libvirt.machine_type. In S release, it is pc. But we changed the default machine type in the code for T release, after upgrade, a stop/start will change the instance to q35 machine type.07:53
openstackgerritLee Yarwood proposed openstack/nova master: DNM - Verify NOVA_USE_SERVICE_TOKEN=True in the Nova gate  https://review.opendev.org/67322707:54
kashyapalex_xu: Isn't your question same as: if you boot a hard disk with Windows from PC1 to PC2, will it boot? :-)07:55
kashyapalex_xu: And did the instance boot or not, in your test?07:55
alex_xukashyap: yes, i think so07:55
kashyapalex_xu: Then, isn't it a question for Microsoft? :-)07:56
alex_xuhah07:56
*** bhagyashris has joined #openstack-nova07:56
*** ttsiouts has joined #openstack-nova07:57
*** ircuser-1 has joined #openstack-nova07:57
kashyapalex_xu: https://support.microsoft.com/en-us/help/20530/windows-10-reactivating-after-hardware-change07:57
kashyapSo:07:58
kashyap[quote]07:58
kashyapWhen installing Windows 10, the digital license associates itself with your device's hardware. If you make significant hardware changes on your device, such as replacing your motherboard, Windows will no longer find a license that matches your device, and you’ll need to reactivate Windows to get it up and running.07:58
kashyap[/quote]07:58
kashyappeterx: So the answer is, yes, it will affect -- because changing machine type is similar to changing your motherboard07:59
alex_xukashyap: so I'm thinking whether we should have a release upgrade note for the operator running windows at least07:59
*** jaosorior has quit IRC07:59
alex_xuwarning them the machine type is changed, if you don't want get the trouble with that, update CONF.libvirt.machine_type to q35?08:00
kashyap"not trouble", but we should be explicit - that you might have to reactivate licensing keys08:00
kashyapalex_xu: You say "we" changed default machine type in the code for T release -- do you mean Intel's own OpenStack variant?08:02
kashyapOr by "we" are you referring to upstream?08:02
openstackgerritLee Yarwood proposed openstack/nova master: Get rid of args to RBDDriver.__init__()  https://review.opendev.org/66856408:02
alex_xukashyap: referring to upstream08:02
alex_xuintel don't have oepnstack variant08:02
kashyapalex_xu: No, we didn't change upstream machine type - what makes you say so?08:02
kashyapalex_xu: In that patch, for x86|i386 it is still 'pc' -- https://review.opendev.org/#/c/670189/14/nova/virt/libvirt/utils.py08:03
alex_xukashyap: sorry, no the upstream, the patch https://review.opendev.org/670189 changed08:03
kashyapalex_xu: Which exactly line are you referring to?08:03
kashyapalex_xu: Ah, hang on.08:04
kashyapThat patch was fixing a bad assumption08:04
alex_xukashyap: https://review.opendev.org/#/c/670189/14/nova/virt/libvirt/host.py@74508:05
kashyapalex_xu: The second point in the commit message only says, there is an "initiative to update to q35", but that has _not_ landed yet (not even the spec)08:05
alex_xuemm...08:05
openstackgerritLee Yarwood proposed openstack/nova master: libvirt: Remove native LUKS compat code  https://review.opendev.org/66912108:05
kashyapalex_xu: That line (745) was only removing an assumption.  It is not changing anything.08:06
alex_xuah....08:06
kashyapaspiers: When you're about, some discussion in the scrollback on that harden getDomainCapabilities() patch.08:06
openstackgerritLee Yarwood proposed openstack/nova stable/queens: libvirt: flatten rbd images when unshelving an instance  https://review.opendev.org/66812308:07
openstackgerritLee Yarwood proposed openstack/nova stable/queens: DNM - Test rbd unshelve fix on stable queens  https://review.opendev.org/66814208:07
*** ralonsoh has joined #openstack-nova08:08
tssuryabrinzhang: I have a question regarding the -1 you have https://review.opendev.org/#/c/666792/ and https://review.opendev.org/#/c/645611/, please reply whenever you have time08:08
alex_xukashyap: ah, I know where I missunderstand now08:09
*** aojea has joined #openstack-nova08:10
kashyap:-)08:10
kashyapalex_xu: And for the record, ignore my (and yours?) "we should be explicit" on the warning about license keys -- no warning is required in this case :-)08:11
alex_xuyes, nothing required08:12
kashyapalex_xu: I added a summary of our discussion here, let me know if that looks good: https://review.opendev.org/#/c/670189/1408:14
alex_xuthanks08:14
*** ivve has joined #openstack-nova08:15
*** aojea has quit IRC08:17
brinzhangtssurya: about https://review.opendev.org/#/c/666792/, beacuse of the power-update not support for the nova CLI, I donot understand why need to add this change.08:18
brinzhangtssurya: Even if you don't add 2.75 microversion, will it affect the functionality of novaclient?08:18
tssuryabrinzhang: if I don't update the client version, I cannot use the server side changes08:19
tssuryathat08:19
tssuryais why we update08:19
brinzhangIf it's true, I think my understanding is biased, I will remove that -1. thanks08:19
tssuryaalso as you can see here: https://review.opendev.org/#/c/666792/3/novaclient/tests/unit/v2/test_shell.py@4278 , this is why we add "2.75" to the list of versions that do not need change on the client side08:20
tssuryathat is also why we have no tests08:20
tssuryabrinzhang: thanks , next time you have a question feel free to just ask without having to give a vote :)08:20
brinzhangYeah, because of on weekends, so... I will care :P08:21
brinzhangtssurya: If we not add this change, it will be raise 404? or anonther?08:24
tssuryabrinzhang: https://docs.openstack.org/python-novaclient/latest/contributor/microversions.html08:27
tssuryain my particular case (https://review.opendev.org/#/c/645611/9/nova/api/openstack/compute/server_external_events.py@72) its a schema invalidation so yes a 40408:29
tssuryabut the main point is to bump the versions serially, like we shouldn't be doing 2.76 and just leave 2.75 on the client because it doesn't have any "code changes"08:30
*** tkajinam has quit IRC08:30
tssurya^ its mentioned in the docs08:30
*** avolkov has joined #openstack-nova08:31
brinzhangYeah, I know this, I think it will be raise 406.08:31
brinzhang{08:32
brinzhang"computeFault":{08:32
brinzhang"message": "Version 2.78 is not supported by the API. Minimum is 2.1 and maximum is 2.76.",08:32
brinzhang"code": 40608:32
brinzhang}08:32
brinzhang}08:32
kashyapalex_xu: Thank you for ACKing, much appreciated.08:32
tssuryabrinzhang: no the server supports 2.75, we are trying to make the client support it as well08:33
*** kdean has quit IRC08:33
*** brtknr has quit IRC08:33
kashyapstephenfin: Hi, when you're about, can you please have a gander at this: https://review.opendev.org/#/c/670189/ (libvirt: harden Host.get_domain_capabilities())08:33
kashyapstephenfin: Already has +2 from Alex.  And it's useful for two features, one for SEV, the other for the Secure Boot thing08:34
*** brtknr has joined #openstack-nova08:35
*** tetsuro has joined #openstack-nova08:43
alex_xukashyap: np08:44
*** janki has joined #openstack-nova08:45
*** jchhatbar has quit IRC08:45
*** mkrai has quit IRC08:46
*** jaosorior has joined #openstack-nova08:46
*** panda has quit IRC08:47
*** tetsuro has quit IRC08:47
*** panda has joined #openstack-nova08:48
brinzhangtssurya: about https://review.opendev.org/#/c/645611/, replyed with comment.08:50
*** derekh has joined #openstack-nova08:53
*** lpetrut has quit IRC08:58
*** tesseract has quit IRC08:58
*** zhouyao has joined #openstack-nova09:06
*** mkrai has joined #openstack-nova09:07
*** jchhatbar has joined #openstack-nova09:10
*** janki has quit IRC09:10
*** ccamacho has joined #openstack-nova09:13
*** trident has quit IRC09:16
*** trident has joined #openstack-nova09:17
*** tesseract has joined #openstack-nova09:20
*** altlogbot_1 has quit IRC09:24
*** ksdean has joined #openstack-nova09:24
*** altlogbot_1 has joined #openstack-nova09:25
*** ricolin_ has quit IRC09:29
*** takashin has joined #openstack-nova09:34
*** takashin has left #openstack-nova09:36
*** cdent has joined #openstack-nova09:37
aspierskashyap: here09:44
kashyapaspiers: Hi, go straight to my update in the Gerrit change.09:44
kashyapaspiers: (Saves you time from reading IRC scrollback)09:45
aspiersOK09:45
aspierskashyap: not sure if there's a question for me? looks like it's all clarified?09:46
kashyapaspiers: Yeah, no more question.  Was more of an FYI09:48
aspierskashyap: OK thanks. BTW I need your review on https://review.opendev.org/#/c/673151/ more than anyone else's :)09:48
aspiersThat ties to the scrollback I wrote on Sat09:48
kashyapaspiers: Will do.  First trying to write some code to parse getDomainCapabilities() for 'efi' bits :D09:48
* kashyap just finished shaving this yak: https://bugzilla.redhat.com/show_bug.cgi?id=173394009:49
openstackbugzilla.redhat.com bug 1733940 in libvirt "getDomainCapabilities() does not report all available OVMF firmware binaries" [Unspecified,New] - Assigned to libvirt-maint09:49
kashyapaspiers: What scrollback from Sat?  I missed09:49
aspiershttp://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-07-27.log.html#t2019-07-27T18:15:1709:49
kashyapaspiers: BTW, funnily enough, I have a "vested interest" to review that patch.  Why?09:50
kashyapaspiers: ... I too have a need for domain capabilities for 'q35' for Secure Boot09:51
kashyap(Secure Boot for KVM/QEMU _mandates_ 'q35')09:51
kashyapaspiers: I will get to this interesting patch today.09:51
aspierskashyap: Yeah, this is not a huge coincidence, since SEV mandates UEFI via OVMF09:52
aspierslack of UEFI is probably why my SEV guests are currently unresponsive09:52
kashyapAh, I see09:53
kashyapaspiers: Aside, if you don't mind holding your nose: https://kashyapc.fedorapeople.org/Create-a-SecureBoot-enabled-VM.bash09:53
aspiersalthough it does not require secure boot AFAIK09:54
kashyapRight09:54
aspiersare there docs for UEFI boot in nova?09:54
kashyapAfraid, not much I guess09:54
openstackgerritDongcan Ye proposed openstack/nova master: Fix wrong huge pages in doc  https://review.opendev.org/67325209:54
* aspiers looks at https://blueprints.launchpad.net/nova/+spec/boot-from-uefi09:55
kashyapaspiers: Do you have a few more minutes to chat on a related topic?09:55
aspiersyes09:55
* kashyap types09:56
kashyapaspiers: So I need to parse that 'efi' bit on line-3: http://paste.openstack.org/show/755057/09:58
kashyapaspiers: I'm searching through the SEV series, to 'Depend On' a patch that parses surrounding bits from getDomainCapabilities()09:59
kashyapaspiers: Probably somewhere surrounding here?  https://review.opendev.org/#/c/640483/3/nova/virt/libvirt/config.py10:01
* aspiers is looking10:02
kashyap(After I add the config class LibvirtConfigDomainCapsFirmwareEFI() or something like that)10:02
*** bhagyashris has quit IRC10:02
openstackgerritLee Yarwood proposed openstack/nova master: Use os-brick locking for volume attach and detach  https://review.opendev.org/61419010:03
aspierskashyap: I don't think there is any unmerged patch you need to depend on10:03
aspierskashyap: that patch you linked was merged ages ago10:04
kashyapaspiers: Yep, just realized10:04
aspierskashyap: well, maybe https://review.opendev.org/#/c/673151/310:05
aspierswhich is the one I'm asking you to look at anyway :)10:06
kashyapaspiers: Yeah, I have it open, and have half read the commit message, while I got 3 pings :D10:06
aspiershacking on nova feels a bit like wandering around a vast desert, and the experience of randomly bumping into someone else in the same vicinity is equally surprising10:07
kashyapaspiers: Will spend time on it tooday, definitely10:07
aspierskashyap: just realised that maybe the subject of that commit is misleading10:07
aspiersit's enhancing the parsing of *capabilities* not domain caps10:08
aspiersthe change regarding domain caps is that getDomCaps API gets called more often as a result (for the canonical machine types in addition to the default machine type for the arch)10:08
kashyapaspiers: Hehe, mind you, we're in a mini desert in the "Cosmos of Nova" -- we're in HDD (Hypervisor Driver Desert)10:09
aspiersIf I change (only) a commit message and rebase the stuff on top, will Gerrit/Zuul re-run all the CI on an identical git tree?10:09
aspierstrue X-D10:09
kashyaplyarwood: --^10:10
kashyapaspiers: I _think_ rebase will re-run the entire world's CI :-(  But I have a faint voice in the head saying: "that has changed"10:10
aspiersI fear you might be right10:11
aspierskashyap: so are there *any* docs on how to do UEFI boot in nova?10:11
aspierskashyap: surely there must be another way to find out than reading merged gerrit patches10:11
aspierseven the release note is useless10:11
kashyapaspiers: Not that I know of.  I don't think not even in the config help text I guess.10:12
kashyapaspiers: Does this count?  -- https://opendev.org/openstack/nova-specs/src/branch/master/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.rst10:12
kashyap:D10:12
kashyapThe part in the "Problem description" can account for _some_ documentation.  /me ducks10:12
aspiershah10:14
aspiersfor SEV, I felt that if I didn't include insanely comprehensive docs with the patches, I would have no chance of getting it accepted10:14
aspiersmaybe that was a misperception10:14
aspiersbut I don't regret writing them, of course10:14
aspierskashyap: BTW http://specs.openstack.org/openstack/nova-specs/specs/train/approved/allow-secure-boot-for-qemu-kvm-guests.html is a nicer rendering of the same10:15
kashyapAh, thank you10:16
kashyapaspiers: On docs, don't worry -- if you've improved the 'void' (i.e. non-existent docs), then it definitely is worth accepting.10:17
kashyapI don't guess anyone would have the gall to "not accept" those.10:18
kashyap(Without a damn good reason)10:18
openstackgerritBrin Zhang proposed openstack/nova master: Add delete_on_termination to volume-attach API  https://review.opendev.org/67313310:18
aspierskashyap: hah, I know you weren't doing this, but given the effort I spent on them, if anyone described the docs I've submitted as "they improved the void", that would feel like a slap in the face X-D10:19
aspierskashyap: check out https://review.opendev.org/#/c/666616/22/doc/source/admin/configuration/hypervisor-kvm.rst10:19
aspiersand then press ']' twice for the other docs10:19
kashyapaspiers: Yeah, sorry, as you guessed - I didn't target that at you at all.  Was saying more in general10:19
kashyapIf anyone provides any docs that _improves_ the status quo, accept it, no ifs and buts.10:20
kashyapaspiers: Oh, the ']' trick, I didn't know; thanks!10:20
aspiersWell yeah, but if a new feature is submitted with sub-par docs, I'd argue that's *worsening* the docs10:20
aspierskashyap: press '?' for all shortcuts10:20
aspiersthey're almost all worth memorising10:21
kashyapaspiers: Yeah, fugreed.  BTW, excellent docs there, as usual: https://review.opendev.org/#/c/666616/22/doc/source/admin/configuration/hypervisor-kvm.rst10:21
kashyapaspiers: I say not many developers have the discipline to write solid docs.10:21
aspiersIt's a shame. It's not the most fun thing to do, but damn is it satisfying once they're done10:22
aspiersespecially when all the subsequent questions you get can be answered with RTFM ;-)10:22
kashyapYes.  Many many developers forget to realize that their "beautiful code" is not worth a damn if they don't spend a decent chunk of time describing the feature10:22
kashyapNot a curt, crappy document.  But a good one, that makes you feel "pain" when you write.  And after some rounds of editing.10:23
*** jaosorior has quit IRC10:23
kashyapaspiers: BTW, I'll of course be writing a document for Sec Boot, collecting artefacts here: https://kashyapc.fedorapeople.org/Secure-Boot-for-KVM-QEMU-guests/10:24
aspiersgreat10:24
openstackgerritHuachang Wang proposed openstack/nova-specs master: Use PCPU and VCPU in one instance  https://review.opendev.org/66865610:25
aspiersso, in the absence of TFM, please can you tell me how to configure UEFI boot?10:25
aspierseven your SB spec problem description doesn't really cover it AFAICS10:25
aspiershttps://specs.openstack.org/openstack/nova-specs/specs/mitaka/implemented/boot-from-uefi.html sort of does10:26
aspiersis hw_firmware_type=uefi enough?10:26
aspiersoh I found it! https://docs.openstack.org/glance/pike/admin/troubleshooting.html#launch-instances-with-uefi10:26
*** brinzhang_ has joined #openstack-nova10:27
aspierskashyap: unfortunately I am now being bitten by your decision not to +1 https://review.opendev.org/#/c/348394/, since I need this working on SLES 12 ...10:27
aspiersI think it could have been a reasonable stop-gap solution10:29
*** huaqiang has joined #openstack-nova10:29
kashyapaspiers: Oh, speaking of which!10:30
aspiersTBH I think it would still make sense to merge that, even at this late stage10:30
kashyapCan you check with Dirk & co. on any progress on getting the JSON file descriptor files as part of SLES's EDK2/OVMF package?10:30
kashyapI've written the patch for Fedora:10:30
*** brtknr has quit IRC10:30
aspierskashyap: I thought we connected you with Jim Fehlig on that front?10:30
*** brinzhang has quit IRC10:30
aspiershe's our OVMF expert10:31
kashyapYes, we did.  I'll revive the thread with the example10:31
aspiersand in fact he's the one who yesterday suggested that my SEV guest is broken because it wasn't booted with UEFI10:31
kashyapSee this example: https://src.fedoraproject.org/rpms/edk2/c/674b3c8a27a810:31
kashyapPlease point it to Jim.  Or I'll revive that thread post Denver with some more info10:32
*** brtknr has joined #openstack-nova10:32
kashyapaspiers: I've filed similar RFE bugs for Debian and Ubuntu, too10:32
aspiersI've found the old mail thread10:32
aspiersMay 8-1010:32
*** zhouyao has quit IRC10:33
kashyapRight10:33
*** brtknr has quit IRC10:34
*** ksdean has quit IRC10:34
*** kaisers has quit IRC10:35
sean-k-mooneykashyap: by the way changing the motherboard does not always cause windows to be reactivated or require reactivation. it depend on if its a retail copy or oem. oem copies are tied to the machine they are  booted on retail are not.10:35
sean-k-mooney*installed on10:35
*** brtknr has joined #openstack-nova10:35
*** brtknr has quit IRC10:36
kashyapWhat is the difference between "retail copy" and "OEM"?10:36
sean-k-mooneyif the frimware/system uuid does not change i think it would not triger reactivation of windows licenes10:36
sean-k-mooneykashyap: its a diffenet EULA and teh activation key is from a diffferent pool onther then that they are identical10:37
sean-k-mooneyoem key are cheaper10:37
sean-k-mooneyhaving said that for openstack10:37
sean-k-mooneyyou would be useing datacenter volume licences10:37
kashyapThat sounds incredibly messy10:37
kashyapRegardless, I think it robust to _assume_ it changes10:37
*** jawad_axd has joined #openstack-nova10:38
* kashyap --> bbiab10:39
sean-k-mooneywell it makes sense. they assume if you buy windows your self. e.g. a retail copy that you might be building your own pc and might upgrade it10:39
sean-k-mooneybut if you go windows with your pc e.g. form dell its an oem license10:39
aspierskashyap: what I see from my SEV machine is lacking some of the bits you see: http://paste.openstack.org/show/755058/10:40
aspierskashyap: is my libvirt or qemu old or something?10:40
*** yaawang has quit IRC10:40
sean-k-mooneyand they assume since you baugt prebuilt your not going to swap out the motherboard, you can buy oem license and they are cheaper but its one of the limitations that come with the cost reduction10:40
*** cdent has quit IRC10:41
sean-k-mooneybut in either case its against the windows desktop license agreement to use either for systems that are purly virtualised10:41
sean-k-mooneyto run windows permently in a vm you need a different licnese (volume licenseing or datacenter) which have different activation critia10:43
*** brtknr has joined #openstack-nova10:45
*** mkrai has quit IRC10:57
*** mkrai has joined #openstack-nova10:57
*** brtknr has quit IRC11:04
*** brtknr has joined #openstack-nova11:05
*** brtknr has quit IRC11:06
*** brtknr has joined #openstack-nova11:06
*** brtknr has quit IRC11:07
*** lpetrut has joined #openstack-nova11:07
*** brtknr has joined #openstack-nova11:08
*** smrcascao has quit IRC11:17
*** brtknr has quit IRC11:20
*** brtknr has joined #openstack-nova11:21
*** brtknr has quit IRC11:22
*** brtknr has joined #openstack-nova11:23
*** brtknr has quit IRC11:23
*** brtknr has joined #openstack-nova11:24
*** brtknr has quit IRC11:24
*** brtknr has joined #openstack-nova11:25
*** udesale has quit IRC11:26
*** jaypipes has joined #openstack-nova11:26
sean-k-mooneythe nova-next job is ment to test thing that we intend to make the default in a subsequent release right11:28
sean-k-mooneyor is it for something else?11:29
sean-k-mooneyit looks like it was orignially for placmenet and cells testing when they were optional and for stien was the first full python 3 job? so it evelovs to test the futrue state we expect nova to run in11:31
sean-k-mooneythe reason im asking it related to a donwstream converstation about service tokens11:33
sean-k-mooneyhttps://github.com/openstack/nova/blob/master/nova/conf/service_token.py#L18-L4211:33
sean-k-mooneyit look like we have not considerd service tokens to be experimental since 201711:33
openstackgerritSurya Seetharaman proposed openstack/nova master: API microversion 2.75: Add 'power-update' external event  https://review.opendev.org/64561111:33
sean-k-mooneyand nova-next has been running with them for over 2 years11:33
sean-k-mooneylyarwood has a patch https://review.opendev.org/#/c/673226/1 to enable them by defualt in devstack but im wondering should we just enable it by default in nova11:34
*** jaosorior has joined #openstack-nova11:34
sean-k-mooneyefried: johnthetubaguy bauzas ^ any input on that?11:34
*** derekh has quit IRC11:43
*** cdent has joined #openstack-nova11:46
openstackgerritHuachang Wang proposed openstack/nova master: doc: correct the information of 'cpu_map'  https://review.opendev.org/67327211:46
*** bbowen has joined #openstack-nova11:49
*** eharney has joined #openstack-nova12:00
aspierskashyap: let me know when you're back12:09
aspierskashyap: I'm changing the patch title to "Track libvirt host/domain capabilities for multiple machine types"12:09
*** mkrai has quit IRC12:13
*** artom has joined #openstack-nova12:20
*** mvkr has quit IRC12:22
openstackgerritGhanshyam Mann proposed openstack/nova master: Multiple API cleanup changes  https://review.opendev.org/66688912:27
aspierskashyap, efried: I noticed that Element.getchildren() is deprecated since lxml 2.7 and our requirements has >= 3.4.1 - would it make sense to submit a patch getting rid of those?12:30
*** ricolin_ has joined #openstack-nova12:30
*** Conqueror has joined #openstack-nova12:31
*** ivve has quit IRC12:34
sean-k-mooneyaspiers: you are ment to just do list(element) now right to get the childeren12:34
aspierssean-k-mooney: yes I know12:35
aspierssean-k-mooney: my new code is already doing that12:35
sean-k-mooneyi guess iter(element) should work as well12:35
aspiersjust "for child in parent:" works fine12:35
sean-k-mooneyah yes12:35
sean-k-mooneypersonally i prefer using xpath expressions12:35
aspiersthat's a different use case12:35
sean-k-mooneyproably but it really depends on what your doing int he body of that for12:37
kashyapaspiers: Sorry, wasn't paying close attention12:37
kashyapaspiers: On that patch from Dirk, it's not only SLES, even CentOS is affected -- https://bugs.launchpad.net/nova/+bug/182538612:38
openstackLaunchpad bug 1825386 in OpenStack Compute (nova) "Nova is looking for OVMF file no longer provided by CentOS 7.6" [Undecided,New]12:38
*** ratailor_ has quit IRC12:38
kashyapaspiers: (And yes, the new patch title is far more accurate; thank you)12:38
aspierslet's see how Gerrit handles the rewording12:39
kashyapaspiers: Now looking at your pastebin12:39
openstackgerritAdam Spiers proposed openstack/nova master: Track libvirt host/domain capabilities for multiple machine types  https://review.opendev.org/67315112:39
openstackgerritAdam Spiers proposed openstack/nova master: Provide HW_CPU_X86_AMD_SEV trait when SEV is supported  https://review.opendev.org/63868012:39
openstackgerritAdam Spiers proposed openstack/nova master: Add extra spec parameter and image property for memory encryption  https://review.opendev.org/66442012:39
openstackgerritAdam Spiers proposed openstack/nova master: Extract SEV-specific bits on host detection  https://review.opendev.org/63633412:39
openstackgerritAdam Spiers proposed openstack/nova master: Add <launchSecurity> and <driver iommu='on' /> to config.py  https://review.opendev.org/63631812:39
openstackgerritAdam Spiers proposed openstack/nova master: Apply SEV-specific guest config when SEV is required  https://review.opendev.org/64456512:39
openstackgerritAdam Spiers proposed openstack/nova master: Enable booting of libvirt guests with AMD SEV memory encryption  https://review.opendev.org/66661612:39
sean-k-mooneyaspiers: i like to use xpath for thinks like parseing the support device model enum. "/enum[@name='modelType']/value/text()" is much cleaner then looping over the child of my child that is a enm with a name atribute and then extraging alls its childerns text values12:42
aspierssean-k-mooney: yes but it depends on the context. config.py already has a top-down tree-based approach to iterating so in that context xpath makes no sense12:42
sean-k-mooneywell im planning to use it there12:43
sean-k-mooneyand if we used xpath in config.py more liberally it would be much shorter then it currently is12:43
aspiersmaybe12:43
aspierssean-k-mooney: feel free to add me to the review12:43
sean-k-mooneyhttps://review.opendev.org/#/c/666915/6/nova/virt/libvirt/config.py@18212:43
kashyapaspiers: On your pastebin (http://paste.openstack.org/show/755058/): you lack the 'efi' bit because, (a) old version; (b) your EDK2/OVMF package doesn't yet have these files:12:44
kashyap/usr/share/qemu/firmware12:44
kashyap/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json12:44
kashyap/usr/share/qemu/firmware/50-edk2-ovmf-x64-sb.json12:44
kashyap/usr/share/qemu/firmware/60-edk2-ovmf-x64.json12:44
kashyap---12:44
aspierskashyap: /usr/share/qemu/firmware doesn't exist at all12:45
sean-k-mooneyi dont see that on ubunut12:45
kashyapaspiers: Right - it doesn't exist on those yet.  Hence these RFEs I filed for Debian and Ubuntu:12:46
kashyapaspiers: It is part of QEMU 4.1 (coming next month) - merged in Git.12:46
kashyapThe files.12:46
aspiersouch, 2.11.2 here12:46
kashyap(But each distro should ship a variant of those files that matches with their EDK2/OVMF.)12:46
sean-k-mooneyi have it in a different location on debian12:47
kashyapsean-k-mooney: The JSON files don't exist yet on Debian12:47
sean-k-mooney/usr/share/OVMF/OVMF_CODE.fs12:47
sean-k-mooney/usr/share/OVMF/OVMF_CODE.fd12:47
*** mriedem has joined #openstack-nova12:47
aspierssean-k-mooney: that's not the json files12:47
aspiersthat's the blobs12:47
kashyapsean-k-mooney: We're talking about .json files12:47
sean-k-mooneyoh the json file is seperate form the firmware image12:47
*** cdent has quit IRC12:47
kashyapHere are the RFEs I filed for Debian/Ubuntu:12:48
kashyap(1) Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=93226912:48
openstackDebian bug 932269 in ovmf "Ship the firmware "descriptor files" as part of the 'ovmf' package" [Normal,Open]12:48
sean-k-mooneyno its fine12:48
kashyap(2) Ubuntu: https://bugs.launchpad.net/ubuntu/+source/edk2/+bug/183685912:48
openstackLaunchpad bug 1836859 in edk2 (Ubuntu) "RFE: Ship the firmware "descriptor files" as part of the 'ovmf' package" [Undecided,New]12:48
kashyapcoreycb: Hi, any update on the above from 'dannf'? --^12:49
kashyapcoreycb: Sorr for pestering; I'll be off from 06-Aug to 23-Aug, trying to get it into Ubuntu by then12:49
kashyapcoreycb: It's a simple change, just requires one to go through the motions and get a package build out.12:49
sean-k-mooneythey may still decide to package tehm in a different location but you know more about it then i12:49
kashyapsean-k-mooney: They can package it in whatever location - it doesn't matter, so long as they're shipping the JSON file with their custom path.12:50
sean-k-mooneyi think its somewhat confusing that they are in the qemu directory and not in OVMF12:50
kashyapsean-k-mooney: That is what the QEMU firmware specifcation looks for.12:51
kashyaphttps://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json#l31212:51
kashyap 312 #   - /usr/share/qemu/firmware -- populated by distro-provided firmware12:51
kashyap 313 #                                 packages (XDG_DATA_DIRS covers12:51
kashyap 314 #                                 /usr/share by default),12:51
sean-k-mooneyi guess it depends on if its in the qemu package or ovmf package12:51
sean-k-mooneyits edk212:51
kashyapFor distributions shipping EDK2/OVMF, they should ship these files as part of that package.12:52
sean-k-mooneyright so it seam weird that that package would add somthing to the qemu firmware folder unless that package has a hard depency on qemu e.g. it cant be instlled without it12:53
aspierskashyap: weirdly, changing the commit message only invalidated the V+1 of that commit, not all the others rebased above it12:54
sean-k-mooneyyep12:54
sean-k-mooneyif gerrit can tell that the rest of the content did not change it wont drop the +/- 112:54
sean-k-mooneyso if you are just fixing a commit message then it will generally keep everything else as long as you did not rebase12:55
kashyapsean-k-mooney: The /usr/share/qemu is not weird -- why?  Because QEMU (4.1 onwards) _itself_ ships bundled EDK2 + JSON firmware files12:55
kashyapBut those distributions building QEMU (and EDK2/OVMF) decouple that and ship separately12:56
kashyapaspiers: I'm writing a "summer time update" to the SUSE folks; look out for an e-mail12:56
aspierskashyap: great12:57
sean-k-mooneythe relationship is inverted if edk2 does not depend on qemu it shouldnt modify qemu directories but anyway i dont really want to dicuss this now12:57
sean-k-mooneyif the json files were part of the qemu package the current state makes sense to me12:58
coreycbkashyap: i think he's on pto12:58
efriedsean-k-mooney: what's the question? Whether service tokens are still experimental?12:58
sean-k-mooneyefried: the question is can we enable them by default12:58
coreycbkashyap: this is for qemu 4.1 right?12:58
efriedaspiers: Re Element.getchildren() -- sure; I'm assuming there's a fairly straightforward replacement.12:59
sean-k-mooneyefried: or rather should we12:59
aspiersefried: literally just dropping ".getchildren()"12:59
aspiersefried: for child in parent:12:59
aspiersor children = list(parent)12:59
sean-k-mooneyefried: they implemented the iterator protocol on the Element class so you can now just use list() itter() or pass it to a for loop and it will loop over the childeren13:00
kashyapcoreycb: Yes, it is for QEMU 4.1 (coming out in the 2nd week of August).  But no need to wait for the release13:00
kashyapaspiers: A quick one: what is the package called on SUSE?  'edk2' or 'edk2-ovmf' or 'ovmf'?13:01
efriedaspiers: neat. Then yeah, for sure, let's get a patch up.13:01
coreycbkashyap: right so from what i understand 19.10 won't have qemu 4.1 so we have time. it's slated for 20.04.13:01
* sean-k-mooney just realised someone put a comma in the filename of several of the binary blob "QEMU,tcx.bin" i am sure that has broken no one ever...13:02
efriedsean-k-mooney: When you say enable by default, the operator would still have to put admin creds into the service_user section of the conf to make it work; you're just suggesting getting rid of the need for the extra [service_user]send_service_user_token granny switch?13:03
aspierskashyap: not sure but you can probably find out from these ... https://build.opensuse.org/package/view_file/SUSE:SLE-12-SP4:Update/ovmf/ovmf.spec?expand=113:04
aspiershttps://build.opensuse.org/package/view_file/SUSE:SLE-15:Update/ovmf/ovmf.spec?expand=113:04
kashyapcoreycb: When is 20.04 out?13:04
kashyapcoreycb: Note: this _doesn't_ require QEMU 4.1 per-se13:04
aspiershttps://build.opensuse.org/package/show/hardware:boot/edk213:04
coreycbkashyap: april of 2020. right but i imagine that's how it will be prioritized.13:05
sean-k-mooneyefried: i may not fully understand this feature but i was fering to removing of chaning the defualt of https://github.com/openstack/nova/blob/master/nova/conf/service_token.py#L28-L4313:05
kashyapaspiers: Actually, I found it documented in my own spec :-) -- the pacakge in SLES is called: qemu-ovmf-x86_6413:05
aspiersefried, kashyap: so SEV needs UEFI and currently the only way to activate this is hw_firmware_type=uefi on the image. What if an image without this is booted with hw:mem_encryption='True' ?13:05
aspiersShould nova throw an error, or impose uefi on the image?13:06
sean-k-mooneyi guess you also need to set up the service user13:06
aspierssean-k-mooney: interested in your opinion too13:06
kashyapcoreycb: Well, why can't the package be even available in the "latest" Git distro?  (In Fedora's terms, "Rawhide")13:06
kashyapcoreycb: Fedora already ships these for a couple of weeks.  There's no reason to delay this13:06
sean-k-mooneyaspiers: does sev only work with uefi guests13:06
aspiersyes13:07
coreycbkashyap: i'm not the maintainer i'm just assuming how it will work13:07
aspiersit's mentioned in the spec13:07
kashyapaspiers: Hmm, I'd say "impose UEFI on the image" -- if it's a prereq for SEV -- but ... I don't off-hand if any caveats need to be thought out13:07
sean-k-mooneythen you should have a check in the api and reject the spawn before we create a request spec or instance object13:07
aspiersalbeit briefly13:07
*** jroll has quit IRC13:07
aspierskashyap: I'm more inclined to agree with sean-k-mooney's suggestion here13:08
aspierslet's see what efried thinks13:08
kashyapcoreycb: Noted.  I'd also assume any other Debian packager submitting the change / patch shold be accepted.  I hope the process is not blocked on a single maintainer.13:08
*** jawad_axd has quit IRC13:08
*** jroll has joined #openstack-nova13:08
sean-k-mooneyyou can do it like this https://review.opendev.org/#/c/671338/4/nova/compute/api.py13:08
efriedaspiers: I don't know what any of that means, but it sounds like you've got a couple of choices:13:08
efried1) make hw_firmware_type=uefi automatic when hw:mem_encryption=True (or... vice versa?)13:08
efried2) make the operation fail if hw:mem_encryption=True but hw_firmware_type!=uefi13:08
kashyapaspiers: Yeah, nod.  I was thinking in terms of how libvirt auto-adds 'smm' bit when requesting Secure Boot.  But that's not an analogy at all13:08
efriedoh13:08
efriedthat's exactly what you just said.13:08
sean-k-mooneyjust add a check to _validate_flavor_image_nostatus13:09
efriedI don't understand this uefi thing well enough to render an opinion (like, what could go wrong if you set it implicitly, what is the impact of doing this thing the user didn't ask for, etc.)13:10
aspiersefried: I'm assuming that images need some UEFI support magic baked in13:10
sean-k-mooneyefried: the host would have to be configured with uefi firmware to be able to enable it.13:10
aspiersbut I don't actually know13:10
*** ivve has joined #openstack-nova13:11
aspiersdoes the scheduler know whether hosts support UEFI?13:11
kashyapaspiers: At this point, no.13:11
sean-k-mooneyaspiers:for a uefi boot there would have to be a gpt partion on the image and it would need a efi boot partion to unpack the efi into13:11
efriedIf the host needs uefi-ness, then that needs to be part of determining whether the host exposes the SEV capability and the MEM_ENC_CTX inventory.13:11
sean-k-mooneyi think13:11
aspiersefried: every SEV host will support UEFI13:12
aspiersefried: in fact I'm guessing also every host made in the last $NOT_SMALL years13:12
sean-k-mooneybasicaly uefi booth need (typically) a 1M partition for use by the uefi firmware. if that is not in the disk image then the firmeware suppoied by the host wont work13:12
aspiersso it's not an issue for SEV, but it might be for hw_firmware_type in general13:13
aspierssean-k-mooney: thanks, that's extremely helpful13:13
*** jmlowe has joined #openstack-nova13:13
aspiersand also scary because it highlights that I might have no easy way of getting a UEFI-capable SLES image :-(13:13
sean-k-mooneythe only time i have used uefi with vms sofar i have installed from iso so it did the right thing13:13
*** cdent has joined #openstack-nova13:14
sean-k-mooneyno idea if the cloud image are set up to work out of the box but i know disk image builder used to have issue with non msdos partion tables and i dont know if it can work wtih gpt partion tables yet so im guessing people milage will vary on this one13:14
efriedokay, so you can't just toggle that property on an image and expect it to work.13:14
efriedthat answers the question, right?13:15
sean-k-mooneyyou cant assuem it will work correct13:15
aspiersright13:15
efriedthen do the validation thingy13:15
* efried dusts hands13:15
aspiersso yeah I'll follow sean-k-mooney's suggestion13:15
aspiersthanks all13:15
*** jchhatbar has quit IRC13:15
efriedsean-k-mooney: re service auth...13:15
sean-k-mooneyefried: ya so looking at the config code i was not aware we had to expclitly set addtional credentials that were not alreday required13:16
*** ivve has quit IRC13:16
efriedthe way it works is this:13:17
efriedSome services do long-running operations, followed by other operations. Your user token may expire during the long-running operation, and then you would bounce on the subsequent operations.13:17
efriedSo you set up [service_user] with ksa creds and that toggle you pointed out.13:17
efriedAnd we wrap your user token in what is effectively an admin token, which we then use if the user token expires.13:17
efriedYeah, the stealth inclusion of ksa creds is easy to miss13:17
efriedso basically it looks like that conf only has one option, but it really has like a dozen -- all the ksa auth/session/adapter stuff.13:17
sean-k-mooneyya i kind of glossed over the bottm of the file as i assume it was the normal boiler plate but looking at it now i see its not13:18
efriedSo today you have to have that toggle switched on for us to even try loading up the ksa stuff.13:18
efriedif we turned off that toggle, we would try loading up the ksa stuff and if it fails just carry on with the user token as is13:18
efriedwhich is basically what we do today if you have the switch on anyway.13:18
*** BjoernT has joined #openstack-nova13:18
efriedwhat's not clear is, if that toggle is gone, how should we behave if we can't load up the ksa bits? Just warn as we do today and carry on using the user token presumably13:19
sean-k-mooneyya the context for this was there was a discussion downstream of if/when we will start supproting this in our product13:19
efriedbut if the op doesn't *want* to use service auth, they're getting a warning for doing what they wanted.13:19
*** mvkr has joined #openstack-nova13:20
sean-k-mooneyefried: well i think the present of the service user in the config would be enough to singnel this no?13:20
sean-k-mooneye.g. if you put it in the config we asssume you want to use it13:20
sean-k-mooneyif you didnt we assume you dont13:20
sean-k-mooneyis ther service_user section used for anythin else currently?13:20
sean-k-mooneyif so the  toggle makes sense if not then its a needless extra step13:21
sean-k-mooneybut in anycase its not as simple as jsut enabling it by defualt. the operator need to add serveice_user creds13:21
efriedright, but it's a bit different than the other auth sections13:22
sean-k-mooneyi had asumeed we would reuse the admin creds that nova already has rather then accept a different set13:22
efriedThe other ones, if you spell something wrong or mess up your creds, you can't do things.13:22
efriedWith this one, we can still mostly operate.13:22
efriedso how should we behave if you put stuff in but f it up?13:23
*** jdillaman has joined #openstack-nova13:23
sean-k-mooneyya i get the concern about the silent failure13:23
*** cdent has quit IRC13:23
efriedReally this is a question we should be addressing with what we have today anyway.13:23
sean-k-mooneyif you populated the filed and the password or whatever was wong i woudl expect an error13:23
efriedbecause IMO if you said "I want to do this thing" but we can't work with what you've entered, it should arguably be a failure.13:23
efriedright13:24
sean-k-mooneybut if you typo the section name that is tricker13:24
efriedbut that's a separate discussion I think.13:24
sean-k-mooneyok13:24
sean-k-mooneyyou ansered my question anyway13:24
sean-k-mooneyits not as simple as just truning it on and it working13:24
sean-k-mooneyso the installer would have to configure it13:24
efriedsean-k-mooney: other quirks and details to be aware of:13:24
efriedit only applies to some services13:25
efriedlike, ironic is always admin, so service auth is n/a13:25
efriedglance is always user, and it applies there13:25
sean-k-mooneyyes appreent glance can recive teh service token but not send it13:25
efriedneutron is *sometimes* admin13:25
efriedwhy would glance need to send a service token?13:25
sean-k-mooneyi was not sure about that either but appreently it has something to do with the glance_store. im guessint its related to there replication/validation capablities13:27
sean-k-mooneyefried: oh it for when glance it using cinder/swift as a backend13:27
sean-k-mooneyhttps://review.opendev.org/#/c/526611/13:27
efriedokay, well, that sounds like an issue for glance to deal with then.13:28
sean-k-mooneyanyway our glance folks downstream mentioned that there are still somthing related to the glance_store drivers13:29
sean-k-mooneyya is not a nova problem13:29
sean-k-mooneywell it could be for shelve13:29
*** BjoernT_ has joined #openstack-nova13:29
sean-k-mooneye.g. we send glance the user and service token but it might just use teh user token and fail13:29
sean-k-mooneyanyway tl;dr there is still work to do in some services13:30
*** BjoernT has quit IRC13:30
*** BjoernT has joined #openstack-nova13:32
*** BjoernT_ has quit IRC13:34
*** mvkr has quit IRC13:34
*** sridharg has quit IRC13:41
*** whoami-rajat has quit IRC13:42
*** dpawlik has quit IRC13:45
*** mvkr has joined #openstack-nova13:47
*** cdent has joined #openstack-nova13:48
*** dpawlik has joined #openstack-nova13:52
*** artom has quit IRC13:54
*** tbachman has joined #openstack-nova13:55
*** dklyle has quit IRC14:00
*** dklyle has joined #openstack-nova14:00
aspierskashyap: libvirtError: operation failed: unable to find any master var store for loader: /usr/share/OVMF/OVMF_CODE.fd14:02
aspiersI made that file a symlink to /usr/share/qemu/ovmf-x86_64-code.bin14:02
aspierswhere is the master var store supposed to live?14:02
aspiersbiab14:02
sean-k-mooney<os>14:05
sean-k-mooney    <type arch='x86_64' machine='pc-q35-3.1'>hvm</type>14:05
sean-k-mooney    <loader readonly='yes' type='pflash'>/usr/share/OVMF/OVMF_CODE.fd</loader>14:05
sean-k-mooney    <nvram>/var/lib/libvirt/qemu/nvram/ovn1_VARS.fd</nvram>14:05
sean-k-mooney    <boot dev='hd'/>14:05
sean-k-mooney  </os>14:05
sean-k-mooneyaspiers: ^14:05
sean-k-mooneyi think you are missing the per vm VARs file14:06
sean-k-mooneyi belive its generated form a template14:06
sean-k-mooneybut i know know where that lives14:06
sean-k-mooneyaspiers: but kashyap will be able to point you in the right direction when he is back14:06
* kashyap is here, just finishing up a comment in a bug14:06
*** jmlowe has quit IRC14:08
*** panda is now known as panda|brb14:19
*** tetsuro has joined #openstack-nova14:20
*** smrcascao has joined #openstack-nova14:24
*** tetsuro has quit IRC14:24
*** panda|brb is now known as panda14:25
*** smrcascao has quit IRC14:30
*** dpawlik has quit IRC14:31
*** mkrai has joined #openstack-nova14:31
mriedemforbidden aggregates must have jumped the runways queue https://etherpad.openstack.org/p/nova-runways-train14:35
*** ttsiouts has quit IRC14:35
*** ttsiouts has joined #openstack-nova14:36
mriedemlooks like brin zhang updated the runways but didn't log the changes14:37
mriedembrinzhang_: ^14:38
kashyapaspiers: Yeah, you should have a corresponding VARS file14:39
*** lpetrut has quit IRC14:39
kashyapaspiers: On SLES, it is this combination:14:40
kashyap- Firmware binary: /usr/share/qemu/ovmf-x86_64-opensuse-code.bin14:40
kashyap- Matching variable store template: /usr/share/qemu/ovmf-x86_64-opensuse-vars.bin14:40
*** ttsiouts has quit IRC14:40
*** ttsiouts has joined #openstack-nova14:41
kashyapaspiers: Make the last file on SLES  as a symlink to '/usr/share/OVMF/OVMF_VARS.fd'.  Then your instance should launch.14:42
mriedemwell i think i unborked the runways queue etherpad14:42
*** jaypipes has quit IRC14:46
*** tbachman has quit IRC14:46
sean-k-mooneyit was broken?14:51
sean-k-mooneyi had it open in a tab and it more or less looks the same14:51
*** belmoreira has joined #openstack-nova14:51
aspierskashyap: thanks!14:53
*** ivve has joined #openstack-nova14:55
*** mlavalle has joined #openstack-nova14:57
kashyapaspiers: When you get around to it, let me know if that works for you :-)14:59
aspierskashyap: trying right now14:59
kashyapOkay; /me --> call14:59
aspiersbut I don't know if my image is really UEFI14:59
aspiersany easy way to check?14:59
kashyapaspiers: Yes:15:01
aspierskashyap: I assume I want /usr/share/qemu/ovmf-x86_64-suse-vars.bin since this is SLES not openSUSE15:01
kashyapaspiers: Yes, run `tree efi` on /boot on your VM image15:02
aspiersyou mean after mounting it with qemu-nbd or libguestfs?15:02
kashyapIf your VM image is EFI-capable, then you'll see files with .efi extension (e.g. BOOTX64.EFI) under /boot/efi15:03
aspiersthanks15:04
kashyapLet me show you on Fedora - comparing an image that is not UEFI-capable with one that is15:04
kashyapaspiers: (And yes, after mounting)15:06
kashyapI use `guestmount`.15:06
aspiersstill getting Instance failed to spawn: libvirtError: operation failed: unable to find any master var store for loader: /usr/share/OVMF/OVMF_CODE.fd15:06
*** Luzi has quit IRC15:06
aspierslrwxrwxrwx 1 root root   41 Jul 29 04:22 OVMF_CODE.fd -> /usr/share/qemu/ovmf-x86_64-suse-code.bin15:06
aspierslrwxrwxrwx 1 root root   41 Jul 29 04:22 OVMF_VARS.fd -> /usr/share/qemu/ovmf-x86_64-suse-vars.bin15:06
kashyapaspiers: Here is the comparison: http://paste.openstack.org/show/755075/15:07
mriedemhttps://review.opendev.org/#/c/621476/50 needs a lot of work...15:07
kashyapaspiers: Let's try one more thing:15:08
mriedemgmann: new compute api policy naming discussion in https://review.opendev.org/#/c/621476/50/nova/policies/server_topology.py@2015:09
mriedemi did my best to recommend names15:10
kashyapaspiers: Let's try one more thing: can you post your /etc/libvirt/qemu.conf?15:10
kashyapIn short, if you _don't_ have this entry, add it in there:15:10
kashyapnvram = [ "/usr/share/OVMF/OVMF_CODE.fd:/usr/share/OVMF/OVMF_VARS.fd"15:10
aspierssure15:10
kashyap]]15:10
aspiersit's commented out15:10
kashyapaspiers: Can you uncomment both the VARS, and CODE file out, restart libvirtd & try?15:11
aspierssure15:11
aspiersexcept the commented bit is wrong15:12
kashyap[This is test-only; note that long longer libvirt upstream intends to get rid of this config.]15:12
efriedmriedem: IMO runways shouldn't be limited to "ready for core review". What does that even mean? Code complete and passing tests should be sufficient. Are you saying they should be required to have so many rounds of non-core reviews before being eligible? That doesn't sound workable to me.15:13
efriedmriedem: (this is without having looked at the patch that triggered your comment btw, maybe it was marked WIP or not passing zuul, which would be valid reasons to keep it out of runways)15:13
efried"obviously a mess" (my words, not yours) is super subjective. obviously you'll set a much higher bar than an inexperienced contributor.15:14
kashyapaspiers: Note that in the 'nvram' libvirt config, you can give SUSE's precise file paths.  (Symlinks should work too, of course)15:14
aspierskashyap: ack15:15
*** artom has joined #openstack-nova15:20
*** udesale has joined #openstack-nova15:22
*** ttsiouts has quit IRC15:23
*** ttsiouts has joined #openstack-nova15:24
aspierskashyap: progress!!15:25
aspierskashyap: now I can see the vnc console and a kernel panic X-D15:25
aspiersthat's huge progress15:25
mriedemefried: where did i say "obviously a mess"?15:25
mriedemoh nvm,15:26
mriedemi didn't15:26
efriedmriedem: yeah, I was kind of putting words in your mouth, sorry about that.15:26
*** tssurya has quit IRC15:26
*** mkrai has quit IRC15:27
mriedemas for not really ready for core review, i removed that. it'd be nice if contributors from large companies that have other developers working on this project would do some peer review before putting stuff into runways, but i guess that's a pipe dream.15:27
aspierskashyap: that kinda gives me hope this whole thing might actually work :)15:27
mriedembut i mean, there were just typos all over the thing15:27
mriedemso i consider that not really ready for core review15:27
aspiersmriedem: I really hope to do more "selfless" upstream work (including reviews) but right now I'm battling this SEV deadline15:27
mriedemaspiers: ok?15:27
cdentmriedem: pretty soon having reviewers at all will be a pipe dream15:28
sean-k-mooneydont we already have a requirement that code must not be in WIP state to enter the runways15:28
mriedemcool15:28
mriedemit wasn't wip15:28
aspiersmriedem: nevertheless some of the SEV work is enabling stuff that kashyap and sean-k-mooney are working on, so at least it's not *entirely* selfish ...15:29
sean-k-mooneyim not sure which revew set ye were refering to by the way15:29
mriedemanyway, i shouldn't have said anything, i'm just cranky. woken up too early, had to fix the runways etherpad, etc etc15:29
*** tbachman has joined #openstack-nova15:29
mriedemaspiers: i'm not complaining about SEV stuff at all15:29
*** ttsiouts has quit IRC15:29
sean-k-mooneyaspiers: well the only depency i have on the sev work is the harding patch15:29
aspiersmriedem: I know, but I was trying to boost your morale a bit ;-)15:29
mriedemSEV does not boost my morale but ok15:29
sean-k-mooneywhich is not really part of the series more a depency for my blueprint and yours15:29
aspierssean-k-mooney: sshhh, I'm trying to cheer up mriedem ;-)15:30
sean-k-mooneyhehe ok15:30
artomTime for the Riderman song?15:30
aspierssean-k-mooney: also you got the getDomainCapabilities code from me for free15:30
cdentoh, I misunderstood. I was trying to mriedem more sad.15:30
aspiershaha15:30
sean-k-mooneyaspiers: yes but i technically never needed it15:30
aspiersbah :)15:30
aspierssean-k-mooney: what about https://review.opendev.org/#/c/673151/, maybe that is useful for you too15:30
sean-k-mooneyaspiers: im just using it since its there15:31
kashyapaspiers: Selectively reading the scroll15:31
sean-k-mooneyi havenet seen that patch before. so i dont know15:31
kashyapaspiers: Hehe, so long as you're in the console, good.  My assistance is over ;-)15:31
aspiersmriedem: I mean, I was trying to cheer you up by saying that I'm hoping to contribute more than just SEV and its peripheries15:31
aspierssean-k-mooney: I wrote it on Sat15:31
aspierssean-k-mooney: http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2019-07-27.log.html#t2019-07-27T18:15:1715:32
sean-k-mooneyaspiers: but i would prefer to merge teh code i have and then see if we can refactor later15:32
aspierssean-k-mooney: it's not a refactor and I don't think it overlaps with your changes15:32
aspierswell there is a bit of refactoring in there15:32
aspiersbut that's not the main point15:33
aspiersanyway gotta go again15:33
aspiersbiab15:33
kashyapmriedem: Yes, to be fair -- parts from SEV work in Nova _do_ help the Secure Boot stuff and some of what Sean's doing.15:37
aspiersI wasn't trying to portray SEV as the saviour of nova ;-) or even anything significantly helpful. Just stating my wish to contribute more to nova *beyond* SEV in the future15:37
aspiersI've already done bits and pieces here and there15:38
aspiersbut would like to do more15:38
kashyapaspiers: Heh, you don't need to defend yourself _that_ much by feeling like you're walking on some eggshells.15:38
kashyapIt's good work, and enables a useful and imporant usecase.15:39
aspierssure, I don't feel under attack either ;)15:39
*** gyee has joined #openstack-nova15:39
kashyapOkido; then let's keep maintaining our inner tranquility..15:40
kashyaps/.././15:41
*** udesale has quit IRC15:41
*** udesale has joined #openstack-nova15:41
*** mkrai has joined #openstack-nova15:41
eanderssonsean-k-mooney, I tried to backport the prelude patch needed for15:42
eanderssonhttps://review.opendev.org/#/c/672855/15:42
eanderssonbut I think I'll have to leave that for someone else15:42
eanderssonSo many changes between Stein and Rocky on that front15:42
*** mkrai has quit IRC15:43
*** derekh has joined #openstack-nova15:54
sean-k-mooneyeandersson: sure once its merged on master then people on teh stable/core teams will be able to backport it if needed or i can try to take a look15:56
*** mvkr has quit IRC16:01
*** vishwanathj has quit IRC16:02
*** rpittau is now known as rpittau|afk16:04
*** belmoreira has quit IRC16:05
aspierskashyap: does this look capable? http://paste.openstack.org/show/755079/16:10
aspiersI don't see any shims16:10
*** vishwanathj has joined #openstack-nova16:19
*** ivve has quit IRC16:21
aspierskashyap: so grub actually shows secure boot enabled!16:21
efriedphew, glad alex_xu and stephenfin were able to approve that get_domain_capabilities() patch. I was having nightmares.16:21
aspiershehe16:21
eanderssonSounds good sean-k-mooney16:21
sean-k-mooneyi commented on the review by the way16:22
aspiersefried: if that gave you nightmares, I dread to think what https://review.opendev.org/#/c/673151/ will do16:22
sean-k-mooneyjust pointing out that it may change the message if we dont actully through the exception16:22
efriedahcrap, is that *also* blocking the SEV work?16:22
sean-k-mooneybut i have not confimed that16:22
aspiersefried: it's the first in the series16:22
aspiersso, yeah :)16:22
eanderssonYea - I wasn't sure if that was the case.16:23
efriedokay, so look, I'm probably not going to be able to +2 the super-libvirty things in that series, but as long as you've got folks like alex_xu and stephenfin to look, I guess you should be okay.16:24
sean-k-mooneyeandersson: worst case it just wont have a stack trace pointing to where it was thrown16:24
sean-k-mooneybecause it was not raised16:24
*** ganso has quit IRC16:24
sean-k-mooneybest case it will have a stack trace that point to where it was constucted16:24
sean-k-mooneywhich is basically where we would have raised it before16:24
openstackgerritVladyslav Drok proposed openstack/nova master: [libvirt] Check if domain is persistent on cleanup  https://review.opendev.org/67333216:25
aspiersefried: I've added them. Next one is https://review.opendev.org/#/c/638680/ which you were previously +2 on. I think pretty much only changes since then have been to fix your nits and rebase16:25
aspiersPS27 was +2 W+116:26
efriedack. I've been procrastinating due to the prereqs. Was hoping to dive in again this week.16:27
aspiersefried: oh, and also fixing tests which never got run before: https://review.opendev.org/#/c/638680/30..31/nova/tests/functional/libvirt/test_report_cpu_traits.py16:27
*** tesseract has quit IRC16:28
aspiersso if you're happy with that ^^ and trust my rebasing skills then I guess it should be easy to recycle your previous +2 W+116:28
*** brault has quit IRC16:29
sean-k-mooneyeandersson: efried  based on a simple test in the repel it will have no traceback16:29
sean-k-mooney>>> val_error = ValueError()16:29
sean-k-mooney>>> val_error.__traceback__16:29
sean-k-mooney>>>16:29
sean-k-mooney>>> raise val_error16:30
sean-k-mooneyTraceback (most recent call last):16:30
sean-k-mooney  File "<stdin>", line 1, in <module>16:30
sean-k-mooneyValueError16:30
sean-k-mooney>>> val_error.__traceback__16:30
sean-k-mooney<traceback object at 0x7fc44ac5db48>16:30
efriedaspiers: yup. But urgency again reduced by the fact that there's a big not-reviewable-by-me thingy in front of it again/still.16:30
sean-k-mooneyso it looks like the tracback is only compute when its raised16:30
efriedsean-k-mooney: ack, but that only matters if the traceback is being used somewhere up the chain16:30
efriedwhich afaict it isn't.16:31
efriedall we're doing is printing the exception16:31
efriedwhich is the same whether it's raised or not.16:31
sean-k-mooneyits not its just being logged16:31
efriedright16:31
*** jangutter has quit IRC16:31
sean-k-mooneyso i dont know if we care16:31
efriedI didn't -1 before16:31
efriedright, I don't know either.16:31
sean-k-mooneyi think we dont16:31
efriedI would have accepted either explanation, really.16:31
sean-k-mooneyjust you were asking if they were the same and they technically arnt16:31
efriedEven if we want to say "this is future proofing in case someone wants to print this stack trace somewhere"16:32
sean-k-mooneybut not in a way that matters for our usecase16:32
efried++ thanks for the clarification.16:32
sean-k-mooneyill copy that example into a comment and change my +0 to a +116:32
*** epoojad1 has joined #openstack-nova16:35
*** N3l1x has joined #openstack-nova16:43
*** ivve has joined #openstack-nova16:52
mriedemeandersson: re https://review.opendev.org/#/c/672855/ i might write a functional regression test for the issue (separate patch) and stack your change on top16:53
mriedemthat code is too shitty for just unit tests16:53
eanderssonYea that would be great16:54
eanderssonIt's a pretty big problem for services like Senlin if this happens16:54
eanderssonIt exposed a bug in Senlin as well of course16:54
mriedemi worry about a refactor of that code in the future to remove the non-reschedule logic to drop the error handling16:55
*** ganso has joined #openstack-nova16:56
sean-k-mooneyit is certenly not the most intuitive code i have seen16:56
mriedemyears and years of piling more stuff into it16:56
*** udesale has quit IRC16:57
*** cdent has quit IRC16:57
sean-k-mooneyeandersson: well its a problem in general. senlin is proably more sensitive but haveing a server always in build and nerver erroring out becasue we miseed that exception being raised is going to break alot of workflows16:58
*** ivve has quit IRC16:59
sean-k-mooneyeandersson: if you use something like heat that had a timeout onf the whole heat stack create process it would clean it up but only after doing a lot of work that got thrown away and after waiting for the timeout to fire16:59
mriedemok i'm going to get lunch and then i'll write a functional regression test and rebase the fix on top16:59
*** igordc has joined #openstack-nova16:59
*** derekh has quit IRC17:00
openstackgerritsean mooney proposed openstack/nova master: Libvirt: add support for vPMU configuration.  https://review.opendev.org/67133817:07
*** xek has quit IRC17:07
*** xek has joined #openstack-nova17:08
sean-k-mooneystephenfin: by the way when your back from PTO tommorow can you take a look at this os-vif change i wrote https://review.opendev.org/#/c/672834/17:08
openstackgerritDustin Cowles proposed openstack/nova master: WIP: Provider config file  https://review.opendev.org/67334117:12
*** artom has quit IRC17:14
efriedsean-k-mooney: https://review.opendev.org/#/c/666604/ I think I may have said the same thing as you, in different words...17:17
* sean-k-mooney reads17:17
sean-k-mooneymore or less yes17:18
efriedokay, cool17:19
sean-k-mooneyim not sure if we store teh compute capablities in the nova db or if they only live in memory in the compute agent17:20
sean-k-mooneythat said i think they must be in the db for the compute capbalites fiter to work17:20
*** vishwanathj has quit IRC17:21
openstackgerritMerged openstack/nova master: libvirt: harden Host.get_domain_capabilities()  https://review.opendev.org/67018917:21
sean-k-mooneyso its not really clear to me if 1 the info is avialble outside the compute node and 2 if retriving the info from placmenet would be cheaper then an rpc or db call. (ignoring if the traits is a thing we want for the sake of argument)17:22
*** dpawlik has joined #openstack-nova17:22
sean-k-mooneyyou could proably retrive it form placement in 1 call by looking the RP up by name which should match the instance.host17:23
sean-k-mooneyand if you pull back the full RP i assume that would contian the traits too17:24
*** ricolin_ has quit IRC17:24
*** ralonsoh has quit IRC17:25
sean-k-mooneyactully your right it would need 2 quires17:26
sean-k-mooneysince we just have the link to the traits endpoint and not the tratis in the responce from /resource_providers?name={instance.host}17:27
openstackgerritEric Fried proposed openstack/nova master: Move adding vlans to interfaces to privsep.  https://review.opendev.org/63543617:34
*** vishwanathj has joined #openstack-nova17:39
*** whoami-rajat has joined #openstack-nova17:40
*** artom has joined #openstack-nova17:44
*** trident has quit IRC17:47
*** trident has joined #openstack-nova17:51
mriedemsean-k-mooney: it's not available outside the compute node17:54
mriedemand not stored *in* the compute node object17:54
mriedemas i said in my reply to chris, a pre-filter might not make sense17:55
mriedemit would likely be logic in the api itself17:55
mriedemto either ignore or not the current instance.host17:55
mriedemthis is also a super latent issue and at the bottom of my priority list17:56
sean-k-mooneyok i was guessing it was someing like that. e.g. not available out side of the compute18:09
sean-k-mooneya trait on the RP would be less expensive to check then intoducing a new rpc call18:10
mriedemand consistent with all of the compute capabilities as traits stuff we've been doing since rocky18:14
sean-k-mooneyya im aware of the other traits but i was not sure if we did it that way only because they are only available on the compute node or because they are usefult to schdule on18:23
sean-k-mooneye.g. the multi attach trait is useful to shcduler on if you are booting with a multi attach volume18:24
sean-k-mooneybut im not sure i see a usecase for passing this new trait as a requried trait on boot but i understand how it coudl be used on migrate/resize18:25
sean-k-mooneymaybe there is a usecase where you would want to require it on spawn but it just felt a little different then the other capablity traits we have18:25
aspiersbig achievement just unlocked: booting a fully functional SEV guest via nova18:27
aspiersthat only took what - 9 months?18:27
sean-k-mooney:)18:28
sean-k-mooneyyou mean you didnt hardcode it quickly to test it works 9 months ago18:28
sean-k-mooneyhehe when im doing stuff that requires new xml i have often hard coded enabling the featuer just in the compute ndoe to make sure it actully can boot followint the upstream(libvirt/qemu) docs then work backwards to figure out how to report it to the RT/schduler and how to request it form the api18:30
sean-k-mooneyjust to sanity check that teh libvirt/qemu part works as expected.18:31
sean-k-mooneyso i dont spend 9 months trying to enable somthing that broken.18:31
* sean-k-mooney past expeirnce with preproduction hadware has told me to not trust docs until you see it working with your own eyes18:33
aspierssean-k-mooney: we already had other guys boot it successfully without nova18:40
aspierssean-k-mooney: the reference XML is even linked from the SEV nova spec18:40
aspierspersuading nova to achieve a working config was the hard bit18:40
sean-k-mooneysure it just make me feel better when i do it myself pluse the xml generation is usually the simplest part18:40
aspierssince the reference XMLs were not generated from nova, therefore it was a question of gradually shrinking the differences until nova generated a working config18:41
aspierslike boring from opposite ends of a tunnel and meeting in the middle18:41
aspiersnow I have like 2 days to backport the whole thing to rocky18:42
* aspiers laughs hysterically ... or maybe it's crying18:42
sean-k-mooneyyour goign to backport it before it merges18:43
aspiersyes just for this demo18:44
aspiersdownstream only18:44
aspiersthe backport would never get accepted upstream anyway18:44
sean-k-mooneywell yes but if its a demo i would personally use master18:46
sean-k-mooneyit would make your life a lot simpler18:46
aspiersit won't because SUSE OpenStack Cloud doesn't run on master18:53
aspiershaving said that, plan B will just be to use devstack I guess18:54
sean-k-mooneyaspiers: i was assuming you would demo with devstack yes18:55
sean-k-mooneyi fixed the typos you spotted in the vpmu patch by the way.18:55
sean-k-mooneyim going to go have dinner so talk to you tomorow/later18:56
openstackgerritGage Hugo proposed openstack/nova master: Update config doc policy file type  https://review.opendev.org/67334919:00
*** maciejjozefczyk has quit IRC19:14
aspierssean-k-mooney: thanks19:14
aspierssomething in my devstack changed and now I get this when I try to delete instances:19:15
aspiersERROR oslo_messaging.rpc.server RemoteError: Remote error: IncompatibleObjectVersion Version 1.1 of ConsoleAuthToken is not supported, supported version is 1.019:15
aspiersI know that's an OVO thing, but I have no idea how to fix it except for redeploying devstack which would take ages and hose a bunch of setup I want to keep - any ideas?19:15
aspiersah, I see the patch which added 1.1 recently - that explains why it happened, but not how I can migrate my objects19:16
* aspiers reads https://docs.openstack.org/oslo.versionedobjects/latest/19:20
aspiersdoh, I just had to restart *all* nova services19:24
aspiersmust have been a mismatch with n-cpu19:24
* aspiers goes for dinner too19:26
openstackgerritEric Fried proposed openstack/nova-specs master: tox -e fast-specs  https://review.opendev.org/67335619:35
efriedsean-k-mooney, mriedem: as we discussed the other day ^19:35
efriedstephenfin: that probably wants your sphinx expertise ^19:36
openstackgerritErik Olof Gunnar Andersson proposed openstack/nova master: Cleanup when hitting MaxRetriesExceeded from no host_available  https://review.opendev.org/67285519:37
openstackgerritMatt Riedemann proposed openstack/nova master: Add functional regression test for bug 1837955  https://review.opendev.org/67335719:39
openstackbug 1837955 in OpenStack Compute (nova) "MaxRetriesExceeded sometime fails with messaging exception" [Medium,In progress] https://launchpad.net/bugs/1837955 - Assigned to Erik Olof Gunnar Andersson (eandersson)19:39
mriedemeandersson: efried: sean-k-mooney: ^ here is the functional test, i'll rebase the fix on top of it - was kind of a pain to make sure it would work on queens19:39
openstackgerritMatt Riedemann proposed openstack/nova master: Cleanup when hitting MaxRetriesExceeded from no host_available  https://review.opendev.org/67285519:42
mriedemrebased19:42
*** brault has joined #openstack-nova19:56
*** jmlowe has joined #openstack-nova19:57
*** vishwanathj has quit IRC19:58
*** brault has quit IRC20:00
*** vishwanathj has joined #openstack-nova20:06
openstackgerritEric Fried proposed openstack/nova master: Cleanup when hitting MaxRetriesExceeded from no host_available  https://review.opendev.org/67285520:08
*** belmoreira has joined #openstack-nova20:09
eanderssonThanks efried20:09
efriedthanks for the fix20:09
efriednow we just need someone to send mriedem's test20:09
*** jmlowe has quit IRC20:14
sean-k-mooneydumb question but we have a bunch of tempest test that end in TestJSON what makes them different form normal tempest tests. are then calling the api with json payloads or somthing?20:28
*** slaweq has quit IRC20:35
*** whoami-rajat has quit IRC20:39
sean-k-mooney... i is confused20:43
sean-k-mooneythe tempest-fully-py3 job supports depends-on against neutron patches right20:43
*** xek has quit IRC20:43
sean-k-mooneybecause my patch failed with an error message i deleted form the neutron code base so it really looks like it didnt work20:44
sean-k-mooneyyat http://logs.openstack.org/32/602432/12/check/tempest-full-py3/39b553b/job-output.txt.gz#_2019-07-23_17_51_24_263888 it looks like it didnt check out my patch20:45
sean-k-mooneyyep it ran with master ... http://logs.openstack.org/32/602432/12/check/tempest-full-py3/39b553b/job-output.txt.gz#_2019-07-23_17_54_02_35211020:46
*** trident has quit IRC20:49
*** trident has joined #openstack-nova20:52
openstackgerritsean mooney proposed openstack/nova master: libvirt: delegate ovs plug to os-vif  https://review.opendev.org/60243221:01
*** rafaeldtinoco has left #openstack-nova21:13
eanderssonbtw is it just RamFilter that is being removed? Or is AggregateRamFilter being removed as well?21:16
eanderssonBecause I see AggregateRamFilter is still a thing in Stein21:16
*** belmoreira has quit IRC21:17
sean-k-mooneyboth21:17
sean-k-mooneyand the core and disk filter both aggreagte and non aggrate forms21:18
sean-k-mooneyeandersson: all 6 filter have been depreacted since ocata21:18
sean-k-mooneywe removed the caching scudler i think in stien which was the last valid usecase for them21:19
eanderssonI see21:19
sean-k-mooneywe still actully have the filter on master but i dont think they work properly anymore21:20
eanderssonI did like how you could orchestrate aggregates21:20
sean-k-mooneyyou can still do that in a sligtly different way via placmenet21:21
*** dpawlik has quit IRC21:21
sean-k-mooneybut its perfromce before did nto scale well and there were a bunch of edgcases21:21
sean-k-mooneyit looks like https://github.com/openstack/nova/commit/78645e61c63bf042453d1f822ae8b3f1ee6a311b missed the aggrate versions21:22
openstackgerritArtom Lifshitz proposed openstack/nova master: [WIP-until-series-is-ready] Introduce live_migration_claim()  https://review.opendev.org/63566921:22
openstackgerritArtom Lifshitz proposed openstack/nova master: New objects for NUMA live migration  https://review.opendev.org/63482721:22
openstackgerritArtom Lifshitz proposed openstack/nova master: LM: add support for augmenting migrate_data with info from claims  https://review.opendev.org/63482821:22
openstackgerritArtom Lifshitz proposed openstack/nova master: LM: add support for updating NUMA-related XML on the source  https://review.opendev.org/63522921:22
openstackgerritArtom Lifshitz proposed openstack/nova master: RPC changes to prepare for NUMA live migration  https://review.opendev.org/63460521:22
openstackgerritArtom Lifshitz proposed openstack/nova master: NUMA live migration support  https://review.opendev.org/63460621:22
openstackgerritArtom Lifshitz proposed openstack/nova master: Deprecate CONF.workarounds.enable_numa_live_migration  https://review.opendev.org/64002121:22
openstackgerritArtom Lifshitz proposed openstack/nova master: [WIP] Functional test for NUMA live migration  https://review.opendev.org/67259521:22
artomProbably broke a whole bunch of unit tests with that, will let CI tell me what's up.21:23
artomBut the problems that were left at the end of Stein have been fixed21:25
sean-k-mooneythe main one was saving the updated xml right21:32
sean-k-mooneywhen i tested it at the end of stien it more or less worked bar the quirk21:33
artomThe two problems were: 1. not saving the new instance_numa_topology 2. If the resource audit ran during the LM, it wouldn't pick up the migrating instance, and would remove its resources from usage21:34
sean-k-mooneyoh ok and they are fixed in the patches you just pushed21:35
sean-k-mooneyim going to redeploy my 2 node ovn setup to something more more useful21:36
artomYeah. But like I said, I probably broke other things, just by changing some method names and removing that PinMapping object21:36
sean-k-mooneyshould i pull down your latest patches and give them a try?21:36
artomNot yet :)21:36
artomI'll email the ML when it's ready (should be this week)21:36
artomI know Windriver (and Cisco too, apparently?) would like to test it out21:37
sean-k-mooneyok i might try and test numa + sriov next week21:37
sean-k-mooneyi havent powered up my physical server since the sriov stuff merged but it would be nice to test both together21:37
sean-k-mooneyideally if we can get your numa stuff merged soon ish i can then test stephens cpu pinning change too21:39
artomHis thing was surprisingly quick21:41
artomGiven the upgrade impact, I was expecting it to take longer21:41
sean-k-mooneythe PCUs in placement changes21:41
artomYeah21:42
*** betherly has joined #openstack-nova21:42
sean-k-mooneywell the fact we dont have numa this cycle signifcatly redues the upgrade impact21:42
sean-k-mooneybut i als dont know if the reshap is fully working yet21:42
sean-k-mooneyi think it is but there was still one edgecase that stephen was looking into21:43
sean-k-mooneynot with the reshap but with the schduler handeling old instance or host topologies21:43
*** tetsuro has joined #openstack-nova21:45
*** betherly has quit IRC21:47
*** betherly has joined #openstack-nova21:48
* artom heads home21:50
mriedemsean-k-mooney: eandersson: the Aggregate filters are not deprecated21:51
mriedemotherwise the docs would say so https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#compute-filters21:51
sean-k-mooneymriedem: the aggreate filters dont work anymore because the limmits set in the aggreate metadata are ignored by placmenet21:52
sean-k-mooneyso you have to set the limits on all the compute nodes or viat the placement api instead21:52
mriedemi realize, i wrote these docs https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#allocation-ratios21:52
eanderssonThey kinda work21:52
eanderssonI mean they work for us because computes are misconfigured21:53
*** betherly has quit IRC21:53
mriedemi don't know why we didn't deprecate the aggregate filters when the others were deprecated, probably different timelines21:53
*** artom has quit IRC21:54
sean-k-mooneywhen we found that bug and melwitt sent http://lists.openstack.org/pipermail/openstack-dev/2018-January/126283.html i thought that was use signeling the depreacation21:54
mriedemsean-k-mooney: tempest TestJson is a remnant from when we had xml api testing21:54
sean-k-mooneywe also have that gian warning https://docs.openstack.org/nova/latest/admin/configuration/schedulers.html#scheduling-considerations21:55
sean-k-mooneymriedem: ah ok21:55
mriedemsean-k-mooney: well i guess no one bothered to follow up and actually deprecate those filters21:55
sean-k-mooneyi rembere there was an xml api and i never used it21:55
mriedemi deprecated the core/ram/disk filters since those were clearly no longer useful outside of the caching scheduler21:55
sean-k-mooneymriedem: ok am can we do it in train and kill them in U then?21:55
mriedemi would ask in the ML b/c that is a bunch of context i don't have loaded into my head right now21:56
sean-k-mooneyright and as you noted ironic stoped reporting the cpus ram and disk so they activly were broken with ironic as of stien21:56
mriedemnoted in my commit message you mean21:56
sean-k-mooneyyes21:56
mriedemeandersson: also fyi https://review.opendev.org/#/c/640898/ - an osc command to update allocation ratios on provider aggregates21:57
mriedemit's been hung up in how to actually write the command using osc conventions21:57
*** BjoernT has quit IRC21:59
sean-k-mooneyspeaking of osc my patch for adding evacuate to osc https://review.opendev.org/#/c/643578/22:01
sean-k-mooneyi havent looked at it in a while but ill try to get back to it soon ish22:02
mriedemthere are unanswered comments in there22:02
mriedemmainly that dansmith wanted to continue calling it evacuate to avoid different names all over the place22:02
sean-k-mooneyi think ill mail the list and ask for feedback on the way forward vs nameing22:02
sean-k-mooneyya22:02
sean-k-mooneyi am ok to do that i did care more earlier but i would prefer to land a command rather then none22:03
sean-k-mooneyif people want too keep using evacuate then i guest that is fine.22:03
sean-k-mooneybut ill email the list tomorrow.22:04
sean-k-mooneyif i rememebr ill email the list about deprecating those filter too22:04
sean-k-mooneyhum we are still sometimes getting "Could not open '/opt/stack/data/nova/instances/69509dd0-a86f-4efe-997c-986a076e4a5d/disk': No such file or directory\n"" issue in gate jobs22:06
*** mvkr has joined #openstack-nova22:06
*** mriedem has quit IRC22:11
*** mlavalle has quit IRC22:16
sean-k-mooneymdbooth: is http://logs.openstack.org/58/640258/10/check/neutron-tempest-dvr/922e7e9/controller/logs/screen-n-cpu.txt.gz#_Jul_29_21_20_26_895955 the same as the downstream bug https://bugzilla.redhat.com/show_bug.cgi?id=1445391 i noticed that we fail to resize the image way earlier22:20
openstacksean-k-mooney: Error: Error getting bugzilla.redhat.com bug #1445391: NotPermitted22:20
sean-k-mooneyhttp://logs.openstack.org/58/640258/10/check/neutron-tempest-dvr/922e7e9/controller/logs/screen-n-cpu.txt.gz#_Jul_29_21_20_05_626653 which makes me think it might be related.22:20
sean-k-mooneythat bug is private but the upstream version is https://bugs.launchpad.net/nova/+bug/168670322:21
openstackLaunchpad bug 1686703 in OpenStack Compute (nova) "Error in finish_migration results in image deletion on source with no copy" [Undecided,Won't fix]22:21
sean-k-mooneyi think that ^ can happen for just normal spawns too rather then requrieing resizes/migrations as it implies22:25
sean-k-mooneyat least if the upstream gate failure is the same thing it was not a move operations that triggered it so i think it can happen anytime a resize of the image fails22:26
sean-k-mooneyanyway night all o/22:26
efriedHaving gone on a spec abandoning rampage, /me calls it quits. o/22:27
sean-k-mooneyya i saw hehe o/22:27
*** tetsuro has quit IRC22:49
*** eharney has quit IRC22:51
*** tkajinam has joined #openstack-nova22:54
*** rcernin has joined #openstack-nova23:02
*** tjgresha has joined #openstack-nova23:08
*** bbowen has quit IRC23:17
*** avolkov has quit IRC23:40
*** huaqiang has quit IRC23:43
*** mdbooth_ has joined #openstack-nova23:58
« Sunday, 2019-07-28 Index Tuesday, 2019-07-30 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!