Friday, 2021-04-23

*** gyee has quit IRC		00:05
*** sapd1 has quit IRC		00:05
*** hamalq has quit IRC		00:13
*** k_mouza has joined #openstack-nova		00:32
*** k_mouza has quit IRC		00:32
*** k_mouza has joined #openstack-nova		00:33
*** k_mouza has quit IRC		00:41
*** xinranwang has joined #openstack-nova		01:25
*** brinzhang0 has joined #openstack-nova		01:28
*** brinzhang_ has quit IRC		01:31
*** k_mouza has joined #openstack-nova		01:39
*** k_mouza has quit IRC		01:39
*** k_mouza has joined #openstack-nova		01:40
*** k_mouza_ has joined #openstack-nova		01:43
*** k_mouza has quit IRC		01:47
*** k_mouza_ has quit IRC		01:47
*** k_mouza has joined #openstack-nova		01:57
*** k_mouza has quit IRC		02:01
openstackgerrit	liuzhuangzhuang proposed openstack/nova master: Fix RBD timeout https://review.opendev.org/c/openstack/nova/+/786588	02:07
*** k_mouza has joined #openstack-nova		02:15
*** sapd1 has joined #openstack-nova		02:18
*** k_mouza has quit IRC		02:19
*** sapd1 has quit IRC		03:15
*** xinranwang has quit IRC		03:33
*** mkrai has joined #openstack-nova		03:36
*** zzzeek has quit IRC		03:37
*** zzzeek has joined #openstack-nova		03:38
*** k_mouza has joined #openstack-nova		04:16
*** ratailor has joined #openstack-nova		04:18
*** k_mouza has quit IRC		04:21
*** vishalmanchanda has joined #openstack-nova		04:36
*** priteau has joined #openstack-nova		05:29
*** belmoreira has joined #openstack-nova		06:02
*** brinzhang_ has joined #openstack-nova		06:12
*** brinzhang0 has quit IRC		06:15
*** k_mouza has joined #openstack-nova		06:17
*** slaweq has joined #openstack-nova		06:20
*** k_mouza has quit IRC		06:21
*** ralonsoh has joined #openstack-nova		06:26
*** luksky has joined #openstack-nova		06:32
openstackgerrit	Balazs Gibizer proposed openstack/placement stable/wallaby: Add a reproduction test for bug story/2008831 https://review.opendev.org/c/openstack/placement/+/787525	06:37
openstackgerrit	Balazs Gibizer proposed openstack/placement stable/wallaby: Make sure the policy upgrade check get a valid config https://review.opendev.org/c/openstack/placement/+/787526	06:37
*** ratailor_ has joined #openstack-nova		06:47
*** ratailor has quit IRC		06:50
*** mkrai has quit IRC		07:10
*** rpittau\|afk is now known as rpittau		07:12
*** whoami-rajat_ has joined #openstack-nova		07:17
*** rcernin has quit IRC		07:25
*** whoami-rajat_ is now known as whoami-rajat		07:25
*** andrewbonney has joined #openstack-nova		07:49
*** rcernin has joined #openstack-nova		07:52
*** tosky has joined #openstack-nova		07:53
*** rcernin has quit IRC		07:57
*** derekh has joined #openstack-nova		08:07
*** rcernin has joined #openstack-nova		08:09
*** mgoddard has joined #openstack-nova		08:12
*** rcernin has quit IRC		08:14
*** hemanth_n has joined #openstack-nova		08:16
*** dtantsur\|afk is now known as dtantsur		08:17
*** k_mouza has joined #openstack-nova		08:19
*** k_mouza has quit IRC		08:23
*** mkrai has joined #openstack-nova		08:27
*** rcernin has joined #openstack-nova		09:00
*** k_mouza has joined #openstack-nova		09:02
*** macz_ has joined #openstack-nova		09:10
*** macz_ has quit IRC		09:15
*** rcernin has quit IRC		09:18
*** rcernin has joined #openstack-nova		09:21
*** dtantsur is now known as dtantsur\|bbl		09:30
*** tesseract has joined #openstack-nova		09:36
*** k_mouza has quit IRC		09:40
*** k_mouza has joined #openstack-nova		09:42
*** k_mouza has quit IRC		09:43
*** k_mouza has joined #openstack-nova		09:45
*** k_mouza_ has joined #openstack-nova		09:50
*** k_mouza has quit IRC		09:53
*** martinkennelly has joined #openstack-nova		09:57
*** vdrok has quit IRC		10:04
*** vdrok has joined #openstack-nova		10:04
*** k_mouza_ has quit IRC		10:07
*** k_mouza has joined #openstack-nova		10:19
*** dklyle has quit IRC		10:42
*** rcernin has quit IRC		10:43
*** viks____ has joined #openstack-nova		11:02
*** mkrai has quit IRC		11:04
*** lucasagomes has joined #openstack-nova		11:10
*** rcernin has joined #openstack-nova		11:15
*** k-s-dean has quit IRC		11:27
*** bbowen has quit IRC		11:28
openstackgerrit	Lee Yarwood proposed openstack/nova master: guestfs: With libguestfs >= v1.41.1 decode returned bytes to string https://review.opendev.org/c/openstack/nova/+/787712	11:31
lyarwood	^ hopefully an easy one if anyone has time	11:36
*** sapd1 has joined #openstack-nova		11:43
*** mgoddard has quit IRC		11:43
gibi	lyarwood: I have a question about the fakeguestfs change in ^^	11:46
*** rcernin has quit IRC		11:49
sean-k-mooney	gibi: i think that is what lyarwood was saying changed in the new version	11:58
sean-k-mooney	gibi: i.e. it now returns bytes when you call read_file in libguestfs?	11:58
sean-k-mooney	lyarwood: is that right i was not fully following what you said in the commit message	11:58
sean-k-mooney	gibi: so i think lee is emulating the new behavior	11:59
lyarwood	gibi: gibi thanks replied	12:01
lyarwood	sean-k-mooney: yeah sorry that's correct	12:02
lyarwood	that's the new behaviour, I'm not testing the older behaviour here but I'm not sure if that's worth it tbh	12:02
gibi	sean-k-mooney, lyarwood: thanks. now I got it. I was confused about what the fakeguestfs replaces	12:06
lyarwood	yeah sorry it needed calling out in the commit	12:08
gibi	no worries	12:10
artom	stephenfin, gibi, so I've been thinking about that online data migration for the unshelve with SRIOV port bug...	12:21
artom	It's not a slam dunk. Could we take some PTG minutes to discuss it? Or hash it out in the review?	12:21
*** tesseract has quit IRC		12:23
sean-k-mooney	i orginally suggested adding it a a nova manage command by the way	12:23
gibi	artom plug it to the end of the etherpad and lets see if we can make it to the end today,	12:23
sean-k-mooney	not an online data migration	12:23
gibi	artom: if not then we can continue here or in the review	12:23
gibi	I don't have the necessary context right now, I have to read the patch first	12:23
sean-k-mooney	well it is one just not one that you would always run	12:23
* artom has taken it as a given that we'll never get to the end of the agenda ;)		12:24
artom	So in the review then!	12:24
artom	:P	12:24
sean-k-mooney	if we do it as a one off nova manage command it will be backporatble too	12:24
gibi	review works fine by me	12:24
*** hemanth_n has quit IRC		12:25
kashyap	sean-k-mooney: gibi: stephenfin: A quick point (which I also noted on the Etherpad, but it can get lost) from yesterday on that emulation thing:	12:25
sean-k-mooney	gibi im going to move my topics to the end of the etherpad. the last ones i have left are less important so if we get to them great	12:25
kashyap	QEMU explicitly does not consider emulation to be a secure production scenario — "Users with non-virtualization use cases must not rely on QEMU to provide guest isolation or any security guarantees."	12:25
gibi	sorry, I don't actually know how to move faster in the agenda without shutting down some people in the room	12:25
gibi	sean-k-mooney: that helps, thanks	12:25
kashyap	It could be okay for private cloud setup, if the admin trusts their tenants. The rest of it is in the Etherpad.	12:25
sean-k-mooney	kashyap: tell rackspace that	12:27
sean-k-mooney	kashyap: as i said most of there cloud ran x86 on power of 5+ years with xen/qemu	12:27
gibi	kashyap: I see belmoreira's answer to your point in the etherpad. I think I agree. We can warn our users in the doc that emulation is not for public production, but for private validation	12:27
sean-k-mooney	gibi: i think it can be use for both	12:28
sean-k-mooney	we can warn that its considered less secure sure	12:28
gibi	sean-k-mooney: can be used does not mean it is not dangerous from security perspective ;)	12:28
gibi	it can be used but the consequnces should be clear	12:28
*** dtantsur\|bbl is now known as dtantsur		12:29
sean-k-mooney	kashyap: can you provide a link to a public staement form QEMU to that effect	12:29
sean-k-mooney	if we are going to put it in our docs i would like somehting beter then an email or irc transcript	12:29
kashyap	sean-k-mooney: I don't have to say it to Rackspace, BTW. They can read the doc I linked in there :)	12:29
kashyap	sean-k-mooney: https://qemu-project.gitlab.io/qemu/system/security.html#non-virtualization-use-case	12:30
kashyap	gibi: Yeah. It can be easily missed w/o loud and clear documentation on that point.	12:30
sean-k-mooney	kashyap: cool then we can reference that	12:30
sean-k-mooney	it seams clear that while it should in principal provide similar protection due to the legacy of not reviewing for security its not considerd as secure as using kvm	12:31
sean-k-mooney	so really you would need to use selinux and other security mechanisms to provide guest isolation byond qemu	12:32
sean-k-mooney	the same selinux rules we apply in the kvm case should add some messure of addtional protection	12:32
kashyap	SELinux and sVirt will provide protection beyond what QEMU may do. But not all distros are SELinux-capable	12:33
sean-k-mooney	ture although apparmor will also provide some protectsion on the debina/ubuntu side	12:33
*** sapd1 has quit IRC		12:34
sean-k-mooney	by the way i assume we are just going to warn for this whenever using virt-type=qemu too	12:35
sean-k-mooney	basically a note for virt_type=qemu and then when we add emulation support refrecne that it will fallback to qemu and that note applies to the emulation case	12:35
sean-k-mooney	we have not warned agaisnt the use of the qemu virt type up to this point and the emulation case is no different to that so if we add something it shoudl be consitent	12:36
*** k_mouza has quit IRC		12:40
*** k_mouza has joined #openstack-nova		12:41
*** bbowen has joined #openstack-nova		12:42
*** mgoddard has joined #openstack-nova		12:44
kashyap	sean-k-mooney: Yeah; that's a valid point - warning for 'virt_type=qemu' is beneficial for the operator	12:45
kashyap	As sometimes they use it unwittingly	12:45
*** ratailor_ has quit IRC		12:46
*** priteau has quit IRC		12:48
lyarwood	https://review.opendev.org/c/openstack/nova/+/787712 - stephenfin / bauzas ; would either of you mind hitting this before we get started with PTG stuff today?	12:53
stephenfin	sure	12:53
*** slaweq has quit IRC		12:53
*** slaweq has joined #openstack-nova		12:53
*** priteau has joined #openstack-nova		12:54
*** slaweq has quit IRC		12:56
*** slaweq has joined #openstack-nova		12:56
stephenfin	lyarwood: left a comment - could you address that one (happy with the rest being done in a follow-up, as with gibi)	12:56
lyarwood	ack looking	12:59
openstackgerrit	Lee Yarwood proposed openstack/nova master: guestfs: With libguestfs >= v1.41.1 decode returned bytes to string https://review.opendev.org/c/openstack/nova/+/787712	13:03
stephenfin	thanks	13:03
lyarwood	np	13:04
lyarwood	thanks for review	13:04
*** k_mouza_ has joined #openstack-nova		13:10
*** k_mouza has quit IRC		13:13
*** vishalmanchanda has quit IRC		13:26
bauzas	wow, so Zoom is eating 5GB of my RAM	13:28
bauzas	...	13:28
sean-k-mooney	what browser are you using	13:29
sean-k-mooney	it prefers chrome	13:29
sean-k-mooney	or are you using the zoom app	13:29
sean-k-mooney	browser seams to work better for me at least	13:29
bauzas	I directly use the zoom app	13:31
* bauzas tests a few things before the last PTG day		13:31
sean-k-mooney	ya i had audio issue with that i could hear but people could not hear me	13:31
bauzas	hopefully this will be our last virtual PTG...	13:31
sean-k-mooney	so now im using it in google chrome not chromium	13:31
*** ratailor has joined #openstack-nova		13:37
*** priteau has quit IRC		13:43
*** ratailor has quit IRC		13:44
*** priteau has joined #openstack-nova		13:46
artom	sean-k-mooney, you mean an entirely new nova-manage command? As in `nova-manage sriov-ports add-requester-id`?	13:53
sean-k-mooney	almost	13:55
sean-k-mooney	new yes but i was suggesting that it would be automatic	13:55
sean-k-mooney	i.e. you would not have to specify the requester id manually	13:56
sean-k-mooney	it would try and work it out by looking at teh pci claims and the port profile	13:56
artom	I guess...	13:56
sean-k-mooney	and if they agreed then setting the value	13:56
artom	That would not apply to any instances that are not ACTIVE though	13:56
sean-k-mooney	if not it would out put a list of port that were potnetally broken and say hay you might need to fix these	13:56
artom	Which is also my beef with the data migration (currently writing a para of text in the review)	13:57
sean-k-mooney	how do you mean	13:57
* lyarwood is going to miss the first 20mins of the nova track talking to the manila folks		13:57
sean-k-mooney	it woul apply to any vm that is not currently in shleve offloaed or error	13:57
artom	Well, for instances that are SHELVED(_OFFLOADED) for example...	13:57
sean-k-mooney	ya one that are shleve offloaded currently cant really be fixed without manual intervention	13:58
artom	And don't we get into weird race conditions for instances in MIGRATING?	13:58
gibi	lyarwood: do you have any hard opinion about droping eventlet? (we will start with that topic in nova)	13:58
sean-k-mooney	maybe we could determin what subset are valid in the reivew	13:58
artom	As in, depending on when you run the data migration, we might have already updated the port binding, or maybe we haven't	13:58
sean-k-mooney	but basically any migration or command shoudl be a sperate patch after the fix	13:59
sean-k-mooney	we have prescende downstream for backporting only the fix without the data migration	13:59
sean-k-mooney	that is what we did for the network info cache force refresh	13:59
artom	Oh, I remember that	13:59
artom	I'd argue that it can also be useful upstream	13:59
artom	Its still fixes an issue, even if any of your pre-existing instances don't get it	14:00
sean-k-mooney	yes	14:00
sean-k-mooney	i would too	14:00
sean-k-mooney	that is why i want the data mighation or command in a sperate patch that is after the fix	14:00
sean-k-mooney	so we can backport the fix only if we chosse too	14:00
artom	stephenfin, you cool with that? ^^ I can push the fixes that I have for your comments, and we can figure out the online data migration thing in a separate patch?	14:00
sean-k-mooney	to prevent new vms form breaking	14:00
sean-k-mooney	then we can see how the stable team feals about backporting the nova manage command or the data migration after its fixed on master	14:01
lyarwood	gibi: I don't :)	14:02
gibi	lyarwood: ack	14:02
openstackgerrit	Artom Lifshitz proposed openstack/nova master: Test SRIOV port move operations with PCI conflicts https://review.opendev.org/c/openstack/nova/+/783084	14:07
openstackgerrit	Artom Lifshitz proposed openstack/nova master: Update SRIOV port pci_slot when unshelving https://review.opendev.org/c/openstack/nova/+/784168	14:07
gibi	kashyap: after the current eventlet topic we will try to take your stuff from the nova etherpad	14:08
kashyap	gibi: Hi, I'll join in a few mins. Thanks! It's nothing super-pressing, though	14:10
gibi	kashyap: ack, thanks	14:10
*** rpittau is now known as rpittau\|afk		14:15
*** sapd1 has joined #openstack-nova		14:28
*** k_mouza_ has quit IRC		14:36
*** k_mouza has joined #openstack-nova		14:36
*** lbragstad_ has joined #openstack-nova		14:38
kashyap	gibi: Feel free to do the time-check :)	14:39
*** lbragstad has quit IRC		14:42
*** dklyle has joined #openstack-nova		14:43
kashyap	How much time we have left? I'm not paying attention to the clock	14:49
*** macz_ has joined #openstack-nova		14:50
*** macz_ has quit IRC		14:50
*** sapd1 has quit IRC		14:52
*** sapd1 has joined #openstack-nova		14:53
lyarwood	brb	15:02
*** k_mouza_ has joined #openstack-nova		15:12
*** k_mouza has quit IRC		15:16
*** k_mouza has joined #openstack-nova		15:20
melwitt	bauzas: when you suggested documenting use of the os-assisted-volume-snapshots API, did you intend that for an out of tree driver? https://review.opendev.org/c/openstack/nova/+/787415	15:23
*** k_mouza_ has quit IRC		15:23
bauzas	melwitt: in the etherpad ? I thought lpetrut was mentioning some in-tree driver that was supporting it	15:24
bauzas	but nevermind my point then	15:25
bauzas	I was confused	15:25
bauzas	melwitt: actually, apologies for the silly question but do you know the difference between https://github.com/openstack/nova/tree/master/nova/virt/hyperv and https://github.com/openstack/compute-hyperv/ ?	15:27
melwitt	bauzas: I don't really but lpetrut explains the differences in the patch comment and etherpad. the in tree driver doesn't use os-assisted-volume-snapshots but the out of tree driver does, which is just one example	15:28
bauzas	melwitt: okay, then I'll fence the patch above	15:28
melwitt	I kind of wish we could just remove in tree drivers in these cases where "no one is using it", seems pointless to have it in the code	15:31
lyarwood	agreed	15:33
bauzas	that's a reasonable concern and we should somehow understand what are the benefits of keeping such code	15:33
bauzas	looking at the compute-hyperv repo, this sounds a fork	15:34
*** mlavalle has joined #openstack-nova		15:47
artom	sean-k-mooney, so for my own education - if the MTU is going down, telling the guest OS via some means (DHCP?) is enough, no? Because incoming packets will presumably have the new smaller MTU, and so will "fit" on the tap device. So the guest just needs to know to reduce the size of what it sends.	16:10
artom	The problem comes if the MTU goes up. In that case, the tap device does need to have its MTU increased, to accommodate the larger incoming packets.	16:10
sean-k-mooney	artom: it will be eventually	16:13
sean-k-mooney	artom: but we already do this	16:13
sean-k-mooney	artom: neutron advertises the mtu to the guest in dhcp for quite a long time	16:14
sean-k-mooney	and it will update the value when you update it in the api	16:14
sean-k-mooney	but the guest wont ask for a dhcp update until half its remaining lease is avaible	16:14
sean-k-mooney	a normal leas is between 1-7 days	16:14
artom	Ah, and there's no "gratuitous DHCP"	16:15
sean-k-mooney	so it would be multiple days typeicaly until it was informed	16:15
sean-k-mooney	artom: not that im aware of	16:15
sean-k-mooney	brb getting a drink	16:15
*** k_mouza has quit IRC		16:16
artom	"There is a FORCERENEW message that your DHCP server can issue to clients:	16:17
artom	https://www.ietf.org/rfc/rfc3203.txt	16:17
artom	Your clients have to support this mechanism, of course."	16:17
artom	https://networkengineering.stackexchange.com/questions/25618/dhcp-option-26-mtu-queries	16:17
artom	sean-k-mooney, err, the query string is encrypted in SSL	16:22
artom	The host isn't for SNI	16:23
artom	But the query stirng is	16:23
*** hamalq has joined #openstack-nova		16:27
sean-k-mooney	oh ok	16:30
sean-k-mooney	so ssl is the fix?	16:30
*** hamalq_ has joined #openstack-nova		16:33
artom	sean-k-mooney, for MTIM snooping, yes	16:34
artom	*MITM	16:35
*** hamalq has quit IRC		16:36
*** lucasagomes has quit IRC		16:38
lyarwood	melwitt: https://review.opendev.org/c/openstack/nova/+/757307 - would you mind checking this out today if you have time after ptg?	16:48
melwitt	lyarwood: sure	16:51
lyarwood	thanks	16:58
*** andrewbonney has quit IRC		17:00
*** derekh has quit IRC		17:01
*** dtantsur is now known as dtantsur\|afk		17:22
*** ralonsoh has quit IRC		17:23
*** lbragstad_ is now known as lbragstad		17:23
*** slaweq has quit IRC		17:38
*** gyee has joined #openstack-nova		18:05
-openstackstatus- NOTICE: The Gerrit service on review.openstack.org is being restarted to pick up some updates, and should be available again momentarily		19:02
*** bbowen has quit IRC		20:03
*** belmoreira has quit IRC		20:20
*** swp20 has quit IRC		20:38
*** elod has quit IRC		20:40
*** elod has joined #openstack-nova		20:42
*** whoami-rajat has quit IRC		20:59
*** bbowen has joined #openstack-nova		21:17
*** ociuhandu has joined #openstack-nova		21:45
*** ociuhandu has quit IRC		21:49
openstackgerrit	Dmitrii Shcherbakov proposed openstack/nova-specs master: Introduce Transport Nodes https://review.opendev.org/c/openstack/nova-specs/+/787458	22:00
*** slaweq has joined #openstack-nova		22:09
*** slaweq has quit IRC		22:20
*** amodi has quit IRC		22:29
*** bbowen has quit IRC		22:43
*** luksky has quit IRC		23:02
*** tosky has quit IRC		23:58

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!