Thursday, 2025-01-09

« Wednesday, 2025-01-08 Index Friday, 2025-01-10 »
opendevreviewGhanshyam proposed openstack/nova-specs master: Propose API policy service and manager role spec  https://review.opendev.org/c/openstack/nova-specs/+/93765002:54
*** __ministry is now known as Guest538704:26
*** __ministry is now known as Guest539507:25
opendevreviewBalazs Gibizer proposed openstack/placement master: Add round-robin candidate generation strategy  https://review.opendev.org/c/openstack/placement/+/93683208:29
opendevreviewBalazs Gibizer proposed openstack/placement master: DNM: test with breadth-first in tempest  https://review.opendev.org/c/openstack/placement/+/93727408:29
opendevreviewDmitriy Chubinidze proposed openstack/placement master: Modification of placement-api.conf  https://review.opendev.org/c/openstack/placement/+/93866411:39
s3rj1khi team, to iterate quickly on https://review.opendev.org/c/openstack/nova-specs/+/937185 maybe we should go with some very generic proposal for solving this issue? at least start drafting something up14:14
*** haleyb|out is now known as haleyb14:37
opendevreviewMerged openstack/nova-specs master: Enable VFIO devices with kernel variant drivers  https://review.opendev.org/c/openstack/nova-specs/+/93640715:09
opendevreviewMasahito Muroi proposed openstack/nova-specs master: Add spec for the network id query in server list and server details  https://review.opendev.org/c/openstack/nova-specs/+/93882316:11
masahitoHi folks, if you have time please take a look https://review.opendev.org/c/openstack/nova-specs/+/938823. I know the deadline is today so my first proposal is late and the spec may require some iteration, though.16:22
opendevreviewMasahito Muroi proposed openstack/nova-specs master: Add spec for the network id query in server list and server details  https://review.opendev.org/c/openstack/nova-specs/+/93882316:32
gibimelwitt: I've pushed a new revision for https://review.opendev.org/c/openstack/placement/+/936832 to fix sean-k-mooney's comments. So when you have time please re-review16:56
opendevreviewribaudr proposed openstack/nova-specs master: Migrate VFIO devices using kernel variant drivers  https://review.opendev.org/c/openstack/nova-specs/+/93761516:58
sean-k-mooneymasahito: why not do a port list for the given network and just get the device-id form the port17:03
sean-k-mooneyoh becase you want more then just the uuids17:04
sean-k-mooneyyou also want the other server details.17:04
melwittgibi: sure will do17:21
opendevreviewribaudr proposed openstack/nova-specs master: Migrate VFIO devices using kernel variant drivers  https://review.opendev.org/c/openstack/nova-specs/+/93761517:22
masahitosean-k-mooney: yes. we want to fetch more server info not only the uuids. The device-id is just a list of ids.17:25
sean-k-mooneymasahito: im not -2 on this but im kind of -1.517:27
sean-k-mooneyi think we woudl want the neutron team to weigh in on it too but there are a lot of other critira you could filter nova isntnace on even if we just consider neutorn17:27
sean-k-mooneyand im not sure it a good idea ot extend the nova api to support all or really any of them 17:28
opendevreviewArtom Lifshitz proposed openstack/nova-specs master: vTPM live migration  https://review.opendev.org/c/openstack/nova-specs/+/93677517:30
sean-k-mooneymasahito: at present we do not supprot filterign server by the external identify or any resouce form any other service with the sole expction beign the keystone project and glance image uuid which are directly assocated with the instnace object17:31
artomdansmith, melwitt, gibi, sean-k-mooney ^^ took longer than I wanted (had to manage car troubles), and there's still a couple of todo open questions, but I think it's close enough to push up17:31
sean-k-mooneycan you revert the tox.ini change17:31
artomDoh, yeah.17:32
artomIt doesn't run locally with it, and I keep forgetting to clean it up.17:32
opendevreviewArtom Lifshitz proposed openstack/nova-specs master: vTPM live migration  https://review.opendev.org/c/openstack/nova-specs/+/93677517:32
sean-k-mooneywhat you can do instead for future reference is you can create a py3.10 virtual env17:32
sean-k-mooneyactivate that and then run tox form there17:32
sean-k-mooneythen it will use that version of python instaead fo your default system python17:33
masahitoThank for the quick review. I see your point. The netowrk_id is not an server's attributes. I had same concern so that I needs Nova team's idea.17:36
sean-k-mooneyya im not sure. im inclidne to say we shoudl not adress this pain point unless we see many opertoar bring it up17:38
masahitoOne quick question, is there reason the list server API doesn't have id query param? like id=id1,id2,id3.  If it's okay, the query can solve the current problem as I mentioned in the alternative.17:38
sean-k-mooneyhum ok that could work in some cases17:39
sean-k-mooneyso i belive the max url lenght is 25617:39
sean-k-mooneyand each uuid is ~20-32 charters i dont recall17:39
sean-k-mooneyso that could allow you to have batches or 10 or so at a time17:39
sean-k-mooneymasahito: i suspec the max url lenght is the main reason list and show do not supprot multiple uuids17:40
masahitohaha, I got it.17:41
sean-k-mooneymasahito: out of interest what is the main usecase that motivates this17:41
melwittartom: IIRC yall discussed some stuff on a call yesterday or the day before, if there were any takeaways did anyone add comments on the review about them?17:41
sean-k-mooneyi.e. why woudl a user or admin want to do this17:41
masahitoLooks like apache allows almost 4,000 chars for the query param. It's not a big number as you mentiond.17:43
sean-k-mooneyit depend on the server and client17:44
sean-k-mooneytechnially there is not max limit per RFC17:44
sean-k-mooneybut its typically less the 8k often 2k or 4k17:44
sean-k-mooneybut i have seen recommentions to never exceed 102417:45
sean-k-mooneythere are secirty implciations to allowign it to be arbairy large so often there is a soft or hard limit in diffent part of the tech stack17:46
masahitoIt's not a big reason we want to have the network id filter. When the number of available ip become less, we want to list VM name which uses the network and ask VM user to delete VM if possible.17:46
sean-k-mooneyah ok17:47
masahitoIn order to contact the VM user, VM info, display_name, user, project and some info are needed.17:48
sean-k-mooneyi think we woudl be more ok with allwoing you to pass a list of uuid to server detail list if im being honest then network_id17:48
sean-k-mooneywell the user and project id you can get form the neutron port no?17:48
sean-k-mooneythe neurotn prot has both a tenant_id and project_id field wich both hold the keyston project id17:50
masahitoYes. project info is available. But server name is not available.17:51
sean-k-mooneyis that needed cant you provide the the server uuid form the device_id filed instead17:51
sean-k-mooneyi guess you want to also know which suer created the vm/port rather then just which project it belongs too17:53
masahitoThis is a problem the spec mentioned as a problem.  We could give the uuid list to user, but user needs to convert uuid to hostname or display_name by themselves because uuid is not human readable.17:54
sean-k-mooneyservers are offilaly owned by the keyston porject not a user but we do recored the user id of the user that creted it17:54
sean-k-mooneybut that is not aviabel vaid neutorn only nova17:54
masahitoYes, which user and which server is more important.17:55
opendevreviewribaudr proposed openstack/nova-specs master: Migrate VFIO devices using kernel variant drivers  https://review.opendev.org/c/openstack/nova-specs/+/93761517:55
sean-k-mooneymasahito: ya so the least invaive change woudl be to allow server list to take a list of uuids17:56
sean-k-mooneybut im not sure if that somehtign others would supprot17:56
artommelwitt, yeah, I guess the call was too early for you. The spec changed pretty drastically. It might actually be good that you read it with no further introduction by me, to see if I'm making sense to someone without the full context.17:57
masahitoGot it. Thank you for taking your time :)   Let me update the spec tomorrow if there is no other comment following this talk. 17:58
melwittartom: ah, gotcha. thanks, I'll read through18:00
sean-k-mooneygibi: bauzas: Uggla i have +2'd https://review.opendev.org/c/openstack/nova-specs/+/93761518:53
sean-k-mooneyi have one comment inlien regardign the trait and how we report it but im ok to resolve that in a follow up when we update the spec for the object field defineiton18:54
artomdansmith, so just to be clear, you're saying add a new property into ImageMetaProps, call it something like hw_can_live_migrate, so that we can then check instance.image_meta.properties[hw_can_live_migrate]?18:55
dansmithno18:55
artomYeah I'm confused then.18:55
dansmithwe cache the user's image metadata on the instance yeah?18:55
sean-k-mooneyin instnace_system_metadata18:55
sean-k-mooneywith a img_ prefix18:56
artomOK...18:56
sean-k-mooneyartom: but to your questiong18:56
sean-k-mooneywe shoudl be addeing a flavg to the instnace.system_metadata18:56
dansmithright, so I'm proposing we update the cached image meta with a new "traits required" as if they had set it on their image in the past already18:56
dansmithsean-k-mooney: he's asking about my challenge to that18:57
sean-k-mooneywe coudl do that too yes18:57
artomAre the required traits already stored in there?18:57
dansmithI'm suggesting we *not* create another thing we have to track that might be out of sync or different and just use the same thing the user would have used, had it existed before this18:57
sean-k-mooneydansmith: altought we woudl have to merge that with any traits request actully from the image18:57
dansmithso that if we snapshot it's automatic both here and in the future18:57
dansmithsean-k-mooney: yep18:57
sean-k-mooneyi think we are mixing two diffent uescases18:58
sean-k-mooneythat or artoms naming is confusing18:59
sean-k-mooneyim just rereading the spec by the way18:59
dansmithyeah maybe read the spec and my comments before litigating what we're talking about :)18:59
sean-k-mooneywhen we chatted the other day i was saying that we coudl have a flag in instnace_system_matadata ot report if the instance is live migratable18:59
sean-k-mooneybtu that has nothign to do with the triat19:00
dansmiththat's not what we're talking about19:00
sean-k-mooneyok19:00
sean-k-mooneyso "instance.image_meta.properties[hw_can_live_migrate]" was just confusing me then19:00
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova-specs/+/936775/11/specs/2025.1/approved/vtpm-live-migration.rst#168 this?19:01
artomYeah, I think dansmith is saying - don't actually persist the security policy anywhere except as the required trait in the instance image meta19:01
artom(Which I don't actually know where those are)19:02
sean-k-mooneyya we can encode the tpm seciryt policy in the traits request rather then a seperate key in the system_metadata19:02
dansmithI'm saying don't persist it in two places19:02
sean-k-mooneyto me its less clean to do it in the image metadata19:02
opendevreviewDmitriy Chubinidze proposed openstack/placement master: Modification of placement-api.conf  https://review.opendev.org/c/openstack/placement/+/93866419:02
dansmithit has to be persisted in the image meta cache, so no need to add a *second* place and always just do it in the one place it has to be19:02
sean-k-mooneywell as a fake request in the cached image data19:02
sean-k-mooneydansmith: it does not need to be there at all19:02
artomOK fine, so kill the system_metadata key19:03
sean-k-mooneywhy do you say it has to be in the image meta cache?19:03
artom(Again, I'm assuming image required traits are already saved in there)19:03
sean-k-mooneyartom: they are19:03
dansmiththat's my suggestion, because you'll have to look in both places if it's in two places19:03
artomSo then how do we indicate to owners - "the operator has chosen a policy for you, do something with your instance to confirm or do nothing/delete your instance to refuse" - IOW, L28619:04
dansmithonce for initial boot, then the other place for the other, and if they ever get out of sync, you'll be doing the wrong thing, a snapshot will have the wrong thing, a snapshot-boot will behave differently than you expect, etc19:04
sean-k-mooneybut peopel wont normlly set this on an image19:04
sean-k-mooneythey could it they want to express a policy i guess19:04
dansmithcan we gmeet? my keyboard is starting to feel my frustration :)19:04
artomSure19:05
dansmithmeet.google.com/vub-zvsa-khm19:05
opendevreviewMerged openstack/placement master: Add round-robin candidate generation strategy  https://review.opendev.org/c/openstack/placement/+/93683219:42
sean-k-mooneyfrickler: so based on https://review.opendev.org/c/openstack/requirements/+/933257 now that the oslo releas has been done it looks like we have a path forwoard on the eventlet bump20:20
sean-k-mooneyfrickler: that does mean we need to get https://review.opendev.org/c/openstack/nova/+/933365 into a mergeable state however20:20
sean-k-mooneyill see if i can sync with gibi tomorow or monday on how to proceed 20:21
opendevreviewArtom Lifshitz proposed openstack/nova-specs master: Another approach for vTPM live migration  https://review.opendev.org/c/openstack/nova-specs/+/93884320:32
artomdansmith, sean-k-mooney ^^ OK, that was quicker than I thought, but I'm afraid that I've probably missed things. I need to run errands and pick up kids now, but I'll be able to check IRC every so often.20:32
sean-k-mooneyartom: i also summerised my tought in a commont on the previous patch20:37
sean-k-mooneybut ill take a look shortly20:37
sean-k-mooneyim going to drop for the enving at the top of the hour 20:37
fricklersean-k-mooney: yes, this is looking like we really could make some progress now20:46
« Wednesday, 2025-01-08 Index Friday, 2025-01-10 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!