| melwitt | in case anyone else runs into this, launchpad is currently down and is being worked on to fix: https://status.canonical.com | 03:05 |
|---|---|---|
| amorin_ | hello team, we used to tune api-paste.ini in nova, neutron etc. to enable some custom middleware in our platform. I will have to perform the same on placement, but AFAICS placement is not using paste-deploy so that wont be possible. Do you have a rough idea on the best way to achieve similar thing in placement? | 08:22 |
| *** amorin_ is now known as amorin | 08:22 | |
| jkulik | amorin: iirc, you'd have to change the code. afaics, all middleware get loaded here: https://github.com/openstack/placement/blob/5e61583504c4911ac862e1d0f2d7eb79e37066d0/placement/deploy.py#L89-L117 | 08:29 |
| amorin | oh nice! | 08:31 |
| amorin | thank you for the hint | 08:31 |
| gibi | amorin: agree with jkulik, unfortunately placement has no configurable way to add a middleware. I think it is a valid feature request if you want to change it | 08:32 |
| gibi | gmaan: I explained why PS14 was not affected but 15 is affected by that unit test failure. I will respin and fix it today https://review.opendev.org/c/openstack/nova/+/966016/15#message-5e9654d20672cf2d1cbacf6d015cfecd9de5333e | 08:36 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Compute manager to use thread pools selectively https://review.opendev.org/c/openstack/nova/+/966016 | 08:44 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Libvirt event handling without eventlet https://review.opendev.org/c/openstack/nova/+/965949 | 08:44 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Run nova-compute in native threading mode https://review.opendev.org/c/openstack/nova/+/965467 | 08:44 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Compute manager to use thread pools selectively https://review.opendev.org/c/openstack/nova/+/966016 | 08:47 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Libvirt event handling without eventlet https://review.opendev.org/c/openstack/nova/+/965949 | 08:47 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Run nova-compute in native threading mode https://review.opendev.org/c/openstack/nova/+/965467 | 08:47 |
| amorin | thank you gibi | 09:26 |
| sean-k-mooney | gibi: so on paste deploy in general its not really maintianed anymore so there has been dicssion about what we will eventually replace ti with. teh way api-paste.ini works is slightly problemtaic in that no other repalcement really supprot that kind of configuablity so one of the propasl was to remove midelware customeisation entirly or implemen a subset of it in oslo.wsgi, | 11:07 |
| sean-k-mooney | that the is the new oslo project stephenfin was proposing to hlep project move. | 11:07 |
| sean-k-mooney | quite a few project like placement and watcher never supproted middleware customisation so adding sopport for that today kind fo feels like addign supprot for eventlet to a project | 11:07 |
| sean-k-mooney | in its current form it woudl be adding technial debt that we may not be able to maintian in the long term | 11:08 |
| sean-k-mooney | so it could be a posibel feature but its not one i woudl rush to implement unit we have a long term plan for what to do with the paste/past-deploy stack | 11:09 |
| sean-k-mooney | one of the suggestion i hasd was ot replace it with an oslo.config list of midelware isntead in the service .conf file or similar but i dont know if there is any concreate propals in genarl beyond the mailing list dicussion that stpehn started last year | 11:10 |
| gibi | sean-k-mooney: note that I did not advocated directly for paste.ini but just for configurable middleware. I'm fine selecting a tool that is futureproof for that. | 11:15 |
| sean-k-mooney | ack. its not exacty hard to implent a parser for paste.ini to supprot that as well in general | 11:17 |
| sean-k-mooney | just pointing out that there is technial debt in that area so commmiting to supproting past.ini in a project is less tirvial then it would be if it was activly maintianed | 11:17 |
| gibi | ack, I still think that configurable middleware is a valid feature request for placement, while I agree that we should not implement it via paste.ini as in nova due to valid maintainability concerns you raised | 11:19 |
| sean-k-mooney | the oauth midelwayre that had the cve is not enabled in nova sdefault piple lien is it? | 11:25 |
| sean-k-mooney | i dont see it in https://github.com/openstack/nova/blob/master/etc/nova/api-paste.ini although i dont really know what i should be lookign for | 11:25 |
| sean-k-mooney | placement presumable does not use ExternalAuth2Protocol either? | 11:27 |
| sean-k-mooney | well external_oauth2_token | 11:28 |
| * gibi is not aware of the cve | 11:29 | |
| sean-k-mooney | https://bugs.launchpad.net/keystonemiddleware/+bug/2129018/comments/35 | 11:30 |
| sean-k-mooney | gibi: https://bugs.launchpad.net/keystonemiddleware/+bug/2129018 is the tacker for it | 11:31 |
| sean-k-mooney | it went public this week | 11:31 |
| sean-k-mooney | based on zigo's comment would have to configure nova to accpate oauth2 tokens in the first place to enable the vulnerbale middlware | 11:32 |
| sean-k-mooney | [pipeline:main] | 11:32 |
| sean-k-mooney | pipeline = ext_oauth2_token | 11:32 |
| sean-k-mooney | [filter:ext_oauth2_token] | 11:32 |
| sean-k-mooney | paste.filter_factory = keystonemiddleware.external_oauth2_token:filter_factory | 11:32 |
| sean-k-mooney | if that is correct the placment and watcher would nto be affected sicnce they are using hard coded midellware adn we dont config that o my knowlaage | 11:33 |
| sean-k-mooney | tracker and keystone seam to be the only thigns that reference it https://codesearch.opendev.org/?q=external_oauth2_token&i=nope&literal=nope&files=&excludeFiles=&repos= | 11:38 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Libvirt event handling without eventlet https://review.opendev.org/c/openstack/nova/+/965949 | 11:38 |
| opendevreview | Balazs Gibizer proposed openstack/nova master: Run nova-compute in native threading mode https://review.opendev.org/c/openstack/nova/+/965467 | 11:38 |
| gibi | sean-k-mooney: yeah that is also how I understood the last comment in that bug | 11:44 |
| opendevreview | sean mooney proposed openstack/nova master: [WIP] Add PCI device groups for atomic allocation https://review.opendev.org/c/openstack/nova/+/973604 | 12:26 |
| opendevreview | Merged openstack/os-vif master: Stabilize functional test https://review.opendev.org/c/openstack/os-vif/+/973455 | 13:15 |
| opendevreview | Bodo Petermann proposed openstack/os-vif master: Fixed bridge name when per_port_bridge is used https://review.opendev.org/c/openstack/os-vif/+/966410 | 13:17 |
| zigo | sean-k-mooney: I'd need to have someone confirm, that's my understand from the oauth2 doc at https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html#configuration-for-external-authorization only. | 13:27 |
| opendevreview | Johannes Kulik proposed openstack/nova master: WIP: Attaching a volume returns HTTP 202 https://review.opendev.org/c/openstack/nova/+/971068 | 14:11 |
| opendevreview | Masanori Kuroha proposed openstack/nova master: Copy applied provider config https://review.opendev.org/c/openstack/nova/+/948304 | 14:15 |
| opendevreview | Lajos Katona proposed openstack/nova master: blueprint: iothreads-for-instances https://review.opendev.org/c/openstack/nova/+/939254 | 14:35 |
| opendevreview | Johannes Kulik proposed openstack/nova master: Attaching a volume returns HTTP 202 https://review.opendev.org/c/openstack/nova/+/971068 | 15:01 |
| opendevreview | Merged openstack/placement master: Migrate upper functional job to Python 3.13 https://review.opendev.org/c/openstack/placement/+/970052 | 16:32 |
| opendevreview | sean mooney proposed openstack/nova master: [WIP] Add PCI device groups for atomic allocation https://review.opendev.org/c/openstack/nova/+/973604 | 18:24 |
| -opendevstatus- NOTICE: Gerrit on review.opendev.org will be offline briefly in order to restart on a newer JVM and to clear out caches | 18:34 | |
| opendevreview | sean mooney proposed openstack/nova master: Support os-vif TAP pre-creation for OVS/OVN ports https://review.opendev.org/c/openstack/nova/+/973149 | 18:36 |
| gmaan | gibi: +w, actually I checked master version of that test and did not realized that commit changed the 1000 value to 5 in test also. all good. | 18:46 |
| sean-k-mooney | gmaan: you might take a look at https://review.opendev.org/c/openstack/nova/+/973438 if you have time. it should fix the test instablity in threading mode | 18:50 |
| sean-k-mooney | it can wait till next week but you reviewed the orgianl so you likely have more context then most | 18:51 |
| gmaan | sean-k-mooney: ack, not sure I can check today but will take a look later | 18:51 |
| gmaan | sure | 18:51 |
| sean-k-mooney | no worries its getting late on a firday so im goign to be heading off soon anyway | 18:52 |
| gmaan | yup, have a nice weekend | 18:53 |
| opendevreview | Merged openstack/nova master: Compute manager to use thread pools selectively https://review.opendev.org/c/openstack/nova/+/966016 | 21:03 |
| *** haleyb is now known as haleyb|out | 22:58 | |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!