Thursday, 2025-10-30

« Wednesday, 2025-10-29 Index Friday, 2025-10-31 »
*** mhen_ is now known as mhen02:56
jkuliknicolairuckel: I understood from the discussion yesterday that it's fine that the permissions change - they should just change back to the originals i.e. back to being owned by nova once the VM isn't running anymore. that's not reflected in the ticket. did I misunderstand that part?07:44
jkuliknicolairuckel: iirc, we also talked about it working like that ^ for disks. so having things behave differently would be something libvirt should consider and thus should be mentioned in the ticket, too, imho07:46
nicolairuckelah, right. I'll update the ticket.08:05
opendevreviewBalazs Gibizer proposed openstack/nova master: Rally job for eventlet-removal  https://review.opendev.org/c/openstack/nova/+/96013009:05
opendevreviewNisha Brahmankar proposed openstack/nova-specs master: Add nova compute graceful shutdown spec  https://review.opendev.org/c/openstack/nova-specs/+/96535509:33
opendevreviewNisha Brahmankar proposed openstack/nova-specs master: Add nova compute graceful shutdown spec  https://review.opendev.org/c/openstack/nova-specs/+/96535509:37
nisha04Thanks Uggla for the session schedule with a friendly timeslot :)  I will see some of you at 00:00 UTC. Meanwhile please do check the spec if you get a chance!09:47
UgglaHi nisha04, happy that works for you !09:49
Ugglabauzas, gibi if you have a chance to look at the above spec from nisha04 ^10:06
bauzasUggla: nisha04: no promises, we have a packed agenda and a limited time, I'll *try*10:35
Ugglanisha04, also some of your colleagues wanted to bring metadata protection topic. But this was not submitted. Do you still want a slot about it ? 10:38
gibiUggla: ack11:41
opendevreviewTakashi Kajinami proposed openstack/nova master: DNM: Let libvirt to select the correct UEFI firmware file  https://review.opendev.org/c/openstack/nova/+/96536611:47
gibiI left my initial feedback on the graceful shutdown spec11:53
opendevreviewBalazs Gibizer proposed openstack/nova master: Rally job for eventlet-removal  https://review.opendev.org/c/openstack/nova/+/96013012:02
*** iurygregory_ is now known as iurygregory12:57
Ugglagibi thanks13:00
UgglaInfo: PTG Confidential computing related topics in around 15mn.13:46
opendevreviewBalazs Gibizer proposed openstack/nova master: Rally job for eventlet-removal  https://review.opendev.org/c/openstack/nova/+/96013013:55
*** ykarel_ is now known as ykarel14:19
tkajinamdoes anyone remember when we discussed image formatter thing ?15:42
tkajinamI remember we discussed direct kernel boot at that time and I'm trying to find out the discussion log ...15:42
dansmithtkajinam: you mean when we discussed deprecating that stuff?15:49
dansmithI looked it up and we technically only deprecated AMI and related formats not direct kernel boot15:49
dansmithI can't remember but ... is direct kernel boot necessary for the confidential computing stuff?15:50
tkajinamyeah15:50
tkajinamhttps://review.opendev.org/c/openstack/nova/+/92614415:50
tkajinamI found the same in git log15:50
tkajinamdansmith, yeah. that's the first option to measure kernel and ramdisk at this moment15:50
tkajinamthere are some works to provide "trusted TPM" to do that measurement but that has been still in-progress for long15:51
tkajinamdirect kernel boot is used so that kernel binary, initramfs binary and OVMF code are passed down to CPU directly without any intermediate layers15:51
tkajinam(and kernel command line)15:52
tkajinamin that way CPU can measure these binaries and we can guarantee integrity of boot chain15:52
tkajinamTPM and secure boot is used for similar manner but in confidential computing use case it's quite tricky to make sure integrity and trustness of TPM15:53
tkajinamswtpm can't be trusted. It should run within the domain with encrypted data15:53
dansmithack, I think that the kernel/ramdisk support is still really gross and confusing, especially in a world where glance enforces the formats of things you upload to it,15:53
tkajinamyeah15:54
tkajinamI probably have to check if it still works first15:54
dansmithbut my main complaint is the AMI/ARI/AKI stuff itself, which nova has a bunch of garbage around15:54
tkajinamyeah I remember we talked about that point15:54
dansmithI tend to lump those formats together with AKI but as noted on that reno, they're not really the same thing and you can use direct kernel boot with other formats15:54
tkajinamat that time what we wanted to deprecate ASAP was these AXI things while DKB can be independent15:54
dansmithyes15:55
tkajinamI'll watch the status of "trusted TPM" work in case we can just use it when I start SNP support work but my current guess is that it may take a few more years and we have to start with direct kernel boot15:56
tkajinam(assuming the work needs another kernel/qemu/libvirt changes)15:56
tkajinamratailor, is that finish time thing is to fix the port detach/attach timing problem we discussed some time ago in heat ?15:59
tkajinamI remember we need that mechanism to ensure that a port is fully released during port detach process16:00
ratailortkajinam, not fully remember this, but it was initially came as a bug here https://bugs.launchpad.net/nova/+bug/2058928 and then became feature because we need to add microversion to add finish_time field.16:01
tkajinamok. maybe I should ask that question to sean-k-mooney16:02
ratailortkajinam, if you are talking about ``Duplicate entry 'MAC/UUID-0' for key 'uniq_virtual_interfaces0address0deleted'`` then its related to that only.16:03
tkajinamah, ok and yes.that's one16:06
sean-k-mooneytkajinam: o/16:11
tkajinamsean-k-mooney, hey :-)16:11
sean-k-mooneywe just wrapped up the watcher session did you have a question16:11
tkajinamsean-k-mooney, I was wondering if adding finish_time to instance action API is to fix the port detach problem during heat stack update we discussed some time ago16:12
tkajinamI could not find the link for the bug/patch for some reason16:12
sean-k-mooneytkajinam: yes it is16:13
tkajinamok16:13
sean-k-mooneytkajinam: we discusse the workaround16:13
sean-k-mooneywhich is heat can pool server show16:13
tkajinamyeah16:13
tkajinamI should probably look into updating heat to use that API though the tricky part is that heat is using novaclient at this moment :-P16:13
sean-k-mooneybut the correct fix is to actully mark the action as completed16:13
tkajinamanyway that's one heat16:13
tkajinamyeah16:13
tkajinamthat's "on" heat16:13
*** benj_8 is now known as benj_16:17
opendevreviewBalazs Gibizer proposed openstack/nova master: Rally job for eventlet-removal  https://review.opendev.org/c/openstack/nova/+/96013016:18
tkajinamI'm dropping off. I might skip the sessions tomorrow.17:13
gibitkajinam: thanks for the contribution17:13
tkajinamgibi, :-)17:13
auniyalUggla, any ideas if there will be time today for cyborg discussion from Sean ?17:22
Ugglaauniyal, yes probably. But I think the session will exceed 18:00UTC (sorry about that).17:23
auniyalokay17:25
dansmithUggla: you're off mute17:40
Uggladansmith, sorry thanks notifying me.17:41
dansmithUggla: when you don't speak but are off mute, your AGC goes way high and we can hear everything in the background and even dust particles landing on your mic :)17:41
Uggladansmith, as bauzas said already, it is a diabolic plan for introducing French in the session. ;)17:42
dansmithI will complain to the UN17:43
Uggladansmith, Usually I take care to mute, but as the day progressing I tend to forget. Yes I'm becoming old. ;)17:44
gibichrome has enable-webrtc-allow-input-volume-adjustment flag. But I don't have my wife home today to try it with the violin :)17:46
« Wednesday, 2025-10-29 Index Friday, 2025-10-31 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!