Tuesday, 2021-03-16

« Monday, 2021-03-15 Index Wednesday, 2021-03-17 »
*** macz_ has joined #openstack-nova00:00
openstackgerritMerged openstack/nova master: libvirt: Add guest generation for vDPA  https://review.opendev.org/c/openstack/nova/+/77053200:03
*** macz_ has quit IRC00:04
openstackgerritVlad Gusev proposed openstack/nova stable/stein: Use subqueryload() instead of joinedload() for (system_)metadata  https://review.opendev.org/c/openstack/nova/+/76181200:13
*** tosky has quit IRC00:35
brinzhangbauzas, gibi: hope we can continue to discuss the question with add accel_uuids in periodic task (_poll_shelved_instances) while you are all online, thanks00:47
*** ociuhandu has joined #openstack-nova00:47
*** ociuhandu has quit IRC01:00
*** brinzhang_ has joined #openstack-nova01:03
*** dpawlik6 has joined #openstack-nova01:04
*** lemko5 has joined #openstack-nova01:04
*** sapd1 has quit IRC01:05
*** lemko has quit IRC01:12
*** brinzhang has quit IRC01:12
*** dpawlik has quit IRC01:12
*** lemko5 is now known as lemko01:13
*** dpawlik6 is now known as dpawlik01:13
*** jamesdenton has quit IRC01:22
*** jamesdenton has joined #openstack-nova01:22
*** hamalq has quit IRC01:23
*** mlavalle has quit IRC01:43
*** mkrai has joined #openstack-nova01:59
*** rcernin has quit IRC02:37
*** sean-k-mooney has quit IRC02:48
*** sean-k-mooney has joined #openstack-nova02:50
*** kd has joined #openstack-nova03:03
*** k-s-dean has quit IRC03:04
*** k-s-dean has joined #openstack-nova03:06
*** kd has quit IRC03:08
*** k-s-dean has quit IRC03:18
*** rcernin has joined #openstack-nova03:19
*** whoami-rajat_ has joined #openstack-nova03:24
*** rcernin has quit IRC03:26
*** rcernin has joined #openstack-nova03:31
*** psachin has joined #openstack-nova03:38
*** mkrai has quit IRC03:43
*** DinaBelova has quit IRC03:49
*** DinaBelova has joined #openstack-nova03:53
*** mkrai has joined #openstack-nova03:55
*** zzzeek has quit IRC04:18
*** sean-k-mooney has quit IRC04:21
*** zzzeek has joined #openstack-nova04:22
*** ociuhandu has joined #openstack-nova04:24
*** ociuhandu has quit IRC04:30
*** ratailor has joined #openstack-nova04:33
*** vishalmanchanda has joined #openstack-nova04:33
*** dviroel has quit IRC05:02
*** links has joined #openstack-nova05:15
*** jamesdenton has quit IRC05:21
*** jamesden_ has joined #openstack-nova05:22
*** khomesh24 has joined #openstack-nova06:01
*** k_mouza has joined #openstack-nova06:06
*** k_mouza has quit IRC06:10
*** ociuhandu has joined #openstack-nova06:13
*** ociuhandu has quit IRC06:17
*** ociuhandu has joined #openstack-nova06:18
*** ociuhandu has quit IRC06:28
*** ociuhandu has joined #openstack-nova06:29
openstackgerritWenping Song proposed openstack/nova-specs master: Trival change: correct some nits  https://review.opendev.org/c/openstack/nova-specs/+/78044306:31
*** ociuhandu has quit IRC06:35
*** LinPeiWen25 has joined #openstack-nova06:47
*** slaweq has joined #openstack-nova06:50
*** hemanth_n has joined #openstack-nova06:59
*** ociuhandu has joined #openstack-nova07:00
*** ociuhandu has quit IRC07:00
*** ociuhandu has joined #openstack-nova07:00
*** whoami-rajat_ is now known as whoami-rajat07:09
*** ignaziocassano has joined #openstack-nova07:18
ignaziocassanohello All, please any help on live migration on queens ? when I migrate the vm crash on destination node07:20
ignaziocassanoIgnazio Cassano <ignaziocassano@gmail.com>07:20
ignaziocassanolun 15 mar, 18:59 (13 ore fa)07:20
ignaziocassanoa openstack-discuss07:20
ignaziocassanoHello,07:20
ignaziocassanolooking at destination kvm host I got the following in instance log under /var/log/libvirt/qemu:07:20
ignaziocassano2021-03-15 11:48:31.996+0000: starting up libvirt version: 4.5.0, package: 36.el7_9.3 (CentOS BuildSystem <http://bugs.centos.org>, 2020-11-16-16:25:20, x86-01.bsys.centos.org), qemu version: 2.12.0qemu-kvm-ev-2.12.0-44.1.el7_8.1, kernel: 3.10.0-1160.15.2.el7.x86_64, hostname: podto2-kvmae07:20
ignaziocassanoLC_ALL=C \07:20
ignaziocassanoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \07:20
ignaziocassanoQEMU_AUDIO_DRV=none \07:20
ignaziocassano-name guest=instance-00002a52,debug-threads=on \07:20
ignaziocassano-S \07:20
ignaziocassano-object secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-73-instance-00002a52/master-key.aes \07:20
ignaziocassano-machine pc-i440fx-rhel7.6.0,accel=kvm,usb=off,dump-guest-core=off \07:20
ignaziocassano-cpu Broadwell-IBRS,vme=on,f16c=on,rdrand=on,hypervisor=on,arat=on,xsaveopt=on,abm=on \07:20
ignaziocassano-m 4096 \07:20
ignaziocassano-realtime mlock=off \07:20
ignaziocassano-smp 2,sockets=2,cores=1,threads=1 \07:20
ignaziocassano-uuid c6ea7ed2-e7ce-4df6-a767-6bb95ae8fdc6 \07:20
ignaziocassano-smbios 'type=1,manufacturer=RDO,product=OpenStack Compute,version=17.0.11-1.el7,serial=3dec30fe-a31f-4ea6-971f-6f993589ef04,uuid=c6ea7ed2-e7ce-4df6-a767-6bb95ae8fdc6,family=Virtual Machine' \07:20
ignaziocassano-no-user-config \07:20
ignaziocassano-vnc 0.0.0.0:55 \07:21
ignaziocassano-k en-us \07:21
ignaziocassano-device cirrus-vga,id=video0,bus=pci.0,addr=0x2 \07:21
ignaziocassano-incoming defer \07:21
ignaziocassano-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 \07:21
ignaziocassano-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \07:21
ignaziocassano-msg timestamp=on07:21
ignaziocassano2021-03-15 11:48:31.996+0000: Domain id=73 is tainted: high-privileges07:21
ignaziocassano2021-03-15T11:48:32.163025Z qemu-kvm: -chardev pty,id=charserial0,logfile=/dev/fdset/3,logappend=on: char device redirected to /dev/pts/57 (label charserial0)07:21
ignaziocassano2021-03-15T11:48:32.167206Z qemu-kvm: -drive file=/var/lib/nova/mnt/7eb4b0178ee3ec9ad7cbbc20c62b1912/volume-d5c812c5-2c27-4e82-a38d-83fc79ab848e,format=raw,if=none,id=drive-virtio-disk0,serial=d5c812c5-2c27-4e82-a38d-83fc79ab848e,cache=none,aio=native: 'serial' is deprecated, please use the corresponding option of '-device' instead07:21
ignaziocassano2021-03-15T11:48:37.779611Z qemu-kvm: Failed to load virtio_pci/modern_queue_state:desc07:21
ignaziocassano2021-03-15T11:48:37.780020Z qemu-kvm: Failed to load virtio_pci/modern_state:vqs07:21
ignaziocassano2021-03-15T11:48:37.780042Z qemu-kvm: Failed to load virtio/extra_state:extra_state07:21
ignaziocassano2021-03-15T11:48:37.780062Z qemu-kvm: Failed to load virtio-balloon:virtio07:21
ignaziocassano2021-03-15T11:48:37.780082Z qemu-kvm: error while loading state for instance 0x0 of device '0000:00:06.0/virtio-balloon'07:21
ignaziocassano2021-03-15T11:48:37.781465Z qemu-kvm: load of migration failed: Input/output error07:21
ignaziocassano2021-03-15 11:48:38.231+0000: shutting down, reason=crashed07:21
ignaziocassano"instance-00002a52.log" 102L, 7122C07:21
*** rcernin has quit IRC07:24
*** jamesden_ has quit IRC07:49
*** jamesdenton has joined #openstack-nova07:50
gibibrinzhang_: sorry, I was mostly off yesterday07:52
brinzhang_gibi: np^07:52
brinzhang_please review firstly, Ihave a meeting, after end this meeting I will back, thanks07:53
*** rcernin has joined #openstack-nova07:54
*** dklyle has quit IRC07:56
*** rpittau|afk is now known as rpittau07:58
*** tesseract has joined #openstack-nova08:03
*** rcernin has quit IRC08:06
*** andrewbonney has joined #openstack-nova08:10
*** ociuhandu has quit IRC08:19
*** k-s-dean has joined #openstack-nova08:28
*** zigo has joined #openstack-nova08:30
gibibrinzhang_, bauzas: replyied in https://review.opendev.org/c/openstack/nova/+/77844008:33
gibiI will have to go offline again, sorry, I will be available during the day08:33
bauzasgibi: brinzhang_: sorry, a bit not paying attention to the IRC chan as I'm trying to update the RPC API08:34
bauzasgibi: np08:34
brinzhang_gibi, bauzas: np, I will review your reply comments, thanks08:39
*** tosky has joined #openstack-nova09:00
*** khomesh24 has quit IRC09:01
*** xarlos has joined #openstack-nova09:01
*** lpetrut has joined #openstack-nova09:02
*** k-s-dean has quit IRC09:03
*** k-s-dean has joined #openstack-nova09:03
*** derekh has joined #openstack-nova09:06
*** lucasagomes has joined #openstack-nova09:08
*** brinzhang0 has joined #openstack-nova09:12
*** ignaziocassano has quit IRC09:14
*** brinzhang_ has quit IRC09:16
*** lee2 has joined #openstack-nova09:24
*** lee2 is now known as lyarwood09:24
*** ratailor has quit IRC09:50
*** ratailor has joined #openstack-nova09:51
*** dtantsur|afk is now known as dtantsur09:56
*** k_mouza has joined #openstack-nova09:59
hemanth_nsean-k-mooney stephenfin: can i get some reviews on old backport patch https://review.opendev.org/c/openstack/nova/+/761824 when you have time, thanks10:07
*** ratailor_ has joined #openstack-nova10:15
*** ratailor_ has quit IRC10:16
*** ratailor_ has joined #openstack-nova10:16
*** ratailor_ has quit IRC10:17
*** ratailor_ has joined #openstack-nova10:18
*** ratailor has quit IRC10:18
*** martinkennelly has joined #openstack-nova10:21
*** ratailor__ has joined #openstack-nova10:23
*** ratailor_ has quit IRC10:27
*** jangutter_ has quit IRC10:42
*** supamatt has quit IRC10:43
*** jangutter has joined #openstack-nova10:43
*** ociuhandu has joined #openstack-nova10:44
lyarwoodbauzas / melwitt ; https://review.opendev.org/q/b9333125790682f9d60bc74fdbb12a098565e7c2 - really simple backports if you have time this week10:48
*** smcginnis has joined #openstack-nova10:48
*** dviroel has joined #openstack-nova10:49
lyarwoodah nvm I forgot to include another change so that's borked after victoria10:52
* lyarwood fixes10:52
openstackgerritLee Yarwood proposed openstack/nova stable/ussuri: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/75708310:54
openstackgerritLee Yarwood proposed openstack/nova stable/ussuri: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078010:54
openstackgerritLee Yarwood proposed openstack/nova stable/train: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/75708411:00
openstackgerritLee Yarwood proposed openstack/nova stable/train: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078211:00
openstackgerritLee Yarwood proposed openstack/nova stable/stein: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/75708511:01
openstackgerritLee Yarwood proposed openstack/nova stable/stein: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078411:01
*** jangutter_ has joined #openstack-nova11:08
*** jangutter has quit IRC11:11
openstackgerritLee Yarwood proposed openstack/nova stable/rocky: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078711:12
openstackgerritLee Yarwood proposed openstack/nova stable/rocky: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/78078811:12
openstackgerritLee Yarwood proposed openstack/nova stable/queens: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078911:17
openstackgerritLee Yarwood proposed openstack/nova stable/queens: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/78079011:17
brinzhang0bauzas: if you are free from the rpc version patch, pls review gibi's comments, thanks^11:21
openstackgerritElod Illes proposed openstack/nova stable/pike: Update resources once in update_available_resource  https://review.opendev.org/c/openstack/nova/+/61229511:31
*** ratailor__ has quit IRC11:46
openstackgerritMerged openstack/nova master: libvirt: Wire up 'os_secure_boot' property  https://review.opendev.org/c/openstack/nova/+/77668111:47
openstackgerritMerged openstack/nova master: libvirt: Report secure boot support to scheduler  https://review.opendev.org/c/openstack/nova/+/77569011:48
openstackgerritMerged openstack/nova master: tests: Add functional tests for UEFI, secure boot  https://review.opendev.org/c/openstack/nova/+/77668211:48
openstackgerritMerged openstack/nova master: tests: Remove duplicated 'start_compute' helper  https://review.opendev.org/c/openstack/nova/+/77668311:49
*** dosaboy has quit IRC11:49
*** hkominos has joined #openstack-nova11:49
openstackgerritMerged openstack/nova master: docs: Document UEFI secure boot feature  https://review.opendev.org/c/openstack/nova/+/77668411:50
*** smcginnis has quit IRC11:50
*** dosaboy has joined #openstack-nova11:50
hkominosHi guys. Can i please ask a quick question regarding an exception that I am facing in my deployment? I believe the input from a developer would be more helpful for me than asking in the openstack channel11:51
*** ratailor has joined #openstack-nova11:51
*** stand has quit IRC11:52
k-s-deanhkominos, ask away. someone might be see it later. If i can answer you I will.11:52
hkominosk-s-dean Hi!. What do you make of this : https://paste.centos.org/view/741688bb11:52
k-s-deanhkominos, are you running cyborg ?11:54
hkominosno11:54
hkominosThis appeared after a host was rebooted with some Vms on it11:54
*** ratailor_ has joined #openstack-nova11:54
hkominoswhich now refuse to come up11:54
k-s-deanwhats the underlying hardware11:55
*** Luzi has joined #openstack-nova11:57
*** ratailor has quit IRC11:57
k-s-deanto me that sounds like a hardware issue.11:57
k-s-deanhkominos, have you checked the compute logs on the host11:58
k-s-dean\?11:58
hkominosyes. https://paste.centos.org/view/73064e38. But before I start looking for hardware vendors  I want to understand the problem. I think the issues probably more into nova placement but Idk. that is why I asked here.12:01
k-s-deanhkominos, has this machine got a graphics card in it ?12:04
hkominosyes.12:04
k-s-deanHas the graphics card failed ?12:04
hkominoslets double check12:05
*** smcginnis has joined #openstack-nova12:07
hkominosdoes not look like it.12:08
k-s-deanok.12:09
k-s-deanany reason why you have  15 instances in the placement database and 10 instances on the hypervisor.12:10
k-s-deancan you run virsh list --all on the host ?12:10
*** ratailor_ has quit IRC12:15
*** ociuhandu has quit IRC12:18
*** hemanth_n has quit IRC12:25
gibikashyap: I guess https://review.opendev.org/c/openstack/nova/+/682627 is not a mandatory part of the secure boot feature for W12:28
*** tbachman has quit IRC12:28
gibiam I correct?12:28
* kashyap clicks12:28
gibithe rest of the secure boot series landed12:28
kashyapgibi: Cool; just see it in the scrollback.  So that auto-detect can come later -- unfortunately, a bug in libvirt blocking that :-(12:29
gibikashyap: ack, then marking the bp implemented for W12:29
gibithanks12:29
*** tbachman has joined #openstack-nova12:29
kashyapgibi: Thank you.  And stephenfin, particularly12:30
gibistephenfin: will you resolve the merge conflict in the vdpa series?12:33
stephenfinworking on it atm12:33
gibicool12:33
gibithanks12:33
*** ociuhandu has joined #openstack-nova12:38
*** ociuhandu has quit IRC12:39
*** tbachman_ has joined #openstack-nova12:39
*** ociuhandu has joined #openstack-nova12:40
*** smcginnis has quit IRC12:40
*** tbachman has quit IRC12:42
*** tbachman_ is now known as tbachman12:42
*** macz_ has joined #openstack-nova12:43
*** rcernin has joined #openstack-nova12:47
*** macz_ has quit IRC12:48
*** smcginnis has joined #openstack-nova12:50
*** READ10 has joined #openstack-nova12:50
*** ociuhandu has quit IRC12:51
*** jangutter_ has quit IRC12:53
*** rcernin has quit IRC12:56
openstackgerritLee Yarwood proposed openstack/nova stable/train: Make _rebase_with_qemu_img() generic  https://review.opendev.org/c/openstack/nova/+/78078212:57
openstackgerritLee Yarwood proposed openstack/nova stable/train: Use absolute path during qemu img rebase  https://review.opendev.org/c/openstack/nova/+/75708412:57
*** jangutter has joined #openstack-nova12:59
*** ociuhandu has joined #openstack-nova13:02
*** hemanth_n has joined #openstack-nova13:12
*** smcginnis has quit IRC13:12
*** zul has joined #openstack-nova13:14
*** hemanth_n has quit IRC13:16
*** smcginnis has joined #openstack-nova13:18
*** artom has quit IRC13:21
*** artom has joined #openstack-nova13:22
*** smcginnis has quit IRC13:24
*** supamatt has joined #openstack-nova13:29
gibiis there anything that I should review now?13:38
*** smcginnis has joined #openstack-nova13:41
hkominosk-s-dean virsh list all shows (or did show 10) VMs13:49
hkominosnow why  placement thought 15 Is because it had some garbage VMs that did not spawn on this node.13:49
k-s-deanThose should have been cleaned up.13:50
hkominosWill do13:51
*** sapd1 has joined #openstack-nova13:51
*** yoctozepto has quit IRC13:53
openstackgerritElod Illes proposed openstack/nova stable/pike: [stable-only] gate: Pin CEPH_RELEASE to nautilus in LM hook  https://review.opendev.org/c/openstack/nova/+/78085213:58
*** mlavalle has joined #openstack-nova14:00
*** tbachman has quit IRC14:03
*** tbachman_ has joined #openstack-nova14:03
stephenfingibi: I'm reworking Sean's "block unsupported ops with vDPA interface" patch to return HTTP 409 (Conflict) instead of HTTP (Forbidden) since that seems more sensible. It's not a permissions or access issue, IMO. Do you agree?14:10
*** jobewan has joined #openstack-nova14:23
*** sapd1 has quit IRC14:24
*** spatel has joined #openstack-nova14:25
*** macz_ has joined #openstack-nova14:27
Luzihey, is someone around who knows the qemu native tls config options? I think i might have found a bug in the guide: https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html14:31
*** macz_ has quit IRC14:33
kashyapLuzi: Hi, I think I wrote that doc :)14:34
kashyapLuzi: What's the bug?  Feel free to amend / send a pull-req :)14:35
kashyaps/pull-req/patch/14:35
kashyapAt the bottom right, there is also "found an error? report a bug"14:36
Luzii followed that guide but got to a point when openstack did not use the tls path, but kept using the tcp path14:36
Luzii onlny found out because i used tcpdump on both ports14:36
kashyapLuzi: Hmm, if you followed that guide to the word, then your setup should definitely be using the QEMU-native TLS14:37
Luzii was looking through code and found out, that the uri used for live migration is different from the connection uri and uses a config option not mentioned in the guide14:38
kashyapLuzi: Hmm, possible the guide got slightly outdated ... as migration-related code got reworked14:39
Luzionly after i set live_migration_scheme = tls14:39
Luzithe traffic was encrypted14:39
Luziand using the correct port :)14:39
kashyapLuzi: I see.  That's correct _scheme is favoured14:41
kashyapAnd _uri parameter is deprecated in favor of the above14:41
Luzibut when you don't set it, as i had not done it, the code uses the hardcoded tcp parameter14:41
fungilooks like that config option was added by https://review.openstack.org/410817 which merged in early 201714:41
kashyapfungi: Heya; yep.  That timeframe is right ... /me clicks14:42
kashyapYep; patch is also correct.14:42
Luzilive_migration_scheme = tls14:42
fungifirst appeared in nova 15.0.0, so ocata and later14:42
kashyapLuzi: Also you don't tell what version of OpenStack you were using?14:42
kashyapYeah, what fungi says.14:43
Luzihttps://github.com/openstack/nova/blob/master/nova/virt/libvirt/driver.py#L122414:43
openstackgerritStephen Finucane proposed openstack/nova master: pci: Add vDPA vnic to PCI request mapping and filtering  https://review.opendev.org/c/openstack/nova/+/77835014:43
openstackgerritStephen Finucane proposed openstack/nova master: api: Block unsupported actions with vDPA  https://review.opendev.org/c/openstack/nova/+/78033314:43
openstackgerritStephen Finucane proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011214:43
openstackgerritStephen Finucane proposed openstack/nova master: WIP: tests: Make mdev stubs work like vDPA  https://review.opendev.org/c/openstack/nova/+/78023414:43
openstackgerritStephen Finucane proposed openstack/nova master: Add release note for vDPA  https://review.opendev.org/c/openstack/nova/+/78086614:43
stephenfingibi: lyarwood: ^14:43
Luzii am working on train and looking to upgrade soon14:43
Luzii posted the line of code which seems to be still on master14:44
fungisame change deprecated live_migration_uri14:45
kashyap(Yep)14:45
*** sapd1 has joined #openstack-nova14:45
Luziin the guide the only config option which is mentioned is live_migration_with_native_tls = true14:46
Luziwhich is definitely not enough to enable native tls14:46
kashyapLuzi: So, indeed - it checks if the config option is set, then uses the _scheme, if not defaults to TLS14:46
fungiso alternatively, the document could warn that setting the _scheme will prevent a natural fallback to tls14:47
Luziwell i thought it worked, until i started tcpdump14:47
Luzitcp14:47
Luzithe default in code is tcp14:47
kashyapLuzi: Err, defaults to TCP, I mean, I'm sorry.14:48
Luzithe guid should at least say it is needed to set the _scheme to tls14:48
fungiayup, i agree it defaults to 'tcp' there14:48
kashyapLuzi: Right; I'll check the installer code to double-confirm; and then can update the doc14:49
fungiokay, so the doc just needs updating to mention setting live_migration_scheme="tls"?14:49
Luzii'm just worried, that this may also concern some users which did not check their deployment with a tcpdump :D14:49
fungiit got mentioned in the release notes (under features) but yeah that's fairly hidden14:49
Luziit should be enough, to update the guide, i think14:50
fungiand even the release note doesn't come out and say it's needed for turning on tls14:50
Luzifungi, yeah thats the point14:50
Luzii needed a whole day to find out :D14:51
kashyapfungi: Yep - on the doc needs updating.  Luzi: Good catch!14:51
fungiLuzi: if you're worried that we need to do some outreach, the typical process for that is an openstack security note: https://wiki.openstack.org/wiki/Security/Security_Note_Process14:51
Luzii need to go off now, thank you for replying so quickly kashyap and fungi :)14:52
kashyapLuzi: So you need _both_:14:52
kashyap - live_migration_scheme14:52
fungionce published, we can send a copy to the openstack-announce and openstack-discuss mailing lists14:52
kashyap - live_migration_with_native_tls14:52
Luzifungi, i will do that when i'm at home :)14:52
Luzikashyap, yes14:52
*** Luzi has quit IRC14:53
*** macz_ has joined #openstack-nova14:54
kashyap(Ah, Luzi is gone before I wanted to mention a way to actually verify how to check native TLS is in effect for disks during migration w/ low-level logs.)14:54
lyarwoodstephenfin: https://review.opendev.org/c/openstack/nova/+/780333 - quick commit message nit in there but otherwise LGTM15:03
openstackgerritStephen Finucane proposed openstack/nova master: api: Block unsupported actions with vDPA  https://review.opendev.org/c/openstack/nova/+/78033315:07
openstackgerritStephen Finucane proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011215:07
openstackgerritStephen Finucane proposed openstack/nova master: Add release note for vDPA  https://review.opendev.org/c/openstack/nova/+/78086615:07
openstackgerritStephen Finucane proposed openstack/nova master: WIP: tests: Make mdev stubs work like vDPA  https://review.opendev.org/c/openstack/nova/+/78023415:07
lyarwoodta15:08
lyarwoodstephenfin: https://review.opendev.org/c/openstack/nova/+/780866 - same in the releasenote btw15:17
stephenfingdi :)15:17
stephenfinwill fix15:17
lyarwoodnp my review ratio thanks you ;)15:18
lyarwoodjoys of being a stable core15:18
gibistephenfin: ack, I have no problem with 409, and I will review the series soon15:21
*** Techy2493 has joined #openstack-nova15:21
*** mkrai has quit IRC15:22
*** mkrai_ has joined #openstack-nova15:22
*** dklyle has joined #openstack-nova15:23
*** hemanth_n has joined #openstack-nova15:29
*** sapd1 has quit IRC15:33
*** psachin has quit IRC15:36
*** gyee has joined #openstack-nova15:43
*** sapd1 has joined #openstack-nova15:49
*** hemanth_n has quit IRC15:51
openstackgerritKashyap Chamarthy proposed openstack/nova master: libvirt: Deprecate `live_migration_tunnelled`  https://review.opendev.org/c/openstack/nova/+/78090815:52
kashyapgibi: stephenfin: Would be nice to get it going in Wallaby --^.  Will reduce some future "live migration config fatigue"15:54
gibikashyap: ack, I will check after the vdpa series15:55
kashyapSure; no prob.  It's just a deprecation meta-work; that's all.15:55
kashyapI'll add a code-reference in the change comment15:55
lyarwoodkashyap: random question, do we have coverage of live_migration_with_native_tls in the gate somewhere?15:58
lyarwoodkashyap: I can't find anything but that smells like something we should enable in nova-next at least15:59
kashyaplyarwood: Good question, I do not know; and near as I know, no.  It requires a full TLS env to be setup -- which is what TripleO does15:59
kashyapSee my prerequisite here: https://docs.openstack.org/nova/latest/admin/secure-live-migration-with-qemu-native-tls.html#prerequisites15:59
*** LinPeiWen25 has quit IRC16:00
kashyaplyarwood: I swear there is some automated test of this upstream (perhaps the upstream whitebox from OSP QE folks), can't find a link yet16:00
lyarwoodkashyap: yeah it's likely on the TripleO side and sorry I thought the virt tools would automate the CA creation etc, if not ignore me as it's going to be too much work to enable in devstack for nova-next etc16:01
kashyaplyarwood: Yeah, it requires good old PKI setup. It _can_ be automated, using GnuTLS16:01
kashyaplyarwood: If you don't mind holding your nose, something like ... https://kashyapc.fedorapeople.org/Auto-Setup-GnuTLS/Setup-GnuTLS-CA-and-ServerCert.bash16:02
lyarwoodthat said we do have some novnc tls stuff in devstack so...16:02
kashyapI see16:03
*** vishalmanchanda has quit IRC16:03
kashyapBut pretty sure I recall chatting w/ TripleO folks to have an automated test.  Once I find a URL, I'll link it in the change or post here16:03
*** adrianc has quit IRC16:07
*** adrianc has joined #openstack-nova16:07
*** spatel has quit IRC16:07
*** Techy2493 has quit IRC16:17
*** Luzi has joined #openstack-nova16:21
*** ociuhandu has quit IRC16:27
*** ociuhandu has joined #openstack-nova16:27
bauzasgibi: others, folks, i'm taking an urgent PTO tomorrow, my wife is turning 40 as well16:30
*** manuvakery1 has joined #openstack-nova16:32
gibibauzas: ack, have a nice celebration!16:32
gibibauzas: will you push a new rev from the rpc bump patch before you leave?16:33
bauzasgibi: not sure :(16:34
bauzasstill fixing to not support 5.016:34
gibibauzas: no worries just preparing my review queue16:36
Luzikashyap, are you around?16:39
kashyapLuzi: Hi, yes16:39
kashyapLuzi: So, I wanted to mention one more to thing to you, before you left16:39
kashyapLuzi: If you want to see native TLS is *actually* in effect, you can verify it by a slightly tedious method in logs16:40
kashyapLuzi: Is your env. production?  Or do you have a staging setup?16:40
Luzitesting setup16:40
kashyapLuzi: Perfect.  So here we go:16:41
kashyapLuzi: What OS do you have?  Ubuntu or Fedora?  Doesn't matter: install the "libvirt-admin" tool16:41
kashyaps/tool/package/16:41
kashyapTo get the 'virt-admin' tool.  Note: Ubuntu might name it differently.  So "grep" your package repository for the tool.  In Fedora, I can do it like this: `dnf whatprovides *virt-admin`16:43
kashyapLuzi: Then follow this to enable the dynamic libvirt log filters on your compute nodes: https://kashyapc.fedorapeople.org/virt/virt-admin.txt16:43
kashyapOnce you have that setup; you can migrate a guest, and then you can look for: `grep tls-creds-x509` on your source and destination libvirtd.log.16:45
kashyapLuzi: Did you hav a different question for me?  I began talking right after you pinged me :)16:45
*** Luzi_ has joined #openstack-nova16:46
*** Luzi has quit IRC16:46
Luzi_here again, needed to change to vpn16:46
Luzi_i missed the last 6 minutes or so - did you wrote something kashyap ?16:47
kashyapLuzi_: Yes, I did post something.  I was talking to myself.  Let me post a pastebin16:47
kashyapLuzi_: http://paste.openstack.org/show/803621/16:48
*** hamalq has joined #openstack-nova16:48
kashyapLuzi_: For comparison, you should see commands like these in your _destination_ libvirt log file: https://kashyapc.fedorapeople.org/Native-TLS/Test-Evidence/DEST-QMP-commands-TLS-over-NBD-guestHyp2.log16:50
kashyapLuzi_: I need to head out shortly.  If you have a question, ask now :-)  (Assuming you're not disconnected again.)16:54
Luzi_okay, it seems i adjusted the log level, I will now migrate with and without the config option set16:54
*** ociuhandu_ has joined #openstack-nova16:59
*** lucasagomes has quit IRC17:02
Luzi_kashyap, it seems the logs collected by the environment are having another log level, may be because of the deployment setting17:02
gibistephenfin: I'm +2 on the vdpa series, thanks for picking it up. The reno needs a respin as spotted by lyarwood.17:02
*** ociuhandu has quit IRC17:02
Luzi_i would still open a bug and display the commands i used to catch the traffic with - for both ways17:02
*** ociuhandu_ has quit IRC17:03
*** tesseract has quit IRC17:04
gibikashyap: Im +2 on the deprecation of the tunneled live migration patch17:05
kashyapLuzi_: Strange, do you already have the config settings manually done in /etc/libvirt/libvirtd.conf?17:06
Luzi_maybe17:07
kashyapLuzi_: Check if you have these two configs set in your /etc/libvirt/libvirtd.conf:17:07
kashyap  - log_filters17:07
openstackgerritSylvain Bauza proposed openstack/nova master: Bump the Compute RPC API to version 6.0  https://review.opendev.org/c/openstack/nova/+/76145217:07
kashyap  - log_outputs17:07
kashyapgibi: Thank you!17:07
bauzasgibi: I eventually gave up given the time, and I just fixed dansmith's nits17:08
bauzasdansmith: gibiI'll try to still work on no longer supporting 5.0 on Thursday17:08
kashyapLuzi_: I need to head out for a walk, but feel free to gather your thoughts in a file.17:08
kashyap(And email here, or post them in a non-expiring pastebin somewhere.  I'll come back and check.)17:10
kashyapLuzi_: In short, use either manual approach or the dynamic filters.  See the "Gathering libvirt logs..." section here: https://kashyapc.fedorapeople.org/virt/openstack/request-nova-libvirt-qemu-debug-logs.txt17:13
Luzi_I need to head out too, so I just complete the bug report and maybe add some more tomorrow17:15
gibibauzas: ack, I will review what you pushed17:20
gibibauzas: have a nice PTO tomorrow17:20
bauzasthanks17:20
*** rpittau is now known as rpittau|afk17:29
*** ociuhandu has joined #openstack-nova17:30
*** Luzi_ has quit IRC17:31
openstackgerritMerged openstack/nova master: Remove VFSLocalFS  https://review.opendev.org/c/openstack/nova/+/77850617:33
*** ociuhandu has quit IRC17:34
*** terdei has joined #openstack-nova17:43
*** dtantsur is now known as dtantsur|afk17:47
*** vishalmanchanda has joined #openstack-nova17:48
*** READ10 has quit IRC17:59
*** lpetrut has quit IRC18:00
*** xek has quit IRC18:02
*** derekh has quit IRC18:03
*** lbragstad has quit IRC18:07
*** k_mouza has quit IRC18:09
*** xek has joined #openstack-nova18:11
*** xek has quit IRC18:11
*** lbragstad has joined #openstack-nova18:27
*** hkominos has quit IRC18:46
*** ralonsoh has quit IRC18:51
*** andrewbonney has quit IRC19:09
*** efried1 has joined #openstack-nova19:13
*** efried has quit IRC19:14
*** efried1 is now known as efried19:14
*** whoami-rajat has quit IRC19:26
openstackgerritStephen Finucane proposed openstack/nova master: libvirt: Delegate OVS plug to os-vif  https://review.opendev.org/c/openstack/nova/+/60243219:41
melwittgmann: hey, wondering if you have seen this tempest-slow-py3 gate failure before ""tempest.scenario.test_network_v6.TestGettingAddress Bad router request: Cidr 2001:db8::/64 of subnet f3908f8d-a960-444f-9708-78ae906fbd63 overlaps with cidr 2001:db8::/64 of subnet d8fe1d15-5cdd-40e1-96e5-d1ac105253c3" I only see it on stable/stein in nova19:55
melwitthttps://zuul.opendev.org/t/openstack/build/0d21e41fc0294f1d891c484dea84adb6/logs19:55
*** mkrai_ has quit IRC19:59
*** tosky has quit IRC20:05
*** tosky has joined #openstack-nova20:05
*** vishalmanchanda has quit IRC20:14
*** yoctozepto has joined #openstack-nova20:14
*** links has quit IRC20:15
fricklermelwitt: this looks related https://review.opendev.org/c/openstack/neutron/+/77738920:19
melwittfrickler: that does look like it, thank you!20:20
*** Techy2493 has joined #openstack-nova20:22
*** slaweq has quit IRC20:26
*** hemna has quit IRC20:28
*** slaweq has joined #openstack-nova20:29
*** hemna has joined #openstack-nova20:29
*** manuvakery1 has quit IRC20:30
openstackgerritStephen Finucane proposed openstack/nova master: pci: Add vDPA vnic to PCI request mapping and filtering  https://review.opendev.org/c/openstack/nova/+/77835020:39
openstackgerritStephen Finucane proposed openstack/nova master: api: Block unsupported actions with vDPA  https://review.opendev.org/c/openstack/nova/+/78033320:39
openstackgerritStephen Finucane proposed openstack/nova master: tests: Add functional test for vDPA device  https://review.opendev.org/c/openstack/nova/+/78011220:39
openstackgerritStephen Finucane proposed openstack/nova master: Add release note for vDPA  https://review.opendev.org/c/openstack/nova/+/78086620:39
*** Techy2493 has quit IRC21:10
openstackgerritMerged openstack/nova master: libvirt: Deprecate `live_migration_tunnelled`  https://review.opendev.org/c/openstack/nova/+/78090821:13
*** mlavalle has quit IRC21:13
*** slaweq has quit IRC21:24
*** Techy2493 has joined #openstack-nova21:43
*** k-s-dean has quit IRC22:17
spotzIs there a maximum number of security groups you cane have? Not talking about quota restricted22:21
*** rcernin has joined #openstack-nova22:24
*** brinzhang_ has joined #openstack-nova22:26
*** lbragstad_ has joined #openstack-nova22:29
*** trozet has joined #openstack-nova22:29
*** dosaboy_ has joined #openstack-nova22:30
*** Techy2493 has quit IRC22:32
*** lbragstad has quit IRC22:35
*** dosaboy has quit IRC22:35
*** supamatt has quit IRC22:35
*** brinzhang0 has quit IRC22:35
melwittspotz: security groups will be a question for the neutron team, nova hasn't done them since the olden days of nova-network22:37
spotzhaha thanks melwitt!22:37
melwittyw22:37
*** gyee has quit IRC22:40
openstackgerritmelanie witt proposed openstack/nova stable/stein: [stable-only] Specify IPv6 CIDR in tempest-slow-py3  https://review.opendev.org/c/openstack/nova/+/78099122:47
*** mlavalle has joined #openstack-nova22:50
*** k-s-dean has joined #openstack-nova23:18
*** rcernin has quit IRC23:38
*** rcernin has joined #openstack-nova23:39
« Monday, 2021-03-15 Index Wednesday, 2021-03-17 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!