Wednesday, 2020-06-03

rouklooks like my issue is with kolla mixing up cell0? not sure.00:05
openstackgerrithulina proposed openstack/nova master: Nova raise exceptions when extending volume fails
openstackgerrithulina proposed openstack/nova master: Nova raise exceptions when extending volume fails
*** brinzhang_ is now known as brinzhang03:00
*** rcernin has joined #openstack-nova04:29
*** rcernin has joined #openstack-nova06:14
alex_xugibi: I and luyao huaqiang test the, it doesn't seems work for us, it is no audio. can we switch to zoom for nova ptg?06:26
*** slaweq has joined #openstack-nova06:51
*** tony_su has joined #openstack-nova07:22
*** jawad_axd has joined #openstack-nova07:23
*** tosky has joined #openstack-nova07:24
*** swp20 has quit IRC08:21
*** swp20 has joined #openstack-nova08:21
*** sapd1 has quit IRC08:57
fricklerlyarwood: not sure if you have seen it, devstack on focal is working fine now with these tests blacklisted
fricklerlyarwood: incidentally, one of them is also blacklisted on bionic for devstack-ceph-plugin. I'm going to build a ceph-focal job to verify the others, those did work fine in my local setup09:00
openstackLaunchpad bug 1876330 in devstack-plugin-ceph "Rescue BFV instances not working with ceph backend, Tempest new test failing" [Undecided,New] - Assigned to Lee Yarwood (lyarwood)09:01
stephenfinfrickler: lyarwood is on PTO for the next month (new baby)09:06
stephenfinjust FYI09:06
gibialex_xu: hi! did you tried zoom? does it work for you?09:16
*** songwenping_ has quit IRC09:16
*** maciejjozefczyk has joined #openstack-nova09:20
*** ociuhandu has quit IRC09:30
*** ociuhandu has joined #openstack-nova09:31
alex_xugibi: yes, zoom works for us09:41
*** ociuhandu has quit IRC09:42
*** ociuhandu has joined #openstack-nova09:42
gibialex_xu: OK. I will change the etherpads and drop a mail to ML that we switch. I hope zoom works for everyone09:42
alex_xugibi: thanks!09:43
bauzasgibi: alex_xu: sorry, just saw your discussions, you want to move from meetpad to zoom ?10:23
bauzasit's a bit unfortunate :(10:24
*** ociuhandu has quit IRC10:49
*** spatel has joined #openstack-nova11:14
*** links has quit IRC11:16
*** links has joined #openstack-nova11:17
*** mgariepy has joined #openstack-nova11:17
*** spatel has quit IRC11:19
*** songwenping__ has joined #openstack-nova12:01
*** ttsiouts has joined #openstack-nova12:03
*** songwenping_ has quit IRC12:04
stephenfinIt also seems they also have access to delete other users instances12:32
johnthetubaguythey have full access, as any user would12:32
johnthetubaguythat is the point of the work, to fix that problem12:32
johnthetubaguybut you have to opt into the new behviour12:32
johnthetubaguyadmin_or_owner meant, admin or anyone with any role in a project12:33
stephenfinI was about to ask12:33
stephenfinadmin_or_owner suggested admin or owner of resource (i.e. user that created server)12:33
stephenfinbut that's not the case, fun :)12:34
johnthetubaguyyeah, that is why I was so keen to get this done, the policy checks are basically non-sense by default12:34
johnthetubaguyto be clear, owner is the project12:34
johnthetubaguythe user only owns keypairs12:34
johnthetubaguywe have not changed that at all12:34
johnthetubaguy(there is a way to break your API and make the user sort of own things, but it was a compromise while we don't have hierarchical quotas)12:35
stephenfinOkay, I don't know how I never got that nuance reading the specs12:35
johnthetubaguythat is more the history of the API, project owns things, not users12:35
johnthetubaguy(expect keypairs)12:36
stephenfinso for everything != keypairs, admin_or_owner is really admin_or_project_member?12:36
johnthetubaguyif it worked properly, yes12:36
johnthetubaguyright now its admin_or_anyone_in_the_project12:36
stephenfinokay, cool12:37
sean-k-mooneyjohnthetubaguy: ya that is a bug12:37
stephenfinjohnthetubaguy++ thanks for the clarification. I'll try find somewhere to slot that into the docs12:37
sean-k-mooneyisnt there a patch to fix that12:38
*** martinkennelly has joined #openstack-nova12:38
johnthetubaguysean-k-mooney: which bit? the policy work last cycle was all to try and make this sane... eventually, after a transition period12:38
stephenfinsean-k-mooney: We have proper role-based policy support integrated now, if that's what you mean12:38
sean-k-mooneyjohnthetubaguy: there is a patch to make ti so that the reader role can not delete instances12:39
stephenfinthe work gmann and others did last cycle12:39
sean-k-mooneyi was looking at it last week i think it came up downstream and we were debaing if we caould backport it or not12:39
stephenfinsean-k-mooney: we're talking about the same thing here, I suspect12:40
stephenfinsean-k-mooney: read the scrollback12:40
stephenfintl;dr: the reader role is completely ignored until Ussuri and is then opt-in in Ussuri12:40
stephenfinall that matters is whether the user is an admin or a member of the project that the instance is part of12:41
sean-k-mooneybe consulting worte kcs articles of how to hack one in and our customer always mess it up12:41
sean-k-mooneyso it will be nice when we can jsut use the reader role in osp12:41
stephenfinso a user that is a member of project foo will be able to delete any instance in project foo, even if they only have the reader role12:42
sean-k-mooneystephenfin: well that is a bug12:42
sean-k-mooneyif a user is part of a project but only has the reader role they should not be able to delete the instnace12:42
sean-k-mooneyif the have teh member and reader role then the can12:43
sean-k-mooneybut if they only have the reader role they should not be able to do the delete12:43
sean-k-mooneythat was fixed by adding an new policy defintion12:43
sean-k-mooneyfor server delete12:43
sean-k-mooneythis one i think
stephenfinsean-k-mooney: that's my understanding, yes12:44
stephenfinthis was the policy-defaults-refresh blueprint12:44
gibinova session starts in 15 minutes12:45
gibiplease note that we switched back to Zoom12:45
sean-k-mooneystephenfin: this is what fixed it
sean-k-mooneyit changed form check_str=RULE_AOO, to check_str=base.PROJECT_MEMBER_OR_SYSTEM_ADMIN,12:46
stephenfinwhich was added by bee15b56814673e784ec18a7b92cbf4974fa662812:47
gibiit time13:00
gibiit is time13:00
artomThere's a meeting password?13:00
gmannstephenfin: yeah what johnthetubaguy mentioned. in addition we had few bugs where admin_owner was open to everyone because project_id was not passed as policy target which were fixed in our policy work in ussuri. you might get 404 from DB etc  but not 40313:05
liuyulonggibi, alex_xu, meetpad does not work fine if without a proxy. So I setup a socket5 proxy VM from a public cloud in Singapore, it does not work fine either. The voice of the meeting was not very clear.13:15
*** ociuhandu has joined #openstack-nova13:16
gibiliuyulong: thanks for the info. we switched to zoom13:17
gibidansmith: I'm glad you could join13:33
dansmithgibi: well, it is still just "connecting" and I have audio, but no video and no window to mute myself or anything like that13:34
dansmithand I can't quit :)13:34
gibidansmith: strange, the room run well so far13:34
dansmithhow many people are in it?13:34
*** huaqiang has quit IRC13:35
*** huaqiang has joined #openstack-nova13:39
gibidansmith: now you are in!13:40
dansmithgibi: on a different computer :/13:41
*** dklyle has joined #openstack-nova14:04
dansmithFor anyone that was suffering the same thing as me,14:08
dansmiththe only way I was able to get zoom to not hang on connect is to start zoom itself, grab the meeting ID out of the link, and join the conference by id instead of the automatic linky thing14:08
dansmithon my other machine just clicking the link works fine, so I dunno if it's a browser thing or a zoom thing or what14:08
mordredartom: left a comment on - thanks for working on that!14:12
gibisean-k-mooney: there is gallery view in the app (linux)14:12
artommordred, that was super quick, thank you!14:14
artommordred, so I'm just starting to audit the pre-2.72 stuff (that's where gtema said you stopped) in sdk and catching it up with WIP patches where I can14:15
mordredartom: cool14:15
sean-k-mooneygibi: yep that is what i was looking for14:16
gibisean-k-mooney: I'm usign the deb package from the zoom webpage14:17
sean-k-mooneyya i might try that just installed the flatpak14:18
sean-k-mooneyif it does not work ill grab the deb14:18
sean-k-mooneyhehe yes i can definetly typo lots of stuff14:23
*** hamalq has joined #openstack-nova14:27
rouksean-k-mooney I narrowed down that metadata issue, it gets fixed when I point nova-api to nova db instead of nova_cell0, it's not selecting the cell for some reason in a single cell deployment (which has 2 now, cause cell0 is mandatory), where does the cell db get selected? Everything else seemed to go to the right place, but block_device_mapping reads are going to a different db than writes.14:29
*** lpetrut has quit IRC14:30
roukSo... What's the fix? Is it broken? Am I using it wrong?14:37
sean-k-mooneysorry im currently in the nova call. but ill try and take a look when its done14:38
roukYeah sure thing, for now I have nova-api configured to use the nova db, instead of nova_cell0, which "fixes" the issue for now. But maybe that breaks other things I'm not aware of. It's just a dev location so I don't mind if I destroy the db.14:39
sean-k-mooneythat will only work for a singel cell deployment14:41
sean-k-mooneyyou can deploy the metadata serivce seperatly and you can deploy a different metata api instance per cell14:41
roukNew data shows up in nova, API tries to read it from nova_cell0 and never sees it.14:47
sean-k-mooneyso the correct work around is to deploy a seperate metadta service and point it to the cell db14:55
sean-k-mooneybut keep the nova-api actully poining only at the api db14:56
sean-k-mooneybut we should look into this and try and fix it so that is not required14:56
roukYeah. I'll look into deploying metadata separate, not sure how/if kolla has it supported yet, but I'll figure it out. Anything I can do to help fix the issue upstream?15:00
roukAlso have i screwed my db by pointing directly at the nova db on nova-api and nova-scheduler?15:04
roukAs that current workaround didn't have much thought put into the consequences15:04
*** tetsuro has quit IRC15:05
*** mlavalle has quit IRC15:07
sean-k-mooneydansmith: ^ the api db should not point directly to the cell db right. it looks like the block device mapping are only in the cell db so they are missing form the metadata responce15:16
sean-k-mooneypointing nova-api at the cell db instead of cell0 seams to fix it but obvioly not the right thing to do15:17
sean-k-mooneythe workaround im suggesting is deploy a seperate metadta api and have it point to the cell db for now15:17
sean-k-mooneyrouk: i think we are just not correctly downcalling form the api to the cell db to get this info15:18
*** trident has quit IRC16:09
*** trident has joined #openstack-nova16:12
johnthetubaguylbragstad: yeah, just saying it was good it landed17:14
lbragstadgmann johnthetubaguy i tried joining, but i was a late17:14
*** huaqiang has quit IRC17:14
lbragstadis there anything that we can take out of that discussion?17:14
gmannlbragstad: few things we discussed during oslo-nova session on Monday17:19
gmannon json format stuff17:19
gmannlbragstad: L80 -
*** ravsingh has quit IRC17:20
gmannespecially how to migrate json format to yaml in smooth way17:21
lbragstadgmann ah - yeah17:21
sean-k-mooneyrouk: well you only have one cell so i would leave the main api pointing to the api db/cell 0 and have the seperate metadata service point to the singel cell17:27
sean-k-mooneykolla does support a spereate metadtaa api i belive so that should be doable. i think17:28
roukyeah, but i dont know how to set up a separate metadata service, docs arent really specific on what to do, and id have to understand the process before i can add it to kolla.17:28
rouki dont see any tasks for it in kolla17:28
sean-k-mooneyya just looked too it looks like they dont support it17:31
roukyeah, so im debating between adding support for it, which... theres little docs other than spec drawing for me to implement it, or just leaving nova-api on wrong db till i need multi-cell or the nova bug is fixed17:32
sean-k-mooneyto point to your nova db which is cell 117:32
sean-k-mooneyand ytou are not changin [api_database]/connection17:33
sean-k-mooneyim not sure if that would implcitly be harmful17:33
sean-k-mooneyrouk: the schelder shoudl not need to be modifed by the way17:34
sean-k-mooneyit would only be nova-api17:34
roukyeah, i need to revert that change, kolla puts them onto the same config, i need to make my change more specific and split it up a bit17:34
sean-k-mooneyya that is simple to do with kolla17:35
roukyeah, just going to do a nova-api.conf override17:35
sean-k-mooneyi really like there config override system17:36
sean-k-mooneyyou know htat you can use jinja varables in your config overrides too17:36
sean-k-mooneyso you can put connection = mysql+pymysql://{{ nova_cell0_database_user }}:{{ nova_cell0_database_password }}@{{ nova_cell0_database_address }}/{{ nova_cell0_database_name }}17:37
sean-k-mooneymax_pool_size = 5017:37
sean-k-mooneyin your config17:38
sean-k-mooneyand just change teh {{nova_cell0_database_name}} bit17:38
roukyep, already got the template change written when i overrode the .j2 file originally, just copying my change into nova-api instead17:38
sean-k-mooneyrouk: sure just making sure you know the {{}} syntax works most people dont realise that the overrides are processed as jinja templates too17:39
rouki hope i dont have to write nova-api-metadata myself for victoria or something, since yeah, ill probably need per-cell metadata soon, one site will be extending past 100 hypervisors eventually. metadata will probably be fiiiine till 200 hypervisors before i start having perf issues.17:41
roukhow bad will the fix be on the nova side to fix single metadata?17:42
sean-k-mooneyrouk: you can run multiple instance of thte metadta service today with kolla17:42
sean-k-mooneyso you should be fine well beyond 200 instance provided you configure memcache to cache between the differen metadata services17:43
roukyeah, i have a bunch, its just going to suck when theyre spread over geographic locations, or large networks. im talking 200+ hypervisors, 100-200 instances each17:43
roukright now im at 80something hypervisors.17:43
sean-k-mooneyrouk: but regarding the fix sinc e i have not looked at why we are not geting the info form the cell db im not sure but i suspect it should not be supper invaisve to fix17:43
roukshould i open a bug for tracking?17:44
sean-k-mooneyyes definetly17:44
roukalright, ill have that up once i have my kolla change deployed and verify my users are happy.17:46
openstackLaunchpad bug 1881944 in OpenStack Compute (nova) "nova-api returns empty block-device-mapping in metadata queries" [Undecided,New]18:08
josephillipssomeone with idea of how to solve this The instance sync for host 'Computenode' did not match. Re-created its InstanceList.18:08
josephillipshappend eventualy18:08
josephillipsi had a issue with placement api that is already resolved18:10
josephillipsbut this is the one error left on scheduler18:10
artommordred, hey, the functional tests in sdk - they hit a real devstack-deployed cloud in some of the zuul jobs in CI, right?18:20
artomOr am I completely misunderstanding the code?18:20
mordredartom: yup, that's right18:32
artommordred, cool, thanks. That was one of the points that came out of the discussion on the nova room this morning - how to test the SDK in CI18:33
artomGood to know there's a framework already in place18:33
artomThough I think no multinode testing, right? So live migration for instance isn't tested18:33
mordredartom: all of the openstacksdk-functional-* jobs (and everything in openstack/tests/functional run against devstack18:33
mordredartom: that's right - but I imagine if there is a multi-node devstack job that sets up multinode it would not be hard to add one18:34
artommordred, yeah, working on that now.18:34
artom(If it seems disorganized, that's because it is)18:34
mordredyou're describing my life :)18:34
artom(Expect a flurry of WIP patches as I organise my thoughts by working trough them)18:34
mordredartom: looking forward to them18:35
artommordred, awesome, thanks18:35
mordredartom: fwiw - we *always* run nova tests no matter what the devstack config is but we have a bunch of different devstack configs - so with neutron advanced services, with magnum, with senlin, with masakari etc18:35
artomI gotta take the kiddos to the park first though :P18:36
mordredbut none of those configs don't have nova18:36
artommordred, that sounds reasonnable18:36
dansmithartom: mordred: sounds like that's what we're looking for, and important to note that (apparently) sdk functional is more like nova integrated18:39
*** vishalmanchanda has quit IRC19:13
alex_xusean-k-mooney: gibi sorry, just saw yulong's message, I tried chrome, but I think it is network issue. With intel proxy doesn't work, without proxy even can't open the page. but anyway we already switch to zoom :)19:23
*** TobbeCN has quit IRC19:24
*** songwenping_ has quit IRC21:07
CeeMacI'm trying to confirm some details on what exactly 'active' means in context to (I believe) how nova-usage reports cpu-hours, gb-hours etc to horizon for Admin | Overview | Usage Summary. My original understanding was that 'Active' equated to time instances spent in 'running' state it appears that may not be the case. Is anyone able to confirm as what documentation I could find wasn't clear.21:42
CeeMacWhen looking at usage over a period e.g for the previous month.21:43
*** mriedem has left #openstack-nova21:49
CeeMacDigging in to the api it looks like  'active' may relate to 'server_usages.state' but I can't find a list of alternative values to give that context. For example is an instance 'active' when it is shutdown, does it need to be shelved or deleted to change from 'active' state and not accumulate usage values?21:57
sean-k-mooneyartom: if you need a multi node devstack just change the nodepool nodeset22:15
sean-k-mooneythe devstack ansiable playbooks support muiltnode so it shoudl be easy to make the jobs multinode22:16
sean-k-mooneyCeeMac: i think that is correct for CPUs but i think Ram and disk might be different22:18
sean-k-mooneyshelving is intented to be the way for tenant to consume less resouces when a vm is not activly needed22:19
sean-k-mooneyin a public cloud when an instnace is shelved you are normally only changed for the disk usage in glance and not the cpu/ram/devices consumed by the flavor22:19
sean-k-mooneysince shut down vms still consume the cpu/ram/disk from a billing/usage point of view its more or less the same as if its running22:20
CeeMacThanks sean-k-mooney, I've just found a list of states in the api-ref parameters file. Just need to work out where the logic is queried so I can validate which of the states are 'counted', but in the interim I'll look into shelving options and document that up for our users.22:40
*** spatel has quit IRC22:40
CeeMacI guess while the instance is 'there' its effectively holding a reservation against the CPU and ram resources? Hence its metered for prospective billing/accounting purposes.22:42
melwittCeeMac: afaict, the state is not considered, it's only the launched_at/terminated_at so shelving would be the way to stop/resume usage22:48
melwittand you are correct, while the instance exists it is holding a reservation against resources. even when it's shut down22:52
melwittthe shelve API was added to provide an easier way to remove/restore an instance from holding resources22:53
CeeMacThanks melwitt that seems to confirm it. OK, shelving it is then!22:53
CeeMacI like to try and understand the logic behind things when/where I can :)22:54
melwitt+1 :)22:55
CeeMacOh, I remember reading about this a while back actually. Do you happen to recall the setting for how long an instance can remain shelved before it gets offloaded / deleted and what the default is?23:00
melwittdefault is 0 for immediate offload23:02
josephillipsmelwitt:  taking the oportunity about shelved offload23:02
josephillipsis posible configure if a image is shelved move the storage backend too?23:03
melwittnot completely sure I understand the question but if you shelved a volume backed instance it will snapshot the volume as well23:06
josephillipsbut will keep on the same backend23:06
josephillipsexample if i shelved a image23:06
josephillipsa vm sorry23:06
josephillipsis a waste of resource keep on SSD23:06
josephillipsi prefer move the volumes to a HDD backend23:07
josephillipsthis is posible?23:07
melwittoh, I see. I'm afraid I don't know if there's a way to do that23:08
CeeMacSo once the instance is offloaded there is another timer before it is completely deleted? Or it will stay shelved indefinitely?23:09
*** factor has joined #openstack-nova23:09
CeeMacI seem to recall seeing a reference to that but can't find it now23:09
melwittjosephillips: I'm thinking I wonder if you could do like a volume migrate via the cinder API to accomplish that, after it's been shelved23:09
josephillipsyeah is possible doing via cinder manually23:10
josephillipsthe idea is doing automatically23:10
josephillipsvia horizon23:10
melwittoh, ok, yeah sorry. it would "seem" that could be a relatively easy thing to add to osc/horizon as kind of a batch operation23:11
melwittCeeMac: I think it stays shelved indefinitely23:12
CeeMacGreat, thanks. I'll experiment some tomorrow. Sleep now :)23:14
CeeMacThanks again for the help/info23:15
melwittnp, gnight o/23:15
*** spatel has joined #openstack-nova23:18
