Thursday, 2024-09-05

« Wednesday, 2024-09-04 Index Friday, 2024-09-06 »
*** bauzas_ is now known as bauzas00:19
*** __ministry is now known as Guest254701:36
*** bauzas_ is now known as bauzas01:40
*** dtantsur_ is now known as dtantsur02:13
*** __ministry is now known as Guest255402:38
*** bauzas_ is now known as bauzas03:51
*** bauzas_ is now known as bauzas04:11
*** bauzas_ is now known as bauzas05:04
*** bauzas_ is now known as bauzas05:45
*** bauzas_ is now known as bauzas07:06
*** bauzas_ is now known as bauzas07:44
*** bauzas_ is now known as bauzas07:52
*** bauzas_ is now known as bauzas08:00
opendevreviewzhou zhong proposed openstack/nova master: nova-manage: modify image properties in request_spec  https://review.opendev.org/c/openstack/nova/+/92431908:51
opendevreviewzhou zhong proposed openstack/nova master: nova-manage: modify image properties in request_spec  https://review.opendev.org/c/openstack/nova/+/92431908:52
opendevreviewzhou zhong proposed openstack/nova master: nova-manage: modify image properties in request_spec  https://review.opendev.org/c/openstack/nova/+/92431908:56
opendevreviewzhou zhong proposed openstack/nova master: nova-manage: modify image properties in request_spec  https://review.opendev.org/c/openstack/nova/+/92431908:59
*** bauzas_ is now known as bauzas09:11
stansean-k-mooney is there any work being done on using Shared security group during an instance launch?09:54
stanWe have a common security rule that allows access to our backup server, so I would really be handy if we can attach this during instance creation.09:55
sean-k-mooneystan: yes, there is a patch for it but its been worked on inconsitently 09:57
sean-k-mooneyim expecting we will merge in in the next 3-4 weeks shortly after rc1 is released09:57
stansean-k-mooney Thanks, that is great news. :)09:58
sean-k-mooneystan: the issue is that when that feature was orgianlly added to neutron it was not even discussed with us let alone propsoed as an enhanemnet09:58
sean-k-mooneythe gap is not being closed but its a feature not a bug09:59
sean-k-mooneyso we wont be backporting it09:59
sean-k-mooneywith that said its pretty trivial so you could do that downstream if you really wanted10:00
sean-k-mooneystan: https://review.opendev.org/c/openstack/nova/+/81152110:00
stanyeah, I think I will merge it at our downstream. I'm trying to move off of VMware in our company, so I will also try to help as much I can, to contribute back.10:01
stanThanks again for the prompt response :)10:01
*** bauzas_ is now known as bauzas10:21
*** bauzas_ is now known as bauzas11:18
*** bauzas_ is now known as bauzas12:04
opendevreviewMerged openstack/nova stable/2023.1: libvirt: call get_capabilities() with all CPUs online  https://review.opendev.org/c/openstack/nova/+/92755812:07
*** __ministry is now known as Guest260512:50
*** bauzas_ is now known as bauzas12:57
*** bauzas_ is now known as bauzas13:13
*** bauzas_ is now known as bauzas13:50
opendevreviewBrian Haley proposed openstack/nova master: Support creating servers with RBAC SGs  https://review.opendev.org/c/openstack/nova/+/81152114:46
chris218Hi guys is there a reason this patch never got merged or it just wasn't ever proposed? https://opendev.org/openstack/openstack-virtual-baremetal/src/branch/stable/2.0/patches/nova/nova-pxe-boot-pike.patch15:01
JayFI don't know the history of that patch specifically, but the repository it's in has been archived for a couple years. Also the pike release of openstack was something in the neighborhood of 8 years ago? So I suspect that patch is old, too15:10
JayFYou might have better results asking a question related to what you're trying to do15:10
chris218Well i'm interested in letting nova boot directly from pxe which is what that patch provided15:58
melwittI used this gerrit search "project:openstack/nova message:pxe" to find https://review.opendev.org/c/openstack/nova/+/43454916:02
opendevreviewMerged openstack/nova master: doc: Fix markup syntax and typo  https://review.opendev.org/c/openstack/nova/+/90637916:04
chris218melwitt: awesome thanks, my gerrit-fu is unfortunately very bad and I didn't find it myself.16:05
chris218So in theory if somebody implemented it as a flavor extra spec it could get accepted?16:06
melwittfrom what I can tell, if someone proposed this with a proper flavor extra spec or image property then it could be considered mergeable.. but obvs would need to run it by other people too in case there is some other concern about the idea16:06
sean-k-mooneywe discussee this in the past16:18
sean-k-mooneyyou can actully do it already today16:18
sean-k-mooneyits a littel hacky today and it woudl be nice to make it work more seamlessly16:18
sean-k-mooneychris218: to do this today you need to enabel the boot menu using hw:boot_menu=true16:18
sean-k-mooneyand from there you can do a pxe boot16:19
sean-k-mooneybut it woudl be nice to have a way to do that more cleanly16:19
*** bauzas_ is now known as bauzas16:30
melwittah, so this is the spec that shows why the effort was abandoned https://review.opendev.org/c/openstack/nova-specs/+/43505216:44
melwittchris218: ^16:45
chris218Oh wow using rescue with ipxe sounds like a great solution thanks a lot!16:51
*** bauzas_ is now known as bauzas16:54
melwittelodilles: I was re-reading the most recent release countdown email and wanted to clarify, it says "In Horizon and the various dashboard plugins, you should stop accepting changes that modify user-visible strings." does that mean it's only for UI components or it's for everything including nova docs?17:41
*** bauzas_ is now known as bauzas17:42
sean-k-mooneymelwitt: technially the string freeze applies to nova and others but we dont really follow that or at least have not for many years17:44
sean-k-mooneywe dont go out of our way to not follow it either but realsiticlly if a bug is found we are are not going to hold it because it updates some doc text or add a release note17:45
sean-k-mooneywe have https://releases.openstack.org/dalmatian/schedule.html#soft-stringfreeze and https://releases.openstack.org/dalmatian/schedule.html#hard-stringfreeze17:46
melwittthanks. I approved a tiny docs only change earlier and afterward realized about string freeze and wondered if I should make sure I don't do anymore17:46
melwittyeah, I was looking at that but 1) the email said horizon and friends and 2) over the years the scope of translated things has shrunk so I wasn't 100% what all it applies to these days17:46
sean-k-mooneyi think its fine. this was here to help with localisation efforts17:46
sean-k-mooneymelwitt: personally i would argure it time to remove the sting freeze milestones form teh schdule17:48
sean-k-mooneywith that said the hard string freeze only come into effect at RC117:48
sean-k-mooneyso it only applies to the stable branch until the actual release and not to master17:49
sean-k-mooneythe soft string freeze is for master between FF and rc117:49
sean-k-mooneymelwitt: for what its worth im not sure why sphinx lint did not bitch about the syntax issues i added it to catch and prevent those17:53
melwitt+1 on removing the milestones ... but at the very least at least I would appreciate some clarity from the i8n team side what is done nowadays regarding freezes. the i8n efforts used to be visible back in the day at design summits and stuff but it hasn't seemed that visible to me in more recent years17:53
sean-k-mooneymaybe it does not detec of handel the unblanced case well17:53
sean-k-mooney" The file is read once at `nova-compute`` "17:53
melwittsean-k-mooney: the patch was proposed before you added that stuff (it was from january) I've been going through some review dashboards and that's why I saw it17:54
sean-k-mooneyi belive the currnt process is they do the changfes on a seperate server we dont look at and peropdically we get a gerrit review that we are jsut ment to appove17:54
sean-k-mooneywhich i kind of hate17:54
sean-k-mooneymelwitt: oh what i ment was when i proposed the sphix-lint thing i fixed a bunch of these17:55
sean-k-mooneyso im not sure why i didnt have to fix that one17:55
melwittright.. I remember the bot changes but I'm not sure if they still do that? and if so, what impact does it have. it's like a black box for me17:56
melwittsean-k-mooney: you did fix the `` things. the only remaining fix from the january patch was a it's => its grammar thing so it was technically 1/3 valid still 😛 17:56
sean-k-mooneyah ok17:57
melwittwhen I looked at it I was like, "this looks really familiar" so I pulled up your patch and linked it in a comment, just for informational purposes17:58
melwittI've been looking through review dashboards and launchpad bugs seeing what things I could clear out18:00
melwittwhich reminds me, I replied to an issue someone opened yesterday about the inability to force live migration destinations that I thought was interesting https://bugs.launchpad.net/nova/+bug/207893218:01
melwittI'm not sure if we have an official recommendation on how to do that given the "force" flags removal from the API18:02
melwittif we do, I'd like to add it to the docs somewhere bc it seems like a common use case18:03
*** bauzas_ is now known as bauzas18:14
*** bauzas_ is now known as bauzas18:31
sean-k-mooneymelwitt: well you can always use the old microversion but ya that kind of by desing18:46
sean-k-mooneyschduler hint are not ment to be changeable for the lifetime of an instance18:46
melwittright18:46
sean-k-mooneyyou can specify a host18:46
sean-k-mooneyand provide that host passes all filters we will use it18:47
sean-k-mooneythe jsonfilter is off by default as its kind of a security problem18:47
sean-k-mooneybut obvioulsy if it has been used and used to selct based on host name then that vm is effectivly pinned and needs to be upgraded in place with downtime18:47
melwittthat doesn't work for them because they have a jsonfilter that filters on specific hostnames (I know) but they have some kind of numa pinning requirements and I dunno enough about that to know a better way18:48
sean-k-mooneythey have this jsonfilter https://github.com/openstack/nova/blob/master/nova/scheduler/filters/json_filter.py#L2418:48
melwittI would like to document what is the right way to do this if possible because I think it will come up a lot18:49
sean-k-mooneythat allows you to match on anyting in the host state object18:49
melwittright18:49
sean-k-mooneywell the write way is to not live migrate it18:49
melwitt:D18:49
sean-k-mooneywhat they want to do is intentially not supported18:49
melwittthey said it was a host evacuate situation though18:50
sean-k-mooneythe could shelve and unhevle the host but there is no way to move the instance without recreating it18:50
melwittwhich seems reasonable to me18:50
sean-k-mooneyso how i woudl fix this18:50
melwittok. that's what I thought but I wasn't sure if there were more things I didn't know about18:50
sean-k-mooneyis implemnt the recreat api i wanted to add a few years ago18:50
sean-k-mooneyrecreate is ment to be like resize and rebuild combined. one api that by defautl moves the isntance to another host alloing the embded flavor and image property to optionaly be udeated or for either to be chanaged18:51
sean-k-mooneyas part of a request it woudl be reasonabel to update the schdeuler hits18:52
sean-k-mooneymelwitt: in the short term a nova-mange command to update the reqest spec is proably what we should do18:52
melwittsean-k-mooney: ok, good. cause that's what I told them :)18:53
sean-k-mooneylong them an single api call that is "recreate this vm, keepign its data unless i ask for the image, and optionally changing the flavor" would avoid a lot of user/operator pain18:53
sean-k-mooneys/the image/the image to be changed/18:54
melwittbut yeah, re: the recreate API for the longterm solution, if the nova-manage command isn't good enough, I think it would be helpful18:54
sean-k-mooneyi want recreate for like 10 diffent usecase this just beign one of them18:54
sean-k-mooneyanother short term soltuion woudl be allow schduler hints to be passed to move ops18:55
sean-k-mooneyso to migrate (cold/live) resize, unshleve, evacuate18:55
melwittyeah, I could see that 18:56
sean-k-mooneywe allow doing thing like chainging the keypair i think for rebuild18:56
melwittyes, we do18:56
sean-k-mooneyso its not entirly strange to say if we are moving it allow the scheduer hits to optionally be updated18:56
sean-k-mooneyim less sure if that should be member or admin policy wiese18:57
sean-k-mooneybut i could see the argument either way18:57
melwittyeah, agree18:57
sean-k-mooneythe one nice thing about policy is as long as we are secure by default operator can always define there own18:58
melwittI think regardless we need the nova-manage command. afaik everyone is +1 about it and it could be backported for older versions18:59
*** bauzas_ is now known as bauzas19:00
sean-k-mooneyim slowly coming to the view that nova manage (witin reason) shoudl have more tooling to help operator get out of messes like this19:00
melwittsame19:00
sean-k-mooneyi.e. i kind of want a flavor refesh command in nova-manage to check if the host is still valide and update the embded flavor with the latest verion of that flavor19:01
sean-k-mooneyor allwo you to also update the embded flavor extra spec liek the image properties19:01
sean-k-mooneythat does not change teh advice of never modify flavor once they are in use19:01
sean-k-mooneybut it give you an escape hatch if you did without forceing resizes19:02
melwittwhy not resize? oh19:02
sean-k-mooneysometimes people pin thing to hosts :) the other reason i have heard is mano integration19:03
sean-k-mooneyi.e. there is a system on top that created the worklaod19:03
sean-k-mooneyand changing the flavor id is not trivial as a result19:03
sean-k-mooneyfor example if it was deployed with heat or somethign like that19:04
melwitthm19:04
sean-k-mooneyi soudl argure that you shoudl stop doing it wrong19:04
sean-k-mooneybut customer sometimes dont like that19:05
sean-k-mooneynot sure why :)19:05
sean-k-mooneyanyway if you or they were to propsoe an extention to nova-mange for there usecase19:06
sean-k-mooneyor even the addtion of scheduler hits to the move ops19:06
sean-k-mooneyi would not really be against that19:06
melwittyeah.. it's a balance of "how painful is it to do the right thing"19:06
sean-k-mooneydo you remmber how horizon used to work ?19:07
sean-k-mooneynova has had imutable flavors for as long as i have worked on openstck19:07
melwittoh, the "edit" flavor thing?19:07
sean-k-mooneyold version of hroizon use to allwo you to update the cpu ram and disk by deleteing and recreatin gthe flavor 19:07
sean-k-mooneyya19:07
sean-k-mooneythat19:07
melwittyeah, I remember. I take it that means it no longer does that?19:08
sean-k-mooneyno that was removed about 6 year ago after we kept gettting bug and telling them it a hroizon issue19:08
melwittoh hah19:08
sean-k-mooneymelwitt: so keyston also does nto allow you to update role asignment in trusts (a way of delegation access)19:09
melwittI use horizon sometimes but not for changing flavors19:09
sean-k-mooneytripleo did the delete and recreat thing19:09
sean-k-mooneyand it causes similar bugs to this day19:09
sean-k-mooneyi use horizon more then i shoudl19:10
sean-k-mooneyi have not tried skyline yet19:10
sean-k-mooneyits been on my todolist but not high enough to take the time to do it19:11
melwittand I just finally realized why it's named skyline19:12
melwitt😝 19:12
sean-k-mooneywhy?19:13
sean-k-mooneyoh..19:13
melwittlol19:13
sean-k-mooneyits a horizon pun19:13
sean-k-mooneyof couse it is why would anything in ptyhon ever not be a pun19:14
melwittquite clever really. I liked the name just didn't get it19:14
sean-k-mooneyill begrudgingly admit its pretty good19:15
melwitt:)19:16
sean-k-mooneyso you know https://instructlab.ai/19:16
melwittlabrador19:16
sean-k-mooneythe dog logo is apprently russel brants dog19:16
JayFusing ipxe as the rescue image is the most brilliant thing I've read today19:17
melwittoh, that's pretty cute. wears corrective lenses19:17
sean-k-mooneyya i also wonder if its a lab19:17
sean-k-mooneyJayF: so one of the things i have wanted to be able to do is have a way to expose glace images over ipxe to vms for a long time19:18
melwittI think it is. I saw it somewhere else in the instructlab docs or something like that19:18
sean-k-mooneybasically so you could pxe boot form isos in galnce and boto form bascially a blank disk19:18
sean-k-mooneyJayF: today you can use hw:boot_menu to use pxe btu the problem has alwasy been the tftp server and gettign that to work with neutron19:19
JayFsounds familiar19:19
sean-k-mooneywe chatted about using netboot.xyz19:19
JayFif only you knew some experts in getting things pxe booted ;) 19:19
JayFyou know ironic used to support this first class and dropped the feature, right?19:20
sean-k-mooneynetboot.xyz?19:20
JayFso people didn't have to manage local bootloaders, we'd pxe into the OS on disk19:20
JayFso many of the moving parts may already be in place19:20
JayFno, netboot.xyz *does* power my personal homelab though :D (+cockpit to spin up the VMs)19:20
sean-k-mooneyya so what missing is being able to set the relevent dhcp option in the neturon subnet19:20
sean-k-mooneythen you could jsut trivially set a netron nic as the boot device19:21
JayFThat works though, is what I'm saying19:21
sean-k-mooneyand if you wanted you could just run your own pxe server on another nova vm19:21
JayFIronic does that today, tells neutron dhcp agent to serve up pxe19:21
sean-k-mooneyJayF: it works for horizon19:21
JayFso the moving parts are likely there?19:21
sean-k-mooney*ironic19:21
sean-k-mooneybut i think you might not be able to do this as a normal user19:22
sean-k-mooneyi.e. i dont know if you can do this without being admin19:22
JayFoooh, that's a good point19:22
sean-k-mooneyi thikn 99% of it is there however19:22
sean-k-mooneyoh https://docs.openstack.org/api-ref/network/v2/index.html#extra-dhcp-option-extra-dhcp-opt-extension19:24
sean-k-mooneyso this is what ironic is using19:24
sean-k-mooneyoh...19:24
sean-k-mooneyJayF: its on the port i always looked for this on the subnet19:24
sean-k-mooneybecause you defien extra routs and the dns servers on the subnet19:24
sean-k-mooneyso i was expect the dhcp option ot also be on the subnet19:25
sean-k-mooneyJayF: so ya i dont see why you could not do pxe boot today19:25
sean-k-mooneyand it woudl be simple enough to add another port extention  that nova could read to allow it to be used as the boot device19:25
sean-k-mooneyi should try doing this someday and write a doc...19:27
*** bauzas_ is now known as bauzas19:28
sean-k-mooneyJayF: there is even openstack client support for this19:29
JayFyeah like, I don't want this feature personally19:30
JayFbut I figured ironic might be a model for doing it (or at least pointing in a direction)19:30
JayFhint: this also could be used to enable UEFI HTTPBoot, which is superior to pxe in every way19:30
JayFthis being said: Ironic-Conductor spins up and manages the tftp server. There is no neutron answer to that aiui.19:31
sean-k-mooneyJayF: well since you say that if the ovmf file that wemu is using support that19:31
sean-k-mooneythen that woudl also already work today19:31
sean-k-mooneyenableing the boot memu allow you to use any of the facilites in teh uefi firmware  provide by your host ovmf uefi image19:32
sean-k-mooneyis its really a question of does qemu/ovmf supprot http boot if so you could in thory use it19:33
JayFI guess that's kinda true, it still comes over dhcp information19:37
JayFso from a nova perspective, especially if you don't own the tftp/http/whatever server, it doesn't matter19:37
sean-k-mooneyyep i have it up locally19:37
sean-k-mooneyso my ovmf firmware supprot uefi and pxe boot19:37
sean-k-mooney*http and pxe boot19:37
sean-k-mooneyi dont have dhcp confirued on my local libvirt to provide the dhcp options19:38
sean-k-mooneybut i dont see why you could not make this work today19:38
sean-k-mooneyit would be a lot cleaner however to have a neturon prot extion to just lable the port a boot souce 19:39
sean-k-mooneythen we could add the libvirt xml to make it boot form that first and then fallback to the local disk19:39
sean-k-mooneyanywya i should finish for the day19:40
sean-k-mooneyJayF: before i go did ye get the auto lessee suff finished on the ironic side19:40
JayFIt's got one +2, waiting review, basically paused since we got CVE patches in the gate19:41
JayFit'll be in this release, we don't FF like nova does :)19:41
sean-k-mooneygood to know and ya i saw the maile yesterday19:41
JayFonly piece missing that I promised, that frankly I forgot about until I looked at the BP yesterday is the migration script19:41
JayFthat'll be trivial to write and document :)19:42
JayFalthough TBH I am extremely skeptical any operators will actually want to backfill lessee19:42
sean-k-mooneyya it might be nice to put that in an ironic-manage command or similar19:49
sean-k-mooneybut it does not sound like its a blocker for the feature ot be used19:49
sean-k-mooneyjsut a nice to have for consitency19:50
sean-k-mooneyJayF: i assume an admin could just manually set the lessee on the ironic node if they wanted too19:50
JayFWe do not have an ironic-manage command, I was just going to add something to our tools/ directory19:51
JayFbasically just for each ironic node with non-null instance_uuid, check nova for instance owner, and set it on the node19:52
JayFwith probably an option for shard (so you can do N processes to parallelize)19:52
sean-k-mooneyJayF: oh really so you dont have an ironic-manage db_sync?19:53
sean-k-mooneyhow do ye manage db upgrade in ironic?19:53
JayFI thought it was ironic-dbsync?19:53
JayFIMBW19:53
sean-k-mooneyyep https://opendev.org/openstack/ironic/src/branch/master/setup.cfg#L4919:53
sean-k-mooneyok i tought <project>-manage was the normal convention for that tool19:54
sean-k-mooneybut i ugess there is no really reason not to call it something else19:54
sean-k-mooneyok actully stoping for today this time o/19:54
JayFyeah and TBH, with my operator hat on, I prefer tools like this not to require the whole app19:54
JayF(pip install nova to get nova-manage just feels overkill, even if it's not, really)19:55
sean-k-mooneywell its internally using the same oslo version object and db fucntion ectra19:55
sean-k-mooneybut ya we normally intend it to be run form where the conductor is19:56
JayFyeah, in this case though, I want to write a tool that's 100% API-shaped, no db magic needed19:56
sean-k-mooneyit can be run remotely but that not what we expect peopel to do19:56
JayFI can tell you I've worked zero places that ran it, at upgrade time, from a nova-anything :)19:56
sean-k-mooneyright makes sense19:56
sean-k-mooneywell its normally ran form yoru openstack contoler nodes19:57
sean-k-mooneyin contaieriesed installer yousually the nova-conductor container just because it already had the correct configs19:57
sean-k-mooneywe have discussed having the conductore be able to just do it automatically in teh past when its starts 19:58
sean-k-mooneybut that alway felt a little too much out fo scope19:58
JayFyeah most places I worked did "N" version upgrades at once, so we'd just have someone spin up a dedicated machine that we'd upgrade through the intermediate versions to do all the migrations20:01
JayFwe went O->U at one place using that kinda model20:01
*** bauzas_ is now known as bauzas22:05
*** bauzas_ is now known as bauzas22:42
*** bauzas_ is now known as bauzas22:58
opendevreviewmelanie witt proposed openstack/nova master: docs: Change note:: to warning:: for service user token  https://review.opendev.org/c/openstack/nova/+/92830823:08
*** bauzas_ is now known as bauzas23:10
« Wednesday, 2024-09-04 Index Friday, 2024-09-06 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!