Monday, 2021-09-20

« Sunday, 2021-09-19 Index Tuesday, 2021-09-21 »
* stephenfin waves06:09
* gibi waves back07:21
bauzasgood morning Nova07:37
bauzasgibi: stephenfin: hola folks07:37
* bauzas had a longer dogwalk this morning :p07:37
lyarwood\o morning07:48
*** rpittau|afk is now known as rpittau07:55
gibio.07:58
gibio/07:58
* kashyap waves07:58
oklhostsean-k-mooney: thanks, seems we got less log entries.08:56
opendevreviewThomas Goirand proposed openstack/nova master: Add missing __init__.py in nova/db/api  https://review.opendev.org/c/openstack/nova/+/80998009:14
zigobauzas: Good morning, there's a ooopsy there, no ? ^09:15
* bauzas looks09:15
bauzaszigo: well, good question, I'm not sure we need it09:15
bauzaswhat kind of issue you have ?09:16
zigobauzas: When I later on generate nova.conf with oslo-config-generator (with nova installed debian/tmp/usr/lib/python3/dist-package) I get a stack dump, with this folder not installed ...09:16
sean-k-mooneybauzas: without __init__.py its technially not a python module09:17
bauzasyup09:17
bauzasI know09:17
bauzasbut I wonder if it's an issue09:17
zigoSo basically, nova/db/api isn't getting installed when doing python3 setup.py install ...09:17
bauzasthat changed a bit with py3 IIRC09:17
* bauzas rereads https://docs.python.org/3/tutorial/modules.html#packages09:19
bauzasbut I wonder why we have this issue now09:19
bauzasand not before09:19
zigobauzas: 2 things: first, that folder didn't exist in Wallaby, 2/ it's the symptoms of "it works in devstack" ...09:21
zigo(ie: setup.py install isn't being run...)09:21
sean-k-mooneybauzas: presumably because steph change thing with his alembic module09:21
sean-k-mooneywork09:21
sean-k-mooneyhttps://github.com/openstack/nova/commit/bf8b5fc7d05e0a66031a03e50e8f6bb76a921046#diff-6137249efc22cd455ac118bde1598a27beea93adcfcd49b36a2329318fc33c6e09:21
zigoYeah, also this ...09:21
sean-k-mooneyThe two remaining modules, 'api_models' and 'api_migrations', are09:21
sean-k-mooneymoved to the new 'nova.db.api' module.09:21
sean-k-mooneyso bauzas  stephenfin  created that module in august09:21
sean-k-mooneybut missed that file09:22
sean-k-mooneybauzas: so this is a xena release regressions09:22
sean-k-mooneyzigo: devstack will be installing this more or less the same way as the distro09:23
zigoOk.09:23
zigoWell, I don't know, but my patch needs to be merged ! :)09:23
sean-k-mooneywe do not install with -e in devstack09:23
sean-k-mooneyso it should be copying the files to the site-packages directory09:24
sean-k-mooneyand using it form there09:24
sean-k-mooneyzigo: did you file a bug09:24
zigoFor a single "touch __init__.py" ?!? Seriously ?09:24
zigo:)09:24
gibiin the past (stable/wallaby) nova/db/api contained only the migration scripts that was always independently executed to the main nova services but now it contains code that nova services try to import. So I agree we need to fix this09:24
sean-k-mooneyyes09:24
sean-k-mooneyzigo: we will need to do an RC209:24
zigoOk, filing the bug.09:25
gibizigo: thank you for catching this09:26
opendevreviewThomas Goirand proposed openstack/nova master: Add missing __init__.py in nova/db/api  https://review.opendev.org/c/openstack/nova/+/80998009:29
zigoThere you go...09:29
zigoBug filled, PR closing it.09:30
zigoI'm used to often do single char patches, this one will be ZERO chars ! :009:30
sean-k-mooneyzigo: technially master is now yoga, which is why we need the bug for backporting and if we want to do an RC209:32
sean-k-mooneyif you saw this last week before we created RC1 we proably could have just merged it09:32
zigosean-k-mooney: Ok, thanks for letting me know. Should I wait until my first patch is merged before opening the backport PR ?09:33
sean-k-mooneyam  we should jsut be able to cherry pick this via the api so i think its safe to do it now09:34
zigoOh also, is there anything to know from the user's point of view about the sqla-migrate -> alembic switch?09:34
zigoOr is it fully transparent?09:34
sean-k-mooneyi dont expect this to take long to review given its size :)09:34
sean-k-mooneyzigo: well other then the packageing impact no09:34
zigoOk, cheers.09:35
sean-k-mooneyi.e. the nova-mange command is still the same but you obvioulsy need alembic installed09:35
sean-k-mooneyzigo: ok that has the flags and marked it as critical since it blocks packaging https://bugs.launchpad.net/nova/+bug/194411109:38
zigoThe stable/xena branch is missing a defaultbranch=stable/rocky in the .gitreview file no ?09:41
gibihttps://review.opendev.org/c/openstack/nova/+/80975909:42
gibithe setup of stable/xena is not fully done yet as RC1 and the branch was cut last Friday09:42
zigoOk, so I guess I must wait for that one to merge ... :/09:43
gibilyarwood, bauzas, elodilles: you you look at https://review.opendev.org/q/topic:create-xena+project:openstack/nova ?09:45
gibis/you/could/09:46
lyarwoodYup happy to09:47
* lyarwood clicks09:47
bauzasgibi: +Wd 09:50
bauzasfwiw, also +wd https://review.opendev.org/c/openstack/nova/+/809761/1 and the above one09:51
bauzasso we will have the xena release notes09:52
bauzaswe miss a second core on https://review.opendev.org/c/openstack/nova/+/80976209:52
opendevreviewTakashi Kajinami proposed openstack/nova master: Fix the wrong exception used to retry detach API calls  https://review.opendev.org/c/openstack/nova/+/80993409:52
gibibauzas: done09:53
bauzashttps://review.opendev.org/q/project:openstack/nova+owner:infra-root%2540openstack.org+is:open shows me all the xena paperwork for our jobs and reno are done09:53
bauzasgibi: thanks09:53
bauzaszigo: sorry was taxidriving my daughter from school09:53
* bauzas now has to cook for her :)09:54
bauzaszigo: +Wd your change09:55
bauzaszigo: please provide a backport change for stable/xena too09:56
bauzasso we will create a RC2 09:56
* bauzas goes to the kitchen09:58
gibibauzas: after you are back placement also needs care after RC1 https://review.opendev.org/c/openstack/placement/+/809366 10:05
gibibauzas: I will look into the lower constraints failre in placemenet stable/xena setup patches, probably that impacts placement master too 10:06
opendevreviewBalazs Gibizer proposed openstack/placement master: [DNM]: Trigger lower-constaints job  https://review.opendev.org/c/openstack/placement/+/80999410:07
gibiyepp it seems master lower-constraints also times out in placement too ^^10:46
gibiwill fix it based on how neutron fixed it 10:46
gibilyarwood, stephenfin: is it an RC critical fix https://review.opendev.org/c/openstack/nova/+/809934 ?11:19
stephenfinAh, whoops, probably not (though I'll defer to lyarwood to be sure). I was thinking all bugfixes were fair play right now since we'd branched already /o\11:21
stephenfingibi: feel free to pull it back out11:21
bauzasgibi: ack, taxying back my kid but I'll be around in 15 mins11:21
lyarwoodI was under the same impression11:21
lyarwoodgibi: isn't master open for Yoga now?11:22
gibiI think until the final RC we need to keep master close to stable/xena for any last minute backport11:22
lyarwoodthat's fair, yeah it isn't critical so feel free to yank it out if you can11:23
lyarwoodand FWIW I'm not a huge fan of policy we can't enforce in the tooling like this11:23
opendevreviewBalazs Gibizer proposed openstack/nova master: Fix the wrong exception used to retry detach API calls  https://review.opendev.org/c/openstack/nova/+/80993411:23
gibiyanked11:23
lyarwoodthanks11:23
bauzasgibi: all placement Xena changes are now +Wd https://review.opendev.org/q/project:openstack/placement+owner:infra-root%2540openstack.org+is:open12:07
gibibauzas: thanks but lower constraints fix will be still be needed12:07
gibias the job will time out12:07
gibiI'm working on it12:08
bauzasgibi: ack thanks12:08
bauzasgibi: what is the change ?12:08
gibilower constraint bump on master first12:08
gibias it effects master12:08
gibithen we can lament on either we bump lower on stable/xena too, or look into somehow pinning setuptools version on stable branches12:09
gibithe thing is that we dont pin setuptools coming from virtualenv package on stable so we use basically the latest on every stable12:10
gibian the latest setuptools removed support for some features old packages are depends on12:10
bauzas(14:08:46) gibi: lower constraint bump on master first12:10
bauzascan't see it 12:10
gibihaven't proposed yet12:11
bauzasoh ok12:11
gibi14:08 < gibi> I'm working on it12:11
gibi14:08 < gibi> I'm working on it12:11
gibi14:08 < gibi> I'm working on it12:11
gibiups12:11
gibisorry12:11
opendevreviewBalazs Gibizer proposed openstack/placement master: Bump min decorator to 4.0.0  https://review.opendev.org/c/openstack/placement/+/81000112:15
gibibauzas: now here it is12:15
bauzasgibi: heh sorry12:15
gibiI was lost couple of hour figuring out what happened12:15
gibiespecially as I don't like the ide to bump a lower constraint on stable branch12:15
gibis/ide/idea/12:16
bauzasagreed12:16
* bauzas goes taying the second kid now12:16
bauzastaxying12:16
* bauzas should be a Kardashian12:16
gibias like https://en.wikipedia.org/wiki/Cardassian ? :)12:18
opendevreviewMerged openstack/nova master: Update master for stable/xena  https://review.opendev.org/c/openstack/nova/+/80976112:18
opendevreviewMerged openstack/nova master: Add Python3 yoga unit tests  https://review.opendev.org/c/openstack/nova/+/80976212:19
gibiinterestingly nova stable/xena is not effected12:20
gibihm in nova we already have decorator >= 4.1.0 since https://review.opendev.org/c/openstack/nova/+/744506/2/lower-constraints.txt#2012:22
belmoreiraHi, I need your help to understand if I'm missing something in the new vnc configuration12:52
belmoreiraI can finally move nova to "train" release and I'm digging again into the vncproxy changes that were introduced by this time. The vncproxy does now the token validation from the cell DB. In stein I'm running with "workarounds/enable_consoleauth"12:52
belmoreiraCurrently, I have the same vncproxy for all cells. Means that the user gets the same console_url and I only need to open 1 port in the firewall. Also, haproxy configuration is trivial12:53
belmoreiraWith the new arch, the console_url needs to be redirected to the vncproxy of the cell for the token validation12:53
belmoreiraThis means that deployments with a large number of cells need to be creative in the way they expose the different console_urls (per cell)12:53
belmoreiramaybe I'm missing something something here...12:53
bauzasbelmoreira: sorry, I saw your pings but I don't know how to help you15:11
belmoreiraHi bauzas. Thanks, to me this new approach seems really heavy for deployments with a lot cells. For now I'm hacking something similar to [1] to not have a vncproxy per cell. 15:18
belmoreira[1] https://github.com/openstack/nova/blob/0bd61915ee1d96ca339f342a190e395a39afbcf9/nova/api/openstack/compute/console_auth_tokens.py#L4215:18
belmoreiramaybe we can discuss this in the PTG15:18
dansmithit seems strange to me that someone with lots of cells would want to *not* shard that service across cells15:26
dansmithespecially with geo-distributed cells15:27
bauzasagreed with dansmith15:31
dansmith(he dropped)15:31
bauzashah, my internal meeting trampled this discussion15:32
bauzas-ETOOMANYMEETINHS15:32
bauzas:)15:32
kashyapbauzas: Drop the needless ones on the floor like hot potatoes.  And embrace JOMO (joy of missing out)15:57
bauzashah15:59
bauzasnah, I'm still digesting my Friday-late meeting :p15:59
*** rpittau is now known as rpittau|afk16:00
sean-k-mooneyif the central site has direct connectivity to the edge site then you could just centralise the novnc proxy instnace16:06
sean-k-mooneybut ya i would have assumed you would want them at each edge site too16:07
sean-k-mooneywell each cell16:07
sean-k-mooneynot nessisarly edge16:07
sean-k-mooneyi was assuming you would run the novnc proxy on the same host as the cell conductor16:08
dansmithsean-k-mooney: I think the change he's referring to was one to make the service only look in one cell, which means you can centralize services, but not unify them (i.e. you need multiple ports and endpoints, regardless of where they are)16:09
sean-k-mooneyah i see16:13
sean-k-mooneyunless we moved this to the api db, or allowed the proxy to connect to multiple cell dbs  im not sure how we would adress that 16:14
dansmithit used to I think, that's the point16:15
dansmithIIRC we removed that ability when we eliminated the consoleauth service16:15
melwittit (nova-consoleauth) used to use memcache (one instance) to store token auths for the entire deployment16:15
dansmithI imagine that we could add back in just the api db lookup part (like metadata) but I think the expectation was was to make it shard, which I think is a better design, personally16:16
dansmithah right16:16
sean-k-mooneyso really without some way to pass the cell mapping info to a web server there is really no way to use a reverse proxy to expose it over one port/endpoint now16:18
melwittbut yeah, adding a console_auth_token_mappings table would be one way to make it so you only need one console proxy16:18
sean-k-mooneyhow i would proably try and set it up personaly is have it use a subdomain per cell in the url and have a reverse proxy bind to the single port16:18
dansmithoh, do we not get the instance id as well?16:18
sean-k-mooneythen have it delegate to the correct backedn16:18
dansmiththat would suck to have to add another mapping :/16:18
melwittno we don't, token only16:18
dansmithwell then I'm pretty -1 on that plan16:19
sean-k-mooneywe dont need to add anything in nova16:19
dansmithyou could scatter/gather to find it16:19
sean-k-mooneyto find the inial url16:19
sean-k-mooneyya you could16:19
dansmithsean-k-mooney: that's not necessary, because we given them the url from the proxy anyway16:19
dansmithsean-k-mooney: belmiro just doesn't want that16:20
dansmithpresumably because he doesn't want to run multiple services and have multiple firewall rules16:20
melwittoh yeah, I guess he said as much already (scatter gather)16:20
sean-k-mooneyya if he does not want to run multiple proxy instances16:21
dansmithmelwitt: ah, I hadn't even clicked the link, but yeah16:21
melwittwe could add another config option! for choosing whether you want a central console auth16:21
dansmithmelwitt: I think we'd want that as a toggle16:21
dansmithyeah16:21
dansmithbecause if you want most efficient and least-shared, you don't want it doing that16:22
melwittyeah16:22
* bauzas shutdowns for the day16:32
*** efried1 is now known as efried16:44
belmoreirabauzas dansmith melwitt sean-k-mooney I see that you discussed the vncproxy topic. Sorry I needed to leave the office (end of the working day here).18:47
sean-k-mooneyno worries. did you add it to the ptg adgenda18:48
belmoreiranot yet18:48
sean-k-mooneywas dansmith correct when ne assumed you did not want to run multiple novnc proxy instance (1 per cell)18:48
belmoreiralet me explain my concern.18:49
sean-k-mooneyor are you just concerned about how many port you need to open in the fire wall18:49
sean-k-mooneysure18:49
belmoreirahaving the vncproxy per cell in theory is good, because we are sharding the service per cell. But it depends in the deployment... For deployments that only expose the console_url in the internal network is ok.18:49
belmoreiraHowever, in my case I need to expose the vncproxy externally. Having only one set os vncproxies allow me to open only one port in the external firewall and have only one console_url address masked by the load balancer.18:50
belmoreiraThe current approach of having a vncproxy per cell, means that I will have a different console_url per cell. Mapping this with the LB I will need at least to have a different frontend per cell. If I do it per port is a lot of open ports...18:50
sean-k-mooneywell you could18:50
sean-k-mooneyyou can use a reverse proxy instead of a loadblance18:50
sean-k-mooneyand expose only one port and have it route the reuest to the backend based on a partil path match18:51
sean-k-mooneyor using a subdomain per cell18:51
sean-k-mooneyso the reverse proxy is the only thing you open the firewall too and have it dispatch internally to the per cell proxy based on a part of the url18:51
belmoreiratrue, but in those cases we are also exposing the cell architecture to the user18:51
sean-k-mooneyyes at least to the extend needed to match on the url18:52
belmoreirathe console_url will be different per cell18:52
sean-k-mooneyya it would be18:52
sean-k-mooneyso if we allowed a singel vnc proxy to connect to any of the cell dbs that would be your preference18:53
sean-k-mooneybelmoreira: dansmith and melwitt  can correct me if i get this wrong but i think what they were suggesting was add a config option to denote if the novnc proxy should connect to on celldb or multiple and having it do a scater gater request to each cell db in the case of multi cell mode18:54
belmoreirahaving that possibility would be great. I already patch it and have it working in my test infrastructure18:55
sean-k-mooneybelmoreira: that would assume that the novnc proxy can actully connect to all the hyperviors in any cell but i belive that is the cause for your env right18:55
belmoreirayes18:56
belmoreiramy ideal setup is to have a set of vncproxies that can connect to any hypervisor in the region18:58
sean-k-mooneyya which this would give you19:00
sean-k-mooneyi think the main issue is from the consol url we dont know which instance it for without looking up the token and to do that we need to check the cell db19:00
sean-k-mooneyso in this case we would need to check multiple cell dbs which increase the load on the db since only one will have the token19:01
sean-k-mooneyso we would not want to do that by default but we could allow you to opt into it19:01
belmoreirabasically is something similar to the code that I pointed earlier19:02
belmoreiraI agree that this shouldn't be the default. Small deployments would not benefit from it19:03
dansmithyeah that's what I meant.. scatter/gather to find the cell that a token is in is not very efficient, but I think the alternative is a lot more work for the few people that might want it19:04
dansmithI'd definitely prefer solving that at the load balancer level with a url suffix or something like that,19:05
dansmithso I think adding a config to scatter/gather is okay and let's not add a new mapping table just for this until/unless performance becomes an issue19:05
belmoreiraI think it would be ok. Consoles are not a popular api call. I can report after in terms of performance.19:08
belmoreirathank you all. I can add this into the ptg agenda we need to discuss it more19:11
belmoreiraI need to leave now. thank you again19:13
zigoWhat's the problem with https://review.opendev.org/c/openstack/nova/+/809759 ? (ie what's happening with this nova-tox-validate-backport check?)21:15
artomzigo, it checks that the "source" hash is merged in an upstream branch21:57
artomzigo, so if you cherry pick from wallaby to victoria, the victoria check will fail until the wallaby one merged21:57
artomzigo, ah, no, I had the completely wrong idea without even opening the link21:59
artom"Stable branch requires either cherry-pick -x headers or [stable-only] tag!" is what explains it21:59
artomIn the job output21:59
clarkbsounds like someone needs to update the bot or fix the job. Cherrypicking the gitreview change doesn't make sense as it is different than masters22:28
clarkbin my personal opinion it seems like overkill to make people explicitly tag stuff stable only22:28
clarkbits clearly stable only and reviewers can see that why do we need CI to -1?22:28
artomclarkb, it's really a commit message linter, if you think about it23:08
artomI'm very *shrug* about it, though I'd tend to err on the side of "more linting" over "less linting"23:09
« Sunday, 2021-09-19 Index Tuesday, 2021-09-21 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!