Monday, 2026-01-19

« Sunday, 2026-01-18 Index Tuesday, 2026-01-20 »
*** mhen_ is now known as mhen02:49
opendevreviewEsra Ozkan proposed openstack/nova master: Fix Concurrent VM Live Migrate - Volume Backup Error  https://review.opendev.org/c/openstack/nova/+/97375007:04
do3melihi, can someone please help to get workflows triggered for https://review.opendev.org/c/openstack/nova/+/972276 ?07:50
stephenfingibi: o/ any chance you can look at https://review.opendev.org/c/openstack/nova/+/971460 again? I replied to your question08:01
opendevreviewMerged openstack/nova-specs master: Create specs directory for 2026.2 Hibiscus  https://review.opendev.org/c/openstack/nova-specs/+/97337308:35
gibistephenfin: done. And as I see we did it in parallel with bauzas :) so you are now double approved08:43
bauzas lol08:43
bauzastkajinam: I'll look at gibi's comments today, you'll get a merge conflict on the top of your series due to the fact we just approved another unrelated patch fyi08:44
gibibauzas: is the conflict due to the parallel refactor series? If so we can decide on the landing order to limit the number of conflicts08:50
bauzasgibi: I explained it in the top-level comment for 971460, my opinion is that we can quickly merge stephenfin's patch because tkajinam's series is still actively under review08:53
bauzasgibi: I just saw you made good comments on the firmware autodetection patches, mostly the one about the default XML setting we should or shouldn't set 08:54
gibiahh OK so it is not the mem encryption context refactor08:54
bauzasnope08:55
gibicool then08:55
gibistephenfin's patch is landing and that is just a single patch so no further decision needed08:55
opendevreviewJohannes Beisiegel proposed openstack/nova master: Adds packing_host_pci_numa_cells_allocation_strategy option  https://review.opendev.org/c/openstack/nova/+/95245108:59
opendevreviewJohannes Beisiegel proposed openstack/nova master: Adds packing_host_pci_numa_cells_allocation_strategy option  https://review.opendev.org/c/openstack/nova/+/95245109:01
tkajinambauzas, no problem about rebase. I'll do it once that patch is merged09:11
opendevreviewMerged openstack/nova stable/2025.2: libvirt: Skip unsupported firmware types  https://review.opendev.org/c/openstack/nova/+/97227610:17
gibistephenfin: when you have a minute I updated https://review.opendev.org/c/openstack/nova/+/96993610:54
* stephenfin looks10:54
stephenfindone10:55
gibithanks10:56
opendevreviewMerged openstack/nova master: libvirt: Remove import hacks  https://review.opendev.org/c/openstack/nova/+/97146011:12
opendevreviewMerged openstack/nova master: mem-enc: create generic check for mem encryption support by host  https://review.opendev.org/c/openstack/nova/+/96796911:23
*** sambork_ is now known as sambork12:34
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Extend functional test coverage of UEFI boot guests  https://review.opendev.org/c/openstack/nova/+/96926312:47
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Add basic xml generation for firmware auto selection  https://review.opendev.org/c/openstack/nova/+/96908512:47
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Add capability to load loader and nvram from xml  https://review.opendev.org/c/openstack/nova/+/96908612:47
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Add capability to load ssm feature from existing xml  https://review.opendev.org/c/openstack/nova/+/96913112:47
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Use firmware auto-selection by libvirt  https://review.opendev.org/c/openstack/nova/+/96913212:47
opendevreviewTakashi Kajinami proposed openstack/nova master: Allow no progress field  https://review.opendev.org/c/openstack/nova/+/97381912:52
opendevreviewTakashi Kajinami proposed openstack/nova stable/2025.1: libvirt: Skip unsupported firmware types  https://review.opendev.org/c/openstack/nova/+/97382112:58
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Use firmware auto-selection by libvirt  https://review.opendev.org/c/openstack/nova/+/96913213:18
opendevreviewBalazs Gibizer proposed openstack/nova master: DNM:Test with oslo.vmware + compute eventlet removal patches  https://review.opendev.org/c/openstack/nova/+/97346813:19
elodilleshi nova-stable-maint members o/ can i get 2nd reviews/+W for this trivial CI fix patches? https://review.opendev.org/q/topic:fix-zuul-config-error-nova+branch:%5Estable/.*13:26
opendevreviewBalazs Gibizer proposed openstack/nova master: Libvirt event handling without eventlet  https://review.opendev.org/c/openstack/nova/+/96594913:27
opendevreviewBalazs Gibizer proposed openstack/nova master: Run nova-compute in native threading mode  https://review.opendev.org/c/openstack/nova/+/96546713:27
opendevreviewBalazs Gibizer proposed openstack/nova master: DNM:Test with oslo.vmware + compute eventlet removal patches  https://review.opendev.org/c/openstack/nova/+/97346813:27
opendevreviewBalazs Gibizer proposed openstack/nova master: Libvirt event handling without eventlet  https://review.opendev.org/c/openstack/nova/+/96594913:29
opendevreviewBalazs Gibizer proposed openstack/nova master: Run nova-compute in native threading mode  https://review.opendev.org/c/openstack/nova/+/96546713:29
opendevreviewBalazs Gibizer proposed openstack/nova master: DNM:Test with oslo.vmware + compute eventlet removal patches  https://review.opendev.org/c/openstack/nova/+/97346813:29
gibibauzas: I found the issue of the failed volume detach, guest kernel crash, you noticed in my  libvirt event patch13:50
bauzasgibi: ack, I was driving stephenfin to be back at the bus station for heading back to his house13:57
gibibauzas: ohh cool :)13:59
masahitoHi nova team, please review this lock API bug fix https://review.opendev.org/c/openstack/nova/+/946223/5 .14:04
opendevreviewTakashi Kajinami proposed openstack/python-novaclient master: Install pcre packages only in doc jobs  https://review.opendev.org/c/openstack/python-novaclient/+/97384615:15
opendevreviewLajos Katona proposed openstack/nova master: blueprint: iothreads-for-instances  https://review.opendev.org/c/openstack/nova/+/93925415:15
opendevreviewLajos Katona proposed openstack/nova master: blueprint: iothreads-for-instances  https://review.opendev.org/c/openstack/nova/+/93925415:18
UgglaNova meeting in ~30mn15:23
opendevreviewTakashi Kajinami proposed openstack/nova master: libvirt: Use firmware auto-selection by libvirt  https://review.opendev.org/c/openstack/nova/+/96913215:54
tkajinamUggla, shall we start ? :-)16:02
Uggla#startmeeting nova16:02
opendevmeetMeeting started Mon Jan 19 16:02:33 2026 UTC and is due to finish in 60 minutes.  The chair is Uggla. Information about MeetBot at http://wiki.debian.org/MeetBot.16:02
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:02
opendevmeetThe meeting name has been set to 'nova'16:02
nicolairuckelo/16:02
gibio/16:02
UgglaHello everyone16:02
tkajinamo/16:02
elodilleso/16:02
tkajinamI was too impatient :-P16:03
UgglaBack from pto(conference) again. Not sure I have completely landed yet. ;)16:03
Ugglatkajinam, yep it seems.16:03
bauzaso/16:04
womaxo/16:05
UgglaLet's start16:05
Uggla#topic Bugs (stuck/critical) 16:05
Uggla#info No Critical bug16:05
Uggla#topic Gate status 16:05
Uggla#link https://bugs.launchpad.net/nova/+bugs?field.tag=gate-failure Nova gate bugs 16:06
Uggla#link https://etherpad.opendev.org/p/nova-ci-failures-minimal16:06
Uggla#link https://zuul.openstack.org/builds?project=openstack%2Fnova&project=openstack%2Fplacement&branch=stable%2F*&branch=master&pipeline=periodic-weekly&skip=0 Nova&Placement periodic jobs status16:06
Uggla#info Please look at the gate failures and file a bug report with the gate-failure tag.16:06
Uggla#info Please try to provide a meaningful comment when you recheck16:06
fwieselo/16:06
opendevreviewTakashi Kajinami proposed openstack/python-novaclient master: DNM testing  https://review.opendev.org/c/openstack/python-novaclient/+/97386116:06
UgglaI haven't seen something special around the gates. Please tell me if I'm wrong.16:07
Uggla#topic Release Planning 16:07
Uggla#link https://releases.openstack.org/gazpacho/schedule.html16:07
Uggla#info Nova deadlines are set in the above schedule16:07
Uggla#info 6 weeks before feature freeze16:08
Uggla#info PTG etherpad for 2026.1 is available: https://etherpad.opendev.org/p/nova-2026.1-ptg16:08
* Uggla slowly catching up with the status in launchpad and above doc/16:08
Uggla#topic Review priorities 16:08
Uggla#link https://etherpad.opendev.org/p/nova-2026.1-status16:08
* Uggla slowly catching up with the status in launchpad and above doc16:08
Uggla#topic OpenAPI 16:09
Uggla#link: https://review.opendev.org/q/topic:%22openapi%22+(project:openstack/nova+OR+project:openstack/placement)+-status:merged+-status:abandoned16:09
Uggla#info still 19 remaining atm. 16:09
Uggla#topic Stable Branches 16:09
* Uggla giving the mic to elodilles16:09
elodillesthanks Uggla 16:09
elodillesactually, nothing to report16:10
elodilles#info stable gates seem to be in good state16:10
elodillesthat's all from me for now16:10
Ugglathx elodilles16:10
elodillesnp16:10
Uggla#topic vmwareapi 3rd-party CI efforts Highlights16:11
Ugglafwiesel, anything to report from your side ?16:11
fwieselNo, nothing from my side.16:12
fwieselUggla: Back to you16:12
gibifwiesel: one thing16:12
gibiwould it be possible to run the vmware job with nova-compute switched to threaded mode and using this patch? https://review.opendev.org/c/openstack/nova/+/97346816:12
gibihttps://docs.openstack.org/nova/latest/admin/concurrency.html#selecting-concurrency-mode-for-a-service this gives you the hint how to configure nova-compute to run in threaded mode16:14
fwieselSure, should I activate the threaded mode by default? Or just one run?16:14
gibiyou need to pull in the nova-compute patches from that series 16:14
gibiand the oslo.vmware patches form the depends on16:15
gibiand set the env variable OS_NOVA_DISABLE_EVENTLET_PATCHING=true16:15
gibifor the nova-compute process16:15
fwieselSo one manual run for now... I can do that.16:15
gibiyepp just to see if the smokes comes out or nit16:16
gibinot16:16
gibithank16:16
gibis16:16
fwieselYou're welcome.16:16
fwieselUggla: Now back to you, I presume.16:17
Ugglathx16:17
Uggla#topic Gibi's news about eventlet removal16:17
* Uggla giving the mic to gibi16:17
gibithanks16:17
gibino big news16:17
gibiwe made review progress in the nova-compute series16:18
gibithat is all for now16:18
gibiback to you16:18
Ugglathx gibi.16:20
bauzaswe had back-to-back meetings but I saw your reply, I still wonder whether we're missing some libvirt event but fair16:20
bauzasI'll accept your patch but I'll continue to monitor the jobs16:21
Uggla#topic Open discussion 16:21
UgglaWe have one topic from womax16:21
Uggla(womax) Potential future use of tempURL in nova16:21
womax`yes16:22
Ugglawomax` the floor is yours16:22
womax`so for context, I recently worked in ironic to add support for multi store and s3 image stored. Ironic is using temp URL as way to download image on baremetal machine16:22
womax`the work lead me to write code very similar on what is present in glance, and so I'm currently trying to propose moving the handling of tempURL in glance. But glance is not so keen on having features in glance that would only be used in ironic16:23
womax`While working on temp URL we also saw a way to avoid glance being a bottleneck while downloading image, and so I wanted to ask opinions, on wether such a feature would exist, is it something that would be accepted to be used also in nova16:24
womax`Idea would be in nova rather than downloading image directly from glance it would ask glance for a tempURL and then download the image from there (so directly from the storage backend)16:25
fwieselFunny thing, the vmware driver (in nova and cinder) could profit from it. We implemented in our fork that we generate a tempURL, because then the vcenter can download the image directly instead the having to pipe it through the nova-compute agent.16:28
Ugglawomax` I don't have strong opinion on that, because I don't know well that part. Clearly I would like to know what dansmith thinks about it.16:29
nicolairuckelI have a topic for open discussion too (of course after that).16:29
tkajinamsounds sensible to me16:29
gibiwhat is the benefit of the direct download?16:29
tkajinamgibi, IIUC it does not require proxy by glance16:30
fwieselgibi: Saving one hop16:30
tkajinamin case glance uses swift backend currently when nova downloads an image from glance the data goes in swift -> glance -> nova16:30
gibiOK so the use case here is better performance. 16:30
tkajinambut the proposal removes glance from the path16:30
fwieselAh, and no token based authentication.16:30
gibiany drawback?16:30
womax`better performance for downloads but also avoiding glance being overloaded16:31
gibidoea glance provide aome service we lose if we not go through it?16:31
womax`gibi: from glance side, a token revocation would have take time to propagate, as tempURL have no to being revokated, but ttl is in order of minutes16:31
womax`aome?16:32
gibisorry 'some'16:32
womax`glance provide caching to avoid hitting too much the storage backend, temp URL would that, but it would be configurable and up to operators to see what is better for them16:33
womax`other than that I don't think we would lose anything16:33
womax`tempURL would bypass caching*16:34
gibiOK. Based on these I feel like it make sense to draw up a spec to get quorum, but looks good to me so far16:34
womax`spec in nova I assume? 16:34
fwieselWell, another issue is reliability. tempUrls are shortlived by design, and if the tempURL expires during your download you cannot retry (by design). Openstack authentication is stronger, and has retry methods16:34
gibiwomax yepp spec in nova and in glance16:35
womax`in glance it already drafted and they are currently waiting for nova opinions before going further16:35
gibii assume it impacts both16:35
gibicool16:35
womax`I can also do it for nova to have more opinions16:35
tkajinamfwiesel, yeah. we have service user token but it may not work for tempurl .16:36
gibiyes please, and link the glance spec16:36
gibifwiesel: good point, lets include that to the spec to solve16:36
womax`gibi: ok16:36
tkajinamwe probably need know better about the interaction between nova and glance so that we won't leak anything problematic16:37
tkajinamespecially in case a image is a shared one16:37
tkajinam(We can discuss details in the spec)16:37
gibi++16:37
fwieselswift_store_multi_tenant=True is another edge case16:38
womax`ok, i'll start drafting and come back when it is ready, to discuss more in details16:38
tkajinamsounds nice :-)16:38
UgglaAre we ok with that topic ? womax` ?16:40
womax`Uggla: yes16:41
Ugglaok so nicolairuckel, please go ahead with your topic16:41
nicolairuckelI was wondering if it makes sense to move the discussion about how to deal with secure boot and resetting the NVRAM (https://review.opendev.org/c/openstack/nova/+/959682?tab=comments) from my patch to another place. This is relevant for cold migration which we excluded from my patch. The discussion is of course important for my (hopefully) next patch but I'm not sure where to put that/how to deal with that. 16:41
nicolairuckelUnless it is a blocker for my current patch of course. Last week it sounded like we need to discuss that beforehand but after reading the comments I'm not so sure anymore.16:41
Ugglanicolairuckel my understanding, your patch just need a small addendum: prohibiting migration with os_secure_boot='optional' is an option. per haps its a suffience one for the short term16:47
nicolairuckelI thought that's only an issue for cold migration.16:47
tkajinamno it also affects bare hard reboot and hard reboot after live migration.16:48
* tkajinam is adding a comment16:48
nicolairuckelAh, somehow I missed that.16:49
nicolairuckelThank you.16:49
nicolairuckelI'll work on that then.16:49
tkajinamI think the point is that it's difficult to fix these all. I think we need an agreement about what we accept while fixing an annoying reset behavior16:49
UgglaI don't think so, it seems something sean-k-mooney would like to have for this patch and then another one with a long term solution.16:49
nicolairuckelBut then it makes sense to have the discussion there and we don't really need to discuss that here.16:50
sean-k-mooneyoh o/16:50
sean-k-mooneyreading back16:50
nicolairuckel i just missed that there's actually something else I need to do before the review can continue.16:51
sean-k-mooneyUggla: honestly i think the os_secure_boot=optional stuff is out of scope16:51
sean-k-mooneyfor the initall reboot patch16:51
sean-k-mooneythat was just ment to fix preserving the nvram file for hard reboot nothing more or less16:51
Ugglaok16:52
nicolairuckelThen my original point still stands that the discussion should be at another place, right? So we can merge the patch but don't lose the discussion in the process. I mean, it would still be there but kind of the wrong place.16:52
nicolairuckelI'm just not sure how to proceed at the moment.16:52
sean-k-mooneyhard reboot in my opion shoudl nto change the secure boot state of the vm. that ideally woudl be fixed when the vm was first booted and stay the ame for its lifetime or only change on a resize or rebuild16:56
sean-k-mooneyim aware that not what happens today but i woudl prefer not to expand the nvram bug with fixing that16:56
sean-k-mooneyidealaly we woudl deal with os_secure_boot=optional as its own bug what ever way we decied to proceed with that16:57
tkajinamsounds reasonable to me16:59
Ugglanicolairuckel is that clarify your thoughts ?17:00
nicolairuckelI think so. Then we create a new bug and leave the patch as is?17:01
nicolairuckelUnless something comes up during the review of course.17:01
Ugglayep that's my understanding.17:01
sean-k-mooneythat works for me but lets actully file the bug before proceedign with the patch17:01
Ugglayep so we can relate to it17:02
sean-k-mooneyif we want to chat about that second bug we can do so briefly after teh meetign wraps17:02
nicolairuckelsounds good to me. Who will file the bug?17:02
Ugglanicolairuckel, if you are confortable to do it, that would be great.17:02
UgglaOk we are at the to of the hour. So I guess we can close that meeting.17:04
UgglaThanks for joining this meeting. Have a nice day/evening and see you next week.17:05
Uggla#endmeeting17:05
opendevmeetMeeting ended Mon Jan 19 17:05:21 2026 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)17:05
opendevmeetMinutes:        https://meetings.opendev.org/meetings/nova/2026/nova.2026-01-19-16.02.html17:05
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/nova/2026/nova.2026-01-19-16.02.txt17:05
opendevmeetLog:            https://meetings.opendev.org/meetings/nova/2026/nova.2026-01-19-16.02.log.html17:05
gibithanks17:05
Ugglano time for bug triage... I guess I need to find another way to address that topic.17:06
tkajinamOne thing I'd add about CI. Python 3.13 job was moved from Ubuntu Noble to Debian Trixie. it may cause some problems in python 3.13 jobs17:06
tkajinamso far I'm aware that py313 job in python-novaclient is broken and https://review.opendev.org/c/openstack/python-novaclient/+/973846 fixes it17:06
Ugglatkajinam, thanks for the info !17:06
tkajinam(the migration was done only in master. py313 job in stable branches still runs in Noble)17:07
tkajinamso it's better to keep eyes on py313 jobs for a while17:07
tkajinamI mean openstack-tox-py313 and any jobs inheriting it17:07
nicolairuckelI think it would make sense if tkajinam files the bug as he knows more about it but of course I can also write something and then update it with feedback from tkajinam and sean-k-mooney. I'm fine either way.17:08
sean-k-mooneyi think that woudl only cause issues if we had bindep problems like how we define pcre as a dep17:08
tkajinamsean-k-mooney, yup17:08
sean-k-mooneyi could be wrong about that but it is good to keep an eye on the py313 job in any case17:08
sean-k-mooneyso for the secure boot optional case i have 2 tought on it17:09
sean-k-mooneyas i noted above i think the fact we dont fix the behavior on first boot is arguabel a but but that does not mean there is not merit in the current behavior17:09
sean-k-mooneymy concern with it ever changign after the workload is created is basiclly it can break the geust os if it does17:10
sean-k-mooneymy other tought on this is dan mention that the ver all interaction is starting to get complex enough that perhaps we need a spec to defien the behvior longterm17:10
sean-k-mooneythe guiding principal for nova is alwasy "what woudl the behvior be if this was a physical system"17:11
sean-k-mooneyon a phsyical system rebooting host or movign it form one rack to another woudl nto change the bios config or the nvram17:11
tkajinamnicolairuckel, I can create one later this week17:11
sean-k-mooneyhowever if you were reinstallign the OS you might do that17:12
sean-k-mooneyand if you are cahngign the hardware you might do that too. so rebuild and resize coudl be valid point to change the secure boot config in my view17:12
sean-k-mooneyhard reboot or cold/live migrate dont fit with the "what woudl happen with a real server" lithmus test if the secure boot or nvram sate chagnes17:13
nicolairuckelthank you, tkajinam. Let me know if I can help/contribute.17:13
sean-k-mooneytkajinam: nicolairuckel that the critia im trying to apply if that makes sense.17:13
nicolairuckelyes, that makes sense to me17:14
tkajinamsean-k-mooney, cold migration is most problematic. because it basically inherits resize which assumes that the instance can be rebuilt...17:15
sean-k-mooneytkajinam: in the short term we could provide a workaround flag to block cold/live migration with os_secure_boot=optional or we could record the current state somewhere say in instnace_system_netadata and ensure it does not change when we do migrate17:15
sean-k-mooneytkajinam: ya, the other wrinkel is we can preserve the nvram if its there but unfrotuanlly that is not enough to tell us if we need to enable secure boot or not in the xml17:16
tkajinammakes sense17:16
sean-k-mooneythat why we need to stash the state somewhere in the cold migrate and shelve/unshelve case17:17
sean-k-mooneyshelve/unshelve today loses the nvram so it will regenerate it regardless today17:17
tkajinamanother scenario I still have to consider in additiona to os_firmware_secure='optional' is the case where a different firmware is selected after hard reboot but I'll give more thoughts to it.17:18
sean-k-mooneybut again preserving it is out of scope fo the iniall reboot bug17:18
tkajinaman annoying thing is that it's not clear how these firmware files are updated (due to no documentation about their update policy)17:18
sean-k-mooneyright the frimware itself and the base tempelates are part of the ovmf package i bleive17:19
tkajinamyeah17:19
sean-k-mooneyso they update when the host package is updated17:19
sean-k-mooneytkajinam: when we use the statelest firmware feature do we still have an nvram file? i think no correct?17:20
tkajinamsean-k-mooney, no17:20
tkajinamyeah so one example question which I can't answer now is "can existing code file and var file be updated when ovmf package is updated ? then do we need to reset nvram in that case ?"17:20
sean-k-mooneyits unfortunet that windows stores it bitlocker keys or key config in the nvram file17:21
tkajinamI totally agree17:21
sean-k-mooneythe update of the ovmf package just updates teh template17:21
sean-k-mooneybut i guess nova woudl have update the backign file because the existng nvram was lost on hard-reboot17:21
sean-k-mooneyso in parctis it woudl have updated after the next vm reboot after the host package but i dont think that is what shoudl have been expected17:22
tkajinamI hope so but compatibility between template and var is quite unclear, tbvh17:23
sean-k-mooneyya im not really sure how the qemu/libvirt/ovmf comuity expect that too work17:24
sean-k-mooneyif they provided a migraton tool to migrate the nvram file to a newer version invoking that woudl be a potinally reasonabel thing to do on hard reboot17:24
sean-k-mooneybut im not aware of any such tool17:25
sean-k-mooneyit might exsit i have never looked into it17:25
sean-k-mooneyai says no that tool does not exsit for what that worth17:28
nicolairuckelIs there other software that uses qemu, libvirt, or ovmf that may have the same problem?17:29
nicolairuckelThen it might make sense to see how other projects handle that issue.17:30
sean-k-mooneyyes, kubvirt, proxmox and virtuozo but apprently the fix is delete the file losing the data and just recreate it in the rare case it does nto work17:30
sean-k-mooneyapprently imcompatiablity is rare17:30
nicolairuckelThat doesn't sound like a very elegant solution though.17:30
sean-k-mooneyits not but unintally that has been what nova did by defualt becuase we were alwsy regenerating it17:31
nicolairuckelI see...17:35
sean-k-mooneynova uefi supprot predates secure boot support and bitlocker using the nvram var to sotre its config so that behavior as not initally observed or problematic17:36
sean-k-mooneyi.e. we were not aware that libvirt was deletign the nvram when we underfiend the domain. 17:38
tkajinamquick search shows kubevirt supports persistence of uefi vars (which by default does not persist uefi vars) but no useful information about its lifecycle management really :-(17:42
tkajinamhttps://kubevirt.io/user-guide/compute/persistent_tpm_and_uefi_state/17:42
tkajinamif anyone from the core have a moment to review/merge https://review.opendev.org/c/openstack/python-novaclient/+/973846 to fix py313 job, that'd be nice.17:44
* tkajinam runs away17:44
sean-k-mooneytkajinam: i belive that a releivitly new fetature and it currently has some limeiations17:55
sean-k-mooneytkajinam: there are some internal difcusion with the virt folks about the correct way that and vtpm should sork i bleive and htey havnt really figuried it all out yet17:56
tkajinamhmm17:56
sean-k-mooneyi dont really know the details jsu tnoteice it was on the virt devel list which might be upstream actully not sure17:56
sean-k-mooneythere was some discussion about live migration and the use of pvcs to store the nvram/tpm data17:57
sean-k-mooneyim ont aware of anythign related to "how do we mighate teh data if ovmf updates"17:57
tkajinamok17:57
tkajinamI'll see if any public outcome can be found17:58
tkajinamsean-k-mooney, thanks for that info !17:58
sean-k-mooneywhat im tryign to avoid is the need to have a glance iamge property or flavor extra spec for persictence other then the ephermal firmware flag17:59
sean-k-mooneybasiclaly if you want ephermal firmware i think you shoudl opt into it17:59
sean-k-mooneyotherwise we shoudl treat the tpm and nvram data as user data and persitit it18:00
sean-k-mooneyi have no idea where we woudl eventually store it for shleve but that a future us problem18:00
sean-k-mooneyorginally i was hopign the tpm and nvram files would be small enough to be able to store as secrete in barbican in teh future18:02
sean-k-mooneybut that was just an idea not something i looked into18:02
sean-k-mooneythe nvram and tpm data is privlaged enouch that i woudl not be comfrotable storign it in glance unless it was encypted18:03
« Sunday, 2026-01-18 Index Tuesday, 2026-01-20 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!