Monday, 2024-06-10

« Sunday, 2024-06-09 Index Tuesday, 2024-06-11 »
opendevreviewmelanie witt proposed openstack/nova master: Support create with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/87093203:45
opendevreviewmelanie witt proposed openstack/nova master: Validate key manager create access in API  https://review.opendev.org/c/openstack/nova/+/91998903:45
opendevreviewmelanie witt proposed openstack/nova master: Clean up unused ephemeral encryption libvirt secrets  https://review.opendev.org/c/openstack/nova/+/91999003:45
opendevreviewmelanie witt proposed openstack/nova master: libvirt: "Auto heal" ephemeral encryption secrets on guest launch  https://review.opendev.org/c/openstack/nova/+/91999103:45
opendevreviewmelanie witt proposed openstack/nova master: Support (resize|cold migration) with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/87093303:45
opendevreviewmelanie witt proposed openstack/nova master: Support live migration with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/90551203:45
opendevreviewmelanie witt proposed openstack/nova master: Support rebuild with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/87093903:45
opendevreviewmelanie witt proposed openstack/nova master: Add Glance standardized encryption image properties  https://review.opendev.org/c/openstack/nova/+/92134503:45
opendevreviewmelanie witt proposed openstack/nova master: Support encrypted source images for qcow2  https://review.opendev.org/c/openstack/nova/+/91999203:45
opendevreviewmelanie witt proposed openstack/nova master: Add encryption support to qemu-img rebase  https://review.opendev.org/c/openstack/nova/+/87093603:45
opendevreviewmelanie witt proposed openstack/nova master: Add backing_encryption_secret_uuid to BlockDeviceMapping  https://review.opendev.org/c/openstack/nova/+/90796003:45
opendevreviewmelanie witt proposed openstack/nova master: Support encrypted backing files for qcow2  https://review.opendev.org/c/openstack/nova/+/90796103:45
opendevreviewmelanie witt proposed openstack/nova master: Support rescue with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/87367503:45
opendevreviewmelanie witt proposed openstack/nova master: Support snapshot with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/87093703:45
opendevreviewmelanie witt proposed openstack/nova master: Support cross cell resize with ephemeral encryption for qcow2  https://review.opendev.org/c/openstack/nova/+/90959503:45
opendevreviewmelanie witt proposed openstack/nova master: libvirt: Introduce support for raw with LUKS  https://review.opendev.org/c/openstack/nova/+/88431303:45
*** ykarel_ is now known as ykarel07:01
sahid13:09 < sahid> o/11:11
sahid13:10 < sahid> regarding placement, is there a way to make the in_tree query using POST instead of GET?11:11
sahid13:10 < sahid> we are using routed provider network, which create many aggregates per hosts11:11
sahid13:11 < sahid> we are in that situation where the URI is too long when calling an placement API with request that use in_tree11:12
sahidbauzas: perhaps you have some idea11:12
sahidhum in same time using POST does not look right in an API's point of view11:50
sahidwe can perhaps improve nova to batch requests11:50
sean-k-mooneysahid: in general no12:49
sean-k-mooneywe had discussed moving the query form the uri to a post boday a long time ago but there was resitance to doing that12:50
bauzassahid: sorry, have a flapping network for now13:00
sean-k-mooneysahid: unless your hitting the RFC spec limit on a uri, which i think is 64k you are likely hitting a limit in your loadbalancer or webserver13:01
sean-k-mooneyso that is what i woudl try adjusting first13:01
sean-k-mooneysahid: api changes are not backporatbale and allowing an alternitive way to query palcyement would be an api change13:01
sean-k-mooneyso for your current deployment that is really the only option aviable (adjust the limit in your loadbalabcer/webserver) or reduce the number of network segments13:02
sahidsean-k-mooney: yes thank you it's basically on what we are currently working13:08
sahidin same time i'm going to impl fix for our current release, I'm not sure that is going to change the API13:09
sean-k-mooneywhat kind of fix13:09
sean-k-mooneymodifying the qurey size limit is valid but modifing the call to placement would be ill advised13:10
sahidyes rights, give me a moment I'm going to share it with you13:11
sean-k-mooneybatching request is also proably hnot someting we woudl do in nova13:11
sean-k-mooneythat has performance and correctness issues13:11
opendevreviewSahid Orentino Ferdjaoui proposed openstack/nova master: scheduler: fix _get_sharing_providers to support unlimited aggr  https://review.opendev.org/c/openstack/nova/+/92166513:12
sahidsean-k-mooney: i guess but you also want to handle enviroment that scale13:13
sean-k-mooneysure but in general we would not expec there to be more hten a hand ful of network segments per neutorn providree network and more then a hand full of ports per vm13:15
sean-k-mooneyi.e. 5 segments per network and 5 port per vm for 25 ish uuids max for a large vm/deployment13:16
sean-k-mooneyyou can have more but i would think that is very atypical13:16
sahidsean-k-mooney: with rpn you can't have more than one physnet attached to a segment for a given network, that means if you want to have small broadcast domain you have to have lot of networks13:17
sahidI have fixed that missing in neutron, but it's only available start to zed13:18
sean-k-mooneyyes having lots of network is intened apprch13:19
sahidfor each host, you have an agregate related that is created by neutron13:19
sean-k-mooneynot one large network with lots of segments13:19
sahidto ensure the vm is schedule on a host that handle the requested physnet13:19
sean-k-mooneyyou do not have 1 aggreate per host13:19
sean-k-mooneyyou have one aggrate per network segment and all hosts on the relevent phsynet related to the segment are added to that aggreate13:20
sahidyou have a aggregate for each segments, (sorry)13:20
sean-k-mooneythis is a know design limiattion with segment by the way13:20
sahidif you have 100 networks and two physnet per networks, you hqve 200 aggregates13:20
sean-k-mooneyi orgially tried to have neutron not sue physnest for that mapping13:20
sahidsean-k-mooney: yes fixed for zed13:20
sean-k-mooneyso in zed you can create segments and map the to specific hosts?13:21
sean-k-mooneywithout using phsynets13:21
sean-k-mooneyadding multiple phsynets to a network is not reallly the correct way to model this13:21
sahidhttps://github.com/openstack/neutron-specs/blob/master/specs/zed/multiple-routed-provider-network-per-compute.rst13:21
sean-k-mooneyyou should have muliptle phsynets but you should not have network span physnets13:22
sahidsean-k-mooney: you want ability to extend you using subnet to take advantage of the scheduling, basically the user request a network, if one subnet is out of ips, then the process switch to the next subnet13:23
sahidif we don't have this mech, the vm is in error13:23
sahidwhich is not really "cloud"13:23
sean-k-mooney sure but you can have multipel subnets mapped to the same segment13:23
sean-k-mooneysegmetns were ment to model l2 broadcast domains13:24
sean-k-mooneyand be mappable to indeivgual hosts 13:24
sean-k-mooneythere was an api for that in the orginal propaosl13:24
sean-k-mooneyand along the way it got replaced with using the phsynet for segment affintiy13:24
sahidyou that means you remove the 1:1 mapping between l2 and l313:24
sean-k-mooneywhich was the architureal mistake that should have been fixed13:24
sean-k-mooneyi mena neutron should have an api to allow you to mapp computes hots to network segments13:25
sean-k-mooneyand allow you to have multiple subnets per segment13:25
sahidsean-k-mooney: I think we can do that in neutron13:25
sahidcurrently there is a real desir of having a 1:1 mapping between a vlan and a subnet13:27
sahidyou don't want to have two subnet sharing the same vlan13:28
sean-k-mooneyhow this was ment to scale orgianly is 1 segment per broadcast doamin (TOR switch), each segment should have multipel l3 routed subnets, and each segment was intended to mapped to the specific host that are attach to that broadcast domain13:28
sahidi see13:29
sean-k-mooneyif you want a 1:1 mapping between vlan and subnet that requireds 1 network per subnet13:29
sahidno anymore :-)13:29
sahidbut yes previously it was like that13:29
sean-k-mooneyright but im saying i dont think the feature added in zed is good for scaling13:30
sean-k-mooneyor at least it not implemted how i would do that13:30
sahidit is good from an user point of view13:30
sean-k-mooneynot if it causes schduign issue by an expoltion of aggreates meaning they cant use it13:31
sahidinteresting point :-) perhaps the design used by placement is not so ideal ... ;D13:32
sean-k-mooneyor neutron is not useing it properly13:33
sean-k-mooneysahid: im really not inclidned to extend nova ot supprot this neutron feature13:33
sean-k-mooneyto me its breakign the desing of how l3 routed networks was intended to work13:33
*** hemna- is now known as hemna13:36
sahidsean-k-mooney: not really sure, the datastructure in neutron was originaly exposed to handle multiple-segments13:38
sahidbut anyway, back in the fix proposed, it is not going to change nova behavior for small deployments and helps large deployments13:39
sean-k-mooneyneutorn often add extentsion without addign the nova support.13:39
sean-k-mooneyfor example noava still does nto supprot the multi physnet extention i belive13:39
sahidsean-k-mooney: yes in some situation it always take the first subnet13:40
sahidI this the issue is when you specify a fixed ip when creating the vm13:40
sean-k-mooneysahid: it is a change in behavior as today we only make 1 palcmenet query per schduilng request (ignoriang a deprected config option)13:40
sahidsean-k-mooney: it will alqys be the same one request13:41
sahidthe limit of 200 is basically the limit we have observed13:42
sahid(about 220)13:42
sean-k-mooneythe fix is raisign an exaction based on a hard coded max query size13:42
sean-k-mooneythat is deployment sepciric13:42
sean-k-mooneywe have a custoemr with a similar probelem for a diffent reason13:42
sean-k-mooneythey had ~600 aggrates per host13:42
sean-k-mooneybefore they hit the limit in our installer13:42
sean-k-mooneyso add ign a hardcoded check like this would 1 break them and 2 break the workaround they want to use13:43
sean-k-mooneywhich is to increase the query string limit13:43
sean-k-mooneywhich they tested and works for them13:43
sahidnot sure to understand13:44
sahidthe fix split the number of uuid passed to the uri13:44
sahidif it is more than 20013:44
sean-k-mooneywhich intoduces multipel quereis13:44
sahidonly for env with more than 20013:45
sean-k-mooneygibi: you were looking into this on our side13:45
sean-k-mooneygibi: didnt you mention we doen seem to need to call _get_sharing_providers in teh comptue manager today ?13:46
sahidso for most of the deployment we don't change the behavior13:46
sahidand for the other, we fix their issue13:46
sean-k-mooneysahid: we cant use a constant  fo 20013:46
sean-k-mooneyif we were to do this we need to have it be configurable13:47
sean-k-mooneybut the reason im pinign gibi into the conversation is i think they determined this was not curestly used in compute manager where its called13:47
sean-k-mooneysahid: https://bugzilla.redhat.com/show_bug.cgi?id=228307513:48
sean-k-mooneysahid: we were considering if we coudl remove this funciton entirely13:48
sean-k-mooneythe pagingation fo this query is perhaps somethign we coudl do but i think we would need to make the size configurabel if we did13:49
sahidhum... interesting yes13:50
gibisean-k-mooney: what I remember it is used in the resource tracker to cache the sharing realtionship into the internal provider_tree. 13:50
sean-k-mooneyright and today im not sure that cache is actully used in the resouce tracker for anything13:51
sean-k-mooneysahid: if the bug you reported is just with the compute manager/resouce tracker  and not the sechduler13:52
sean-k-mooneyi guess your propsoed patch is not a behaivor chage when scheduling13:52
sean-k-mooneyso the bug you reported is proably valid13:53
sean-k-mooneywhat im not sure would be valid is making muliple request ot the allcoation candiate api in a similar way13:53
sean-k-mooneythat is what i tought you were suggesting but looking at your patch its not13:54
*** bauzas_ is now known as bauzas14:00
gibiI belive what is proposed is heavy behavior change. Today the returned RP needs to be in all the aggregates passed, in the new code it only needs to be in a subset of those aggregates.14:00
gibipotentially in the last loop the RP only need to be in the last aggregate14:01
gibiwe cannot paginat the query itself14:01
sean-k-mooneywhat is proposed is not affecting the allocation candiate query14:02
sean-k-mooneyat least that is what i understood sahid was asserting14:02
gibiit affects the meaning of _get_sharing_providers14:03
gibiwe cannot just do that bindly14:03
sean-k-mooneyyes i know 14:03
sean-k-mooneybut but what im saying is we shoudl not be calling that when generating the allcoation candiate request14:03
sean-k-mooneybut your right that we have to be carful which is why i was orginally pushing back on shaids approch. but if it only affecting the resouce-tracker cache that less fo a concern14:04
gibieven if it is only used in the tracker we cannot allow to have wrong data in the tracker, maybe tomorrow a new feature will start using that data.14:06
sean-k-mooneysure14:06
sean-k-mooneybut i never said we shoudl14:07
gibiso I'm hard -1 in the current version of the patch14:07
gibiI guess I'm not arguing against you but against the patch itself :)14:08
sean-k-mooneyso the current verison of the patch should not chagne the behaivor14:08
sean-k-mooneyeither we would loop over all the aggreates and return the comined set14:08
sean-k-mooneyor raise the same excption we raised previosusly14:08
sean-k-mooneythe main issues is  that there coudl be a chagne in the assocation during the iterations14:09
gibino, that is my point, we cannot just combine the results14:09
sean-k-mooneythis is the set of sharing resouce providers that share with this host14:09
sean-k-mooneywhy can we not just combine?14:09
gibino this is all the RPs that in an aggregate14:09
gibithis is not just a single RP14:10
sean-k-mooneyno 14:10
sean-k-mooney "/resource_providers?member_of=in:%s&required=%s" % (14:10
sean-k-mooney                aggs, os_traits.MISC_SHARES_VIA_AGGREGATE)14:10
sean-k-mooneythis is only the resouce providers in teh aggrate with the os_traits.MISC_SHARES_VIA_AGGREGATE triat14:10
sean-k-mooneyso only the sharing providers14:10
gibibut not for a single host14:10
gibithere is no 'this host' filter14:11
gibiin the queru14:11
gibiin the query14:11
sean-k-mooneythere does not need to be14:11
sean-k-mooneywe are asking for all the sharing provider in the aggrate our host is a member of14:11
sean-k-mooneythat what the in: query is doing14:11
sean-k-mooneythe agg_uuids var is the list of aggreates the current host is a member of14:12
sean-k-mooneywe tyically expect only one RP in an aggrate to have MISC_SHARES_VIA_AGGREGATE althogh that is not strictly required14:13
gibiahh I misremembered the meaning of 'in:' the query14:13
gibithat is not AND, that is OR14:13
sean-k-mooneywell member_of=in:%14:13
sean-k-mooneyso member_of is "filter by aggartge" and in is the same meaing as container or in in python14:14
sean-k-mooneyi.e. filter by aggrage where the aggreate uuid is in "list of uuids"14:14
sean-k-mooneyand we prefilter the aggreate list to only the ones that this host is in14:15
sean-k-mooneyim still -1 on sahid patch as is because i woudl like to see a repoducer test and then test coverage for this14:16
sean-k-mooneybut i think exteranlly the beahivor is the same but internally there is now pagination14:16
sean-k-mooneyi dont think hardcodeing the pagination to 200 uuids however is a good thing14:17
sean-k-mooneysicne that depend on yoru loadbalnacer config14:17
sahidsorry guys I had to switch to a meeting.14:21
sahidfair enough I will add a configurable14:21
gibiyeah I was wrong as I thought we query for PRs that are in _all_ the aggregates but we query for RPs that are in _any_ of the aggregates. I will drop my -1 14:24
sean-k-mooneyoh you tought the in was an and not an or just read that14:25
sean-k-mooneyya its an or of all the uuids in the list14:25
sean-k-mooneyin is basically AnyOf rather then AllOf14:26
gibiyeah14:27
gibiand as it is an OR I agree that we can do multiple queries and combine the results14:27
sean-k-mooneyim kind of ok in the preodics14:28
sean-k-mooneyim not sure that is ok for the schduler but the schduler scales the query based on teh guest request14:28
sean-k-mooneynot the number of aggrates that exist14:28
sean-k-mooneyso i think tis less of a problem there14:28
*** haleyb|out is now known as haleyb14:51
opendevreviewWill Szumski proposed openstack/nova stable/2023.2: Use configuration for single enabled mdev type  https://review.opendev.org/c/openstack/nova/+/92168615:19
opendevreviewWill Szumski proposed openstack/nova stable/2023.1: Use configuration for single enabled mdev type  https://review.opendev.org/c/openstack/nova/+/92168715:19
opendevreviewSahid Orentino Ferdjaoui proposed openstack/nova master: scheduler: fix _get_sharing_providers to support unlimited aggr  https://review.opendev.org/c/openstack/nova/+/92166515:50
melwittdansmith: here's one of the kernel panics I got recently https://fbf109e10bffd8a657b2-ace28e47b1213bdab56305960a7f8056.ssl.cf5.rackcdn.com/919986/2/check/tempest-integrated-compute/4b51a9c/testr_results.html16:07
melwittand this https://86989508e8a17de7a050-16e5a6d00ae68a8470fe17c7f38ebfca.ssl.cf2.rackcdn.com/921586/1/check/tempest-integrated-compute-rbac-old-defaults/8980965/testr_results.html16:07
dansmithokay yeah that first one looks like what we had seen before16:08
dansmithand the second16:08
melwittthis one also looks like https://5edd60feb751137d1041-26db3adf591a82ec37c96a7d3180086f.ssl.cf5.rackcdn.com/870932/41/check/nova-next/be498dc/testr_results.html16:10
melwittthis one is different https://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_29d/919989/4/check/nova-ceph-multistore/29db296/testr_results.html16:11
melwitt(soft lock up ^)16:11
melwittthis one is also different https://storage.gra.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_d1c/919991/4/check/tempest-integrated-compute-enforce-scope-new-defaults/d1c7ab9/testr_results.html16:12
sean-k-mooney the soft lockup seams ot be related to a memroy allcotion 16:13
sean-k-mooneyi wonder if that is related to the amount of ram we are usign for the vms but its got 128mb16:14
sean-k-mooneyso it shoudl not be a proablem16:14
sean-k-mooney  18.269292] Freeing unused decrypted memory: 2036K16:15
sean-k-mooney[   18.395056] Freeing unused kernel image (initmem) memory: 3244K16:15
sean-k-mooney[   18.397470] Write protecting the kernel read-only data: 30720k16:15
sean-k-mooney[   18.419370] Freeing unused kernel image (text/rodata gap) memory: 2036K16:15
sean-k-mooney[   18.433426] Freeing unused kernel image (rodata/data gap) memory: 1448K16:15
sean-k-mooneyit has already freed the ram disk and early allcoations16:15
sean-k-mooneycirros-0.6.2-x86_64-disk.img so that pretty new16:19
sean-k-mooneyor at least its using a ubuntu 22.04 kernel16:19
sean-k-mooneyit look like eitehr a real out of memory issue or a kernel bug to me16:20
sean-k-mooney0.6.2 was released in may so we coudl perhaps ask for a 016:21
sean-k-mooney0.6.3 release with the latest hardwer enabeling kernel package?16:21
melwittit seems like all of the swift put_object failures I see occur in the nova-lvm job on tests that have nothing to do with volumes. I don't get it Jun 10 04:45:27.576181 np0037692500 devstack@g-api.service[86519]: ERROR glance.common.wsgi Got error from Swift: put_object('glance', 'b1cfd7cf-ff23-4b05-be12-48ce3e14d593-00001', ...) failure and no ability to reset contents for reupload..17:00
sean-k-mooneyhum... we dont need swift in that job17:01
sean-k-mooneythe nova-lvm jobs is ment to test nova with the lvm storage backend17:01
sean-k-mooneyand nova never talks to swift17:01
melwittthat's where glance is uploading images though17:01
sean-k-mooneyright but it could and proably should be using the file backend17:02
sean-k-mooneynot the swift backend17:02
melwittoh, yeah17:02
dansmithwhy "should" ?17:04
sean-k-mooneyas in why it should not be using swift?17:07
dansmithyeah17:07
sean-k-mooneyjust to keep the job smaller17:07
sean-k-mooneyits not really imporant to testing the lvm storag backend17:07
dansmiththe default config is to use swift though right?17:07
sean-k-mooneyno file17:07
sean-k-mooneyalthough maybe that depend on if swift is deployed17:08
dansmithI think if swift is deployed (which it is in the integrated job, AFAIK) then we'll use it17:08
sean-k-mooneyswift is deployed by default in devstack although i always turn it off so im used to glance using file17:08
dansmithI don't see that the LVM job is configuring it specifically.. and point being just that the fewer deltas from the base job the easier it is to reason about failures and why they're different17:08
sean-k-mooneyor cinder17:09
sean-k-mooneywell i would not expect the base job to use swift for glance17:09
dansmithI would unless we don't deploy swift17:09
dansmithI don't see an "enable_service" for the nova-lvm job that is opting into swift, is my point17:10
dansmithokay but maybe integrated-compute does disable it?17:12
sean-k-mooneyi dont know i might have actully bee looking at the multi store job not lvm17:12
sean-k-mooneythe multi store job does turn it off http://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_29d/919989/4/check/nova-ceph-multistore/29db296/controller/logs/_.localrc_auto.txt17:13
sean-k-mooneymaybe i misread the job name but i dont have a nova-lvm tab open so im kind of confuged why i tought it was nova-lvm17:14
dansmithokay, tbh I thought more of our jobs were running with swift-backed glance since it's the default, but perhaps "most" is not quite right17:14
dansmithhttps://github.com/openstack/tempest/blob/master/zuul.d/integrated-gate.yaml#L15117:15
sean-k-mooneyso i would have personaly tough glance is rarely backed by swift and file or cinder backend woudl be more common17:15
dansmithnot me :)17:15
dansmithbacking it by file requires shared storage and I think doing so by cinder is rather expensive, IIRC17:16
sean-k-mooneyi guess im just used to swift not being deployed in the enviornment i look at17:16
sean-k-mooneyactully we were talking about timeout an dthe integreated compute job and its deritives17:17
sean-k-mooneyhttps://github.com/openstack/tempest/blob/master/zuul.d/integrated-gate.yaml#L14117:17
sean-k-mooneylooks like its already reduced to 417:17
sean-k-mooneyi guess we clampped it to 4 because of failure when we rased the default for the rest to 617:18
sean-k-mooneydansmith: looking at a clople of the tiemout they are all on rax but spread across 3 datacenters rax-iad, rax-dfw and rax-ord17:22
sean-k-mooneydansmith: https://tinyurl.com/3bf6nhkh17:30
sean-k-mooneyactull i think i need to grop by somethign17:31
sean-k-mooneyso that i only get on ehit per job17:31
dansmithyeah, it wouldn't surprise me at all if rax is the oldest/slowest of the providers17:32
dansmithmaybe we could group only smaller jobs to run on rax17:32
sean-k-mooneythey also run our vms on xen not kvm i belive17:32
*** bauzas_ is now known as bauzas17:36
sean-k-mooneyok this is better https://tinyurl.com/35dfcfcy17:38
sean-k-mooneyonly 72 hits mostly rax17:38
sean-k-mooneywhat would be useful is if we could break down the average job runtime by provider17:39
*** bauzas_ is now known as bauzas17:56
*** bauzas_ is now known as bauzas19:01
*** bauzas_ is now known as bauzas19:46
*** bauzas_ is now known as bauzas19:54
*** bauzas_ is now known as bauzas20:48
*** bauzas_ is now known as bauzas21:54
*** bauzas_ is now known as bauzas22:06
*** bauzas_ is now known as bauzas22:18
*** bauzas_ is now known as bauzas23:18
« Sunday, 2024-06-09 Index Tuesday, 2024-06-11 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!