Thursday, 2026-04-02

« Wednesday, 2026-04-01 Index Friday, 2026-04-03 »
opendevreviewMerged openstack/nova master: Follow ironic job rename  https://review.opendev.org/c/openstack/nova/+/98308001:05
tafkamaxHi gurus, arm64 computes are possible, but is it possible to use macos host as an nova-compute node? I can't seem to find any info on this.07:49
tafkamaxor would that fall under the "baremetal" category?07:49
tafkamaxhttps://wiki.openstack.org/wiki/HypervisorSupportMatrix07:50
opendevreviewBalazs Gibizer proposed openstack/nova stable/2026.1: Follow ironic job rename  https://review.opendev.org/c/openstack/nova/+/98316607:56
gibielodilles: ^^07:56
sean-k-mooneygmaan: we ca actually juse create a repo local variant of the job in the check pipeline definition07:58
sean-k-mooneygmaan: but it pased on a recheck and the job otersize looks ok so lets just keep an eye on it for now07:59
sean-k-mooneyif we see the heat test being an issue going forward we can look to disable them07:59
sean-k-mooneytafkamax: no but it is possible to use debian on apple silicon and install openstack on taht08:00
sean-k-mooneytafkamax: macos is not supproted regardless fo the architecture08:00
sean-k-mooneytafkamax: but i have run devstack on an m1 mac book air with 8GB of ram on baremetal with debina and ran tempest08:01
sean-k-mooneyso if you have a bunch of mac minis or ultras you coudl use them as compute if you install linux on them08:02
sean-k-mooneywe obviously dont test that however08:02
tafkamaxok thanks for the quick response :)!08:07
tafkamaxbut m1 doesnt support nested virt, so each node would be tied to like a single resource, correct?08:11
tafkamaxor like a single instance in that sense?08:11
sean-k-mooneyno on m1 you end up just using qemu without kvm08:17
sean-k-mooneyon later apple silicon you can use full kvm i belive08:17
sean-k-mooneywe have no supprot for macos guest in nova or using the macos viruatliation like utm or paralles08:18
sean-k-mooneypart of the issues macos ships a version of python that is too old08:18
sean-k-mooneyyou can install a diffevent version via nix or brew08:19
sean-k-mooneybut we do not have a virt driver that woudl work on macos today since i dont think libvirt supprot macos08:19
sean-k-mooneyhum well https://libvirt.org/macos.html08:20
sean-k-mooneymaybe08:20
sean-k-mooneytafkamax: you proably could get it to work with a littel effort08:20
sean-k-mooneyalthough your next problem woudl be neutron08:21
sean-k-mooneyovs wont work on macos08:21
sean-k-mooneylitrally before we added python 3 supprot there as an effort to make freebsd work but that died out 10 years ago08:22
sean-k-mooneythe only neutron driver that might work woudl be the macvtap driver08:23
sean-k-mooneyand that effectivly unmaintaiend08:23
sean-k-mooneyso unless you go linux on m2+ i dont see a path to kvm/hardware virt supprot08:24
tafkamaxok thx for info08:24
opendevreviewKamil Sambor proposed openstack/nova master: [vncproxy]Handle ssl.wrap_socket removal in py312  https://review.opendev.org/c/openstack/nova/+/95591510:03
opendevreviewKamil Sambor proposed openstack/nova master: Replace eventlet with threading in novncproxy  https://review.opendev.org/c/openstack/nova/+/97608910:03
opendevreviewKamil Sambor proposed openstack/nova master: Change nova-alt-configurations job  https://review.opendev.org/c/openstack/nova/+/98317910:03
opendevreviewKamil Sambor proposed openstack/nova master: [vncproxy]Handle ssl.wrap_socket removal in py312  https://review.opendev.org/c/openstack/nova/+/95591510:05
opendevreviewKamil Sambor proposed openstack/nova master: Replace eventlet with threading in novncproxy  https://review.opendev.org/c/openstack/nova/+/97608910:05
opendevreviewKamil Sambor proposed openstack/nova master: Change nova-alt-configurations job  https://review.opendev.org/c/openstack/nova/+/98317910:05
*** lumir is now known as shaolin_11:50
gibiJayF: o/ would NoVNCConsoleTestJSON tempest tests work in an job with ironic virt driver, like in ironic-tempest-bios-ipmi-autodetect ?  https://github.com/openstack/tempest/blob/9307558eb0a4248fbbc02b9489132b6156ffef61/tempest/api/compute/servers/test_novnc.py#L2614:28
gibiI'm asking this as we are touching stuff in that codepath here https://review.opendev.org/c/openstack/nova/+/955915 and it would be nice to see if this does not break ironic novnc integration14:29
JayFgibi: stevebaker or TheJulia might know a thing about that14:59
JayFgibi: I ping'd steve in the Ironic channel 15:00
TheJuliaI’m basically out today, but I can look tomorrow. I think Steve is out due to the holiday as well.15:01
gibithanks. it is not urgent. 15:02
TheJuliaThat being said, I think we exercise it in the gate job now so changes shouldn’t break it, but I can look deeply when not sitting in a doctors waiting room15:02
gibienjoy your time off15:02
TheJuliaEh, not a fun day off :(15:02
gibiohh, sorry :(15:03
TheJuliaBut thanks!15:03
gibiso far I haven't find an ironic job where the result contained the vnc test cases but mabye I'm looking at the wrong way15:03
JayFgibi: I'd say this, especially this early in the cycle: put up a depend-on change in Ironic, if our CI passes and you broke us, that's an us problem and we have months to unearth it15:07
gibiJayF: OK, I can do that easily. Thanks for the idea15:11
sean-k-mooneygibi: do we have new resulte with teh autotest job15:44
sean-k-mooney*autodetect job15:44
sean-k-mooneywhen i was review ign the nova patch i had to manually trace it as it was not easy to prove that it worked otherwise15:45
gibisean-k-mooney: yes we have15:45
gibibut that job does not include the tempest vnc test15:45
sean-k-mooneyhttps://zuul.opendev.org/t/openstack/build/0a8f54843e134d21afe261089421c5ad15:45
gibihence my above disucssion with th eironic folks15:45
sean-k-mooneythat sound like a regression becuase it used too15:47
sean-k-mooneymaybe that was before we dorped the depns on ectra15:48
sean-k-mooneyi did review at least one tempet run which i tough was on th enova patch wit it workign end ot end before15:49
sean-k-mooneygibi: https://review.opendev.org/c/openstack/ironic/+/983219/1 did you push an entirly empty commit?15:56
sean-k-mooneyin gerrit that litcally only has a commit message for me15:56
sean-k-mooneyit did tirgger jobs in anycase im jsut wonderign if that is a gerrit rendering bug15:57
gibisean-k-mooney: it is an empty commit yes15:58
gibiI can update that to have some change in it15:58
sean-k-mooneyno need15:58
sean-k-mooneyi just didnt know you coudl have entirly empty commits15:59
gibigit by default rejectes it but you can use --allow-empty :)15:59
sean-k-mooneyoh ok15:59
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova/+/942528/comments/42b2fbf7_78b47e56 was where i taced this before by th eway16:00
sean-k-mooneyso in the past tempest was callign the console16:01
sean-k-mooneyno matches in the autodetect version16:02
sean-k-mooneygibi: ok https://github.com/openstack/ironic-tempest-plugin/commit/29cd41eb3659138baa8d3eab06797fe2189ac7dc16:07
sean-k-mooneythe test was reverted so we need ot unrevert it16:07
sean-k-mooneyor rever tthe nova feature for partity :P16:07
gibi:P16:08
sean-k-mooneyso you shoudl be able to test it with a ~DNM to nova with a depens-on to https://review.opendev.org/c/openstack/ironic-tempest-plugin/+/98207716:10
sean-k-mooneyor a dnm on that repo with a depens on agains the nova change either way works16:11
sean-k-mooneyactully no16:13
sean-k-mooneywell. that does not appre to currenlty be runign the test as a sperate test16:13
sean-k-mooneyit might be part of ironic_tempest_plugin.tests.scenario.test_baremetal_basic_ops.BaremetalBasicOpsAndRescue16:14
sean-k-mooneyas a sideffect16:14
sean-k-mooneyill check but this shoudl be a sperate test so its clearly visabel in the tempest report16:14
sean-k-mooneyok its embded in the largere test not its own thing...16:15
sean-k-mooneywhich was partly why it was so hard to debug before16:15
sean-k-mooneygibi: on second tought this sound like a next week us problem. i left a -1 on the ironic-tempst-patch since it currenly not actully validating the console works16:22
gibiThanks.16:24
gibiIt is definitely not earlier than next week us problem for me ow16:24
gibinow16:24
sean-k-mooneyim checkign ont thing while im at it16:25
sean-k-mooneywe had 2 jobs in diffent pipelien one was testign with ironic sharding16:25
sean-k-mooneyand the other was testing without it to make sure both work16:26
sean-k-mooneyok this one does not have the shared key defiend so hopefully our other ironic job still does16:26
opendevreviewClif Houck proposed openstack/nova master: [WIP] perf(ironic): eliminate O(N²) ProviderTree deepcopy at startup (B6)  https://review.opendev.org/c/openstack/nova/+/98067616:27
sean-k-mooneyironic-tempest-ipa-wholedisk-bios-agent_ipmitool-tinyipa16:27
opendevreviewClif Houck proposed openstack/nova master: perf(ironic): eliminate O(N²) ProviderTree deepcopy at startup (B6)  https://review.opendev.org/c/openstack/nova/+/98067616:28
sean-k-mooneyah its ironic-tempest-ipa-wholedisk-direct-tinyipa-multinode-shard16:29
clifJayF: sean-k-mooney ^ I cleaned up that commit a bit and now tests pass for me locally. The change looks reasonable to me and I'm somewhat convinced that it provides a speedup16:29
sean-k-mooneyand that in the weekly perodic16:29
sean-k-mooneyack so you pulled that out onto master directly cool16:31
clifyep16:31
clifunit tests needed a small change to pass due to new arguments to expected calls16:31
clifmy caveat is I'm still very new to the nova codebase in general16:32
sean-k-mooneyah makes sense16:32
sean-k-mooneythis likely need more test coverage but did you have a chace to do any manual testing of this with a real or simulated ironic?16:32
sean-k-mooneyjay mention there is a db simulator thing in ironic but i didnt have a change to dig into it16:33
clifI haven't done manual testing with it no, I can take a closer look at test coverage16:33
sean-k-mooneywe liekly dont need/want the simulator in this change but we might want to add some simpel unit test that create a repesteive provide tyree cache with 1, 10, 100 nodes and do some very simple scale tests16:35
JayFgoing from "working ironic devstack" -> "working ironic devstack with lots of fake driver nodes" is trivial by hand16:36
JayFI am actually working today on hooking it up via devstack config16:36
sean-k-mooneyoh cool16:36
sean-k-mooneyso that should be simpler to tst we litclly jsut need to stop and start nova and see how long it take to compelte if so16:37
sean-k-mooneynova -> the nova-compute16:37
JayFyeah16:37
JayFhonestly the culture here has always seemed to only count proof if it runs in CI16:38
JayFso I wans't even going to attempt a manual test16:38
sean-k-mooneywell yes if its not in ci we assume its broken16:38
sean-k-mooneybut i jsut wanted to be sure we saw a speedup before we spent too much time on this16:38
sean-k-mooneyi.e. to make sure it really not a test artifact16:38
sean-k-mooneyso a one of manual test to confirm build confindence in the aproch 16:39
clifI don't mind attempting manual testing, I will say the change logically makes sense to me. Doing less work should *almost* always result in a speed increase16:42
sean-k-mooneyclif: yep what im hoping the manaul test will show is how big or small this is to the overall tiem16:42
sean-k-mooneyin a real system16:42
sean-k-mooneythe next speed up to try woudl be hte mutli threading patch 16:43
sean-k-mooneythose are where i think most of it will come form16:43
sean-k-mooneyout of the inifally few16:43
clifyep, thats the one I want to look at next16:43
JayFmy downstream wanted to pull down that multithreading patch yesterday and I told em to wait for clif :D 16:43
JayFevent-based updates for ironic node provision state is apparently a real need for them; it can take 20-30 minutes post-cleaning for a node to return to inventory16:44
clifyea that's... not ideal to say the least16:44
sean-k-mooneyclif: for what its worth we often do add context like this to commti message if we have the data16:46
sean-k-mooneyhttps://review.opendev.org/c/openstack/nova/+/42714516:46
sean-k-mooneyits not really ment to be a rigorus test jsut indicitive16:46
sean-k-mooneyJayF: i need ot understand the delay there more but not today16:47
JayFthat periodic has to complete16:48
JayFone of the big ones that are kinda awful on ironic16:48
sean-k-mooneywell it shoudl not really depend on that16:48
JayFthat's what I wanna fix :D 16:48
sean-k-mooneyso i want to understand why16:48
JayFsame, I haven't gotten there yet16:48
JayFand mostly am asking clif to get there :D 16:48
sean-k-mooneybecuase when a node is cleanign it placement recouse provider shoudl jsut have reserved=total for the baremetal resocue class16:48
sean-k-mooneybut ironic can just set reserved back to 0 directly in placment when its done cleaning and its in the aviable state16:49
JayFyeah, we don't do ANYTHING with placement now16:49
sean-k-mooneyso i just want to make sure we are not doing somethign dumb like recreating the RP and deleteing it based on the state16:50
sean-k-mooneyoh ok16:50
sean-k-mooneyso it relying on nova to poll ironic exclusivly16:50
JayFyeah this is the stuff I was talking about for fixing for Ironic16:50
JayFyep16:50
sean-k-mooneyand notice that the state has moved to avaible and we update it16:50
JayFthere are lots of opportunities for ironic to push via nova events api and/or talk to placement directly16:50
sean-k-mooneyack ya16:50
sean-k-mooneywe can talk about that more whewn we both have more time16:50
sean-k-mooneythere defintly ways to short circut the perodic 16:51
melwittdansmith, sean-k-mooney: I dunno if one of yall could help but there are a couple of patches needing a second +2 to start vtpm live migration testing in CI, devstack https://review.opendev.org/c/openstack/devstack/+/958254 and nova https://review.opendev.org/c/openstack/nova/+/97884116:54
melwitton the devstack one mdevctl is included and IIRC it was something maybe sean had suggested on IRC to include but I don't think it's needed for vtpm. I can remove it if desired16:55
sean-k-mooneysure i can look at them now16:56
sean-k-mooneyim pretty sure i have looked at or asked you about hte devstack one before16:56
melwittyeah same. thanks16:57
sean-k-mooneydo we also need https://review.opendev.org/c/openstack/devstack/+/968114 ?17:02
melwittoh hm, checking, I forgot about this one17:03
sean-k-mooneyhttps://review.opendev.org/c/openstack/devstack/+/968114/comment/fdbb7370_567faacf/17:05
sean-k-mooneyso that will work but only on single node17:05
melwittI can't remember why I did that, must have been before I realized it wasn't needed17:05
melwittI don't find any patches that depends-on this 17:05
sean-k-mooneyif we want to be able to enable this on a compute (without barbican) we woudl have to have a flag17:05
sean-k-mooneyack17:05
sean-k-mooneyso the nova job you worte17:06
sean-k-mooneyis using barbican on the contoler17:06
sean-k-mooneybut disbaeld on the compute as we would expect17:06
sean-k-mooneyi wonder are we using the castalan optiosn or something for the key manager17:06
sean-k-mooneymelwitt: meta question is there a reason not to put this into nova-next or nova-alt-config?17:07
melwittit is using castellan but I don't remember where it's defaulted to that 17:07
sean-k-mooneywe can move this testing later by the way im jsut confiming17:08
melwittsean-k-mooney: it requires nested virt in order to work, so I think I was likely thinking to make as small and short a job as possible to not have as much contention17:08
sean-k-mooneyok i was thinking of movign the nova-next job ot use nested virt a while back17:09
melwitti.e. a longer job that requires nested virt will tie up the limited CI nodes that support nested virt17:09
sean-k-mooneyhttps://zuul.opendev.org/t/openstack/build/82adf7b225984621891eae9f930ba6ab/log/compute-host/logs/etc/nova/nova-cpu_conf.txt#5917:09
sean-k-mooneyso i can see the backend is set correctly17:09
sean-k-mooneybut we do not have a barbican section defiend17:10
sean-k-mooneyoh17:10
sean-k-mooneyi know why17:10
sean-k-mooneymelwitt: so today we are usign the user token to talk to barbican17:10
sean-k-mooneywe only need that config secton for the deployment mode17:11
sean-k-mooneyand that not merged yet17:11
sean-k-mooneymy expection is we are currently just lookign up the barbican endpoing form teh tokens service catalog17:12
melwittI think maybe it was that we settled on using the [service_user] config section instead17:12
sean-k-mooneyan no17:12
sean-k-mooneywell as a fallback17:12
sean-k-mooneybut not as the primay 17:12
melwittbecause there are no patches currently depends-on it so it's not being used by the patches I have up that are testing deployment mode17:12
melwittit is the primary, there was a lot of discussion on it and that's where we ended up17:13
sean-k-mooneyhave we merged that because i feel like i have have proably be -1.5 on that if i was invoveld17:14
melwittcomment thread here https://review.opendev.org/c/openstack/nova/+/942021/45/nova/context.py17:14
melwittyeah it's merged17:14
sean-k-mooneywe shoudol not be suign the service_user section to tlak to barbicn or any ohter service in my opinion17:14
melwittwhy do I always work on the most controversial stuff (haha) this and ephemeral encryption I swear everyone has a different opinion17:15
sean-k-mooneywe cant assume that barbican is in the same region for one 17:15
melwittI mean ... if [service_user] is meant to talk to all of the services, how can it do that if the region isn't the same? that section is used for all the service token stuff17:17
sean-k-mooneyits not17:17
melwitt"send_service_user_token = True" ?17:17
sean-k-mooneyservice user is for one thing and one thinkg only generating a service token to do lifetime exstions fo the user/admin token17:17
sean-k-mooneyyes17:18
melwittyeah, I know. I think all of that is discussed in the thread17:18
sean-k-mooneyright so usign it to create a user token for nova is not ok17:18
melwittpersonally, I don't really care which section it was but I tried re-using the other ones and it failed massively. so it's either [service_user] or we make a new [barbican] section17:19
sean-k-mooneyyep we shoudl have a new barbican section17:19
sean-k-mooneythat expclity what im suggeting17:19
melwittyeah, and I did propose that but I can't remember how it got disagreed about17:19
sean-k-mooneyi would prefer if that was also a hard requiremt to use this17:20
sean-k-mooneyi.e. make it an error to have deployment enable and not ahve the barbican section defiend if the backend is set to barbican17:20
melwittI guess we could still change it given that we don't support 'deployment' live migration yet and so it's left out of the docs for now17:21
sean-k-mooneyits not to late to fix this we dont ahve any code usign yet right looking at the serises17:21
melwittbut I really need people to get on the same page and agree because this majorly sucks for me17:21
melwittI'll add it as a ptg topic, since that's happening soon anyways17:22
sean-k-mooneyi was also talkign to gmaan about incorrect use fo service tokens in other project 17:22
sean-k-mooneywe caught an unintiall issue with glance/cidner very close to the ff17:23
sean-k-mooneywe also need to envutaly clean up the workaroudn we have in cinder for voluem attafchments17:23
sean-k-mooneyi think gmaan wanted to write ups some docs on this to calrify a few thing but i might be miss rememebrign17:24
melwittack17:24
sean-k-mooneywe do have a barbical sectionin our cofnig by the way 17:46
sean-k-mooneyhttps://docs.openstack.org/nova/latest/configuration/config.html#barbican17:46
gmaansean-k-mooney: here is summary on that but yes as melwitt said we can discuss it in PTG also and I can work on document on what to use when (once we all agree on it)17:50
gmaankeystone_authtoken: is used only at API layer so vTPM usage is from nova compute so it is not possible to use in this case.17:50
gmaanbarbican user: if i am not wrong here, vTPM secrets are owed by nova service user not barbican service user so user configured in barbican section is not suitable to use in vTPM. That is my understanding during that discussion . melwitt correct me if that is wrong.17:52
sean-k-mooneythe user configred in teh barbicna section shoudl be nova17:52
sean-k-mooneyit shoudl nto be barbican17:52
gmaanwhy17:52
sean-k-mooneybecause nova shoudl never have the user/password fo another service17:52
gmaanit should be barbican given user to nova so that nova can talk to barbican. same as nova service user is configured in cinder conf nova section17:53
sean-k-mooneythat is one of our security hardign recommedation and someitn we have been plannign to fix in devstack for a while17:53
sean-k-mooneygmaan it is the user thant nova shuodl use to talk to barbcina yes. conventionally nova but it can be any user and that is the user who shoudl own the secret17:53
sean-k-mooneywhaterver there name maybe17:54
gmaan1 sec, I think i mixed it17:55
sean-k-mooneyi condire it incorect to use the service_user section to create the primary token for any request period17:56
gmaanyes, barbican section should have nova service user. i saw the devatack example which are all mixedup17:57
gmaanlet me check comments again why we did not use barbican section17:58
sean-k-mooneyits because fo castalan17:58
sean-k-mooneyi think17:58
sean-k-mooneyi need to doubel check17:58
sean-k-mooneywe have both a barbican and barbican_service_user section today17:58
sean-k-mooneybarbican is almost complete but its not the full set of keystone auth options17:59
sean-k-mooneyhttps://docs.openstack.org/nova/latest/configuration/config.html#barbican-service-user17:59
sean-k-mooneythe option are splict between the two sectiosn today18:00
sean-k-mooneyhttps://github.com/openstack/nova/blob/653f7a42d0c9db126c0d5eb94af8945732f68d72/releasenotes/notes/deprecate-barbican-config-options-68ae65643ac41e2f.yaml#L418:01
gmaanright, becauwe of castalan. so if itis from API interaction only them keystone_authtoken is right section which has the nova user but when it is way wider than just API, service_user is the only nova service user exist to use18:04
sean-k-mooney right which we cant use18:04
sean-k-mooneyso we need a new section be it barbican_client or we use teh castalan options18:04
gmaani know that is what i mentioned in your discussion also, we need to get an agreement on which one to use when, but in current design what other option we have?18:05
sean-k-mooneyso i dont think we shoudl provceed with the current design18:05
sean-k-mooneythe option are use both sectionvs form castalan or add a new barbican_client option  or fix the option in castalane so that the brbican options are not splict18:06
sean-k-mooneyfixing castalan would be my prefernce18:06
sean-k-mooneythen we can just use the barbican section dirctly18:06
gmaanyeah, if we fix the castalan or add a new section then we can use but i feel we need to make a general agreement on 'why not to use service_user'18:09
gmaanone use case of that is for token expiry which can be send along with user token but also a user to interact other serviecs if nova compute (other than API) service want18:10
sean-k-mooneybecause it only for token lifecycle exteion and we need to be able to have diffent CA/region/users configured for every service we talk too18:10
sean-k-mooneyi know there is an assumtion in general that the service_user user will have the service role and or admin role18:11
sean-k-mooneybut we cant actully rely on that18:11
gmaani agree for that. here specific case if comoute service want to talk where our existing normal service users per service section does not work18:11
gmaanbcz they are registered and tied at API service level for example keystone_authtoken18:12
sean-k-mooneyper service section are not needed if we are suign a users token because we can use that tokens service catalong to find the endpoint 18:12
gmaananwyays, let'sa discuss it in PTG and see if we can get agreement18:12
sean-k-mooneyalthough even the we do uses the cofnig sectoin to knwo which endpoithn we talk too18:12
sean-k-mooneyac18:13
sean-k-mooneyack18:13
gmaanaccordingly I can work on some doc on that, which is what i mentioned to you about doc bcz it is not consistent and agreed18:13
sean-k-mooneyanyway melwitt  we got side tracked18:14
sean-k-mooneyi approved the devstack patch18:14
sean-k-mooneyi think once i look at the tempest resut im ok eot start ith the nova-vtpm job as seprate but i would really prefer to consoldiate it with nova-next or nova-alt-config i think in the future18:15
melwittthanks sean-k-mooney 18:23
sean-k-mooneyso its currently runnign 3 live migrtiton tests https://ee4ee966b92d55ec0885-e7631c5842b30279943de651c580e67f.ssl.cf2.rackcdn.com/openstack/82adf7b225984621891eae9f930ba6ab/testr_results.html18:24
sean-k-mooneythat usign the host policy right18:24
sean-k-mooneywhere we copy the secret over rpc18:25
sean-k-mooneyand i assume we will have additoanl tempest test for deployment eventually with a new compute feature flag or a change to the tempest config to enable those later18:25
melwittyes18:25
melwittyes, those are proposed already bc what I did was split them out when we weren't going to get to merge deployment mode yet18:26
sean-k-mooneyack but they will need to be gated by a new flag in the compute_feature_flags in tempest or similar in whitebox18:27
sean-k-mooneybecasue master tempet need to supprot the older branches i.e. 2026.118:27
gmaanyeah18:27
sean-k-mooneyso we will eenither need to have a new config for the aviabel deployment modes18:27
sean-k-mooneyand skip based on taht 18:27
sean-k-mooneywhich woudl be my prefernce in this case since ist a list in nova18:28
sean-k-mooneyor boolean values18:28
sean-k-mooneythe reason im askign is becasue i dont see the poplicies defiend here https://review.opendev.org/c/openstack/nova/+/978841/6/.zuul.yaml#42418:28
sean-k-mooneylooks like tempest currently just has a bool for is it suprptoed at all https://review.opendev.org/c/openstack/tempest/+/957475/31/tempest/config.py18:30
melwittah it's bc during review we changed to make the parent job devstack-whitebox-multinode and they are set there already18:30
sean-k-mooneywhich is ok for now but we will need to evolve that18:30
melwitt*whitebox-devstack-multinode18:30
sean-k-mooneyit also only hass a bool18:31
sean-k-mooneyhttps://opendev.org/openstack/whitebox-tempest-plugin/src/branch/master/whitebox_tempest_plugin/config.py#L371-L37318:31
sean-k-mooneynot which mode the host is in18:31
sean-k-mooneyi guess18:32
sean-k-mooneyfrom a pure tempest poitn of view it does not care18:32
melwittyeah, since we split the policies we'll need a separate gate for the hibiscus ones. if it had not split we would just have the bool. but alas18:32
sean-k-mooneybut we cant test both mdoes properly at the same time18:32
sean-k-mooneymelwitt: so the point im tryign to make is we need to be able to test botht the case wehre nova owns the secrete18:33
sean-k-mooneyand the case wehre the user does but we can copy it 18:33
melwittyeah I was thinking of the current config of the supported modes is in whitebox https://opendev.org/openstack/whitebox-tempest-plugin/src/branch/master/.zuul.yaml#L109 so we didn't have to do it in the nova .zuul.yaml18:33
sean-k-mooneyand i dont see how we can do that without either 4 nodes18:33
sean-k-mooneyor reconfigurign the nova config18:33
sean-k-mooneywe used ot reconfigure the nova config in whitebox and still can durign test but we tried to move aways form that for stablity reasons18:34
melwittit currently works to test both modes so I'm not yet sure why we would need to change config but I'm sure i'm missing something18:35
melwitt(the proposed patches not yet merged works with both modes)18:36
sean-k-mooneyho do you knwo form one execution in a job where both deployment and host are allowed which the vm is using and how are you forcing that18:36
melwittor is your point that that would change since H was cut?18:36
sean-k-mooneyim saying we need to test with host mode (rpc copy) and with deployment mdoe secrest owned by nova)18:37
sean-k-mooneyand we need to ensure that one or the other is used durign the migrtion18:38
melwittthere are currently separate tests for each mode and they both run in the same job, last I checked. I don't know if cutting the branch could have changed that18:38
sean-k-mooneywithout lookign at somting like debug messages18:38
sean-k-mooneyoh they are forciign the mode via image properties18:38
sean-k-mooneysorry flavor extra specs18:39
sean-k-mooneynot image proeprties18:39
melwittyeah you have to select the mode18:39
sean-k-mooneyright18:39
gmaanI think we are mixing the deployment mode testing in current changes. I have not reviewed/thoguht about deployment mode yet as those are not merged but host/user worked fine in existing tests/job18:39
sean-k-mooneygmaan: no i forgot that we can expicty set the mode in teh falvor18:39
gmaanohk18:40
sean-k-mooneygmaan: we talked about haveing default per hsot and listing what each host can allow ectra in teh config18:40
melwitt'user' currently is just verifying it's still blocked in the API but we were chatting about enabling live migration for 'user' if the API policy or secret ACLs would otherwise allow it18:40
sean-k-mooneyand i was tryign to understand how a host that allows all 3 was tested spertaly with all 318:40
melwittyeah, that got changed during spec review. no more choice on the default, 'user' is the only default18:40
sean-k-mooneyright this is one of the thing that evovled18:41
sean-k-mooneyand in the last ptg we entirlly remvoed the image options18:41
melwittright18:41
sean-k-mooneybecasue fo the resize isssues18:41
sean-k-mooneyfeels weeried that we chose the make it simpler option18:41
sean-k-mooneywe shoudl do that more18:41
melwittbecause rebuild is not implemented, so we didn't want to create a path where the user gets stuck with a mode and can't change it18:42
sean-k-mooneyso i have been ocationally suggeting to james that we look at runign more of whitebox in nova-next this cycle18:43
melwittif your image properties are locked-in (bc you can't rebuild), you will have a flavor/image conflict for resizes18:43
sean-k-mooneymelwitt: yep i just had paged out that converstion18:43
sean-k-mooneyok after reviewign the whitebox code as well im ok with moving forward with this job for now18:44
melwittyeah. it's been a long and complicated journey18:44
sean-k-mooneymelwitt: before we add new test i woudl like to change the whitebox cofnig slightly so we list which polices are enabeld 18:44
sean-k-mooneyi think18:44
melwittok. yeah I was just thinking we merged all the tests and etc but no job running them so I figured maybe we want to go with that for now and then whatever happens this cycle I can adapt it18:44
sean-k-mooneyand skip the relevent tests18:44
sean-k-mooneyno its just user and host form what i saw18:45
sean-k-mooneywhen we add deployment without another way to know if it shoudl work it will block the 2026.1 branch18:45
melwittright. and user is kind of a negative test, it just verifies that requests are rejected18:46
sean-k-mooneywell i guess it wont but only because this job is not there18:46
sean-k-mooneybut i assume we woudl liek to backport this job?18:46
sean-k-mooneyto have coverage18:46
melwittI have not heard anyone suggest that yet18:46
melwittwe have coverage by way of whitebox which IIRC runs as a periodic18:47
sean-k-mooneyi mean its not hard to do and the test coverage would be valuabel but its not strictly requried18:47
melwittthis latest thing we are making it sort of an official nova thing I guess18:47
sean-k-mooneyyes in the weekly perdic job18:48
sean-k-mooneybut i dont think whitebox-devstack-multinode18:48
sean-k-mooneycurrently runs this test18:48
melwittoh you mean since we missed the window in G. yeah that's true18:49
sean-k-mooneyunless i missunderstood18:49
melwittso yeah I guess we need to backport it.18:49
sean-k-mooneythe host policy did merge before feature freeze adn is in 2026.1 right18:49
melwittno you're right. I've just been brain fried18:49
melwittyes18:49
sean-k-mooneyok cool.18:50
sean-k-mooneywe could do this slightly diffently.18:50
sean-k-mooneywe coudl move whitebox-devstack-multinode to check18:50
sean-k-mooneyand update whitebox-devstack-multinode to run the vtpm test by default18:51
sean-k-mooneythat woudl give us a weekly perodic on 2026.1 i think18:51
sean-k-mooneythat getting to complciated 18:51
gmaantests are present in 2026.1 so yes job needs to be backported 18:53
gmaanmelwitt: sean-k-mooney: on service users/interaction standardization, I added separate topic than vTPM one added by melwitt so that we can discuss/audit rest all other cases also https://etherpad.opendev.org/p/nova-2026.2-ptg#L161 18:54
melwittsounds good gmaan 18:55
gmaani will details later, feel free to add other case if i missed any18:55
gmaanoutcome of that can be to write the agreed approachs in document18:55
gmaanI didn't want to mix it (as it has other cases also) in vTPM one so added as a separatetopic18:56
melwittyeah I think that makes sense18:56
gmaannot sure which one we should discuss first but that we can figure out in PTG 18:56
melwittwe could probably merge the topics, I could add mine as sort of concrete example18:57
gmaan++18:57
sean-k-mooneymelwitt: i just +2w the nova-vtpm job wiht some notes18:57
sean-k-mooneyso assuming the devstack patch merges it shoudl merge shortly there after18:58
melwittcool, I'll move the vtpm topic under the general service user topic18:58
melwittthanks sean-k-mooney 18:58
gmaanon backport, along with backporting job, we need devstack backport also. 18:59
sean-k-mooneyone of the feature im implemnntign for cyborg this cycle si SRBAC18:59
sean-k-mooneyso oen of the topic i was goign to have for the nova/cyborg session was how to evolve nova to talks to cyborg with service token in the future19:00
sean-k-mooneyso we can like group that after the general service_user topic19:00
gmaanyeah, thast will be better19:01
sean-k-mooneyit doesnt have to be back to back but we shoudl rsovle that first19:01
gmaanmaybe somthing Uggla ^^ can do while scheduling or i can remind 19:01
sean-k-mooneyi dont think bookings have opened up yet19:02
gmaanslot booking? 19:02
sean-k-mooneyut im goign to try and see of i can aovid to many conflicts between the nova watcher and cybrog tracks19:02
sean-k-mooneygmaan: ya the session request was a whiel ago19:03
sean-k-mooneybut i have not recived the email fro bookign specific slot yet for cybrog19:03
sean-k-mooneybut im expecting that to happen in the next week or so19:03
gmaanit is open, I am not sure there will be separate email for that?19:04
gmaanyou can see booking happening  in #openinfra-events19:04
sean-k-mooneyi was told to expect one by sylvian but i guess i can check with allison19:04
sean-k-mooneyok i was waiting for a notifiction i gues i can figure that out next week then19:05
gmaanafaik, once team PTG booking is confirmed, you can book slot anytime19:05
sean-k-mooneyok i need to chnage the ether pad linkes that were auto created19:05
gmaanmany projects already booked 19:06
gmaanhttps://ptg.opendev.org/ptg.html19:06
sean-k-mooneyok i was specificly under the impression that the modeerators for each session would be notifed when we can start doing that 19:06
sean-k-mooneylooks like nova is not there yet ill sync with Uggla next week19:07
gmaanyeah19:08
Ugglasean-k-mooney, I'll book the slot tomorrow, because I'll be on PTO next wwek19:12
sean-k-mooneyUggla: what days were we thinking for the ptg19:13
sean-k-mooneyi may have missed it but i was not sure that was dicsussed in the recent irc metting19:13
UgglaI thought about Tue --> Fri19:13
sean-k-mooneyack im condierign doing the actul cyborg ptg on monday or tudesday19:14
sean-k-mooneywe coudl do the corss rpoejct session on one of the nova days19:14
sean-k-mooneywathcer is wednesday-friday19:15
sean-k-mooneyalthoguh firday is shorter due to the tc sessions19:15
Ugglayep expecting to close a bit earlier on friday.19:16
sean-k-mooneyok we can figure it out when your back form pto19:16
sean-k-mooneyill put in some temp cybrog slot on monday and tuesday for now and we can see fi there is a good slot free for the cross project when your back19:17
Ugglasure we will have 1 week to prepare. Right now we have few topics, but I'm pretty sure it will grow next week.19:17
sean-k-mooneyi still ned to find time to prepare a small number fo high priroty topics19:18
sean-k-mooneyjust an fyi one of the things im goign to do is propse a very target spec to chate 2 things in the schduler one fo which si optional to maybe enabel cybrog to do numa in placment before nova does19:18
Ugglaok19:19
sean-k-mooneybut i need ot find time to write that up but that was oging to be one of the topci i brought up 19:19
sean-k-mooneythe other would be the chagne needed to compelte vgpus with cybrog and how nova and cybrog talk to each other19:20
sean-k-mooneythose are the 3 general teeme at least19:20
sean-k-mooneywe might decied to push the numa topic to a future cycel btu we can see19:20
Ugglabtw I don't know if we have requirments to set cross team session ? (beginning of the week ?)19:21
sean-k-mooneywe dont but its often better to do19:22
Ugglamaybe gouthamr knows about iy ^19:22
sean-k-mooneyhistorically trhey happend on monday19:22
gouthamryes, monday and tuesday19:22
sean-k-mooneyso we coudl do monday between 13-150019:22
sean-k-mooneybefore the tc session start19:23
Ugglayeah so maybe I'll book the full week and adapt later.19:23
gmaanMonday 15 - 18 UTC is I see the leader interaction sessions booked 19:23
gouthamrwe'll have to email blast this info: "Please try and schedule all cross project meetings at the beginning of the week, preferably by avoiding project-only sessions at the beginning of the week" 19:24
gouthamrwe can't get all of it, but, will be good to coordinate and attempt19:24
sean-k-mooneygmaan: ya the last 3 hours of that slot are the tc ones19:24
gmaanyeah19:24
Ugglagmaan got it, i'll avoid TC of course19:24
sean-k-mooneygouthamr: so taht can be a litte togh if you wnat to try and attend all or as much as possibel fo  cybrog nova, watcher and tc seesions19:25
gouthamralways :( but we can try our best.. i think Monday for the TC will also be "forum" style - so we'll def address cross project stuff, even if all of it isn't "governance". I'm going to try to get some TC buy in for this19:26
Ugglasean-k-mooney, I see that as a trend to book x session first. 19:26
sean-k-mooneygouthamr: im also tryign to decied if i want to bug a 00UTC slot or not19:27
sean-k-mooneyfor cybrog.19:27
gouthamrthe "community leaders" session will likely be followed by an operators forum.. the specifics are tbd.. i'll also work with hberaud to get the "eventlet-removal" discussion scheduled, likely on tuesday for 1 hour instead of two19:27
opendevreviewClif Houck proposed openstack/nova master: perf(ironic): eliminate O(N²) ProviderTree deepcopy at startup (B6)  https://review.opendev.org/c/openstack/nova/+/98067619:27
gouthamrsean-k-mooney: ah you might have some interest since past contributors have been from APAC19:28
sean-k-mooneygouthamr:right that why i was thinking of doing that on monday night and having the main seesion on tuesday19:28
gmaangouthamr: i think monday 3 hrs is too much for cross projects in TC? unless you are accommodating eventlet kind of topics also19:29
gmaanbcz these 3 hrs will take most of the Monday slots so other cross projects things will be difficult to avoid conflict 19:30
gouthamrgmaan: hmm, fair, i could cut that down to two hours if we don't have "cross project" impact. can i take until our next TC meeting (Tuesday) to decide? 19:30
gouthamrif that happens, you folks get an extra hour.. if not, i'll promise it'll still be something you'll want to join and participate in19:31
gmaan++, sure I mean, keeping it for TC is ok, but it will be helpful to know which hrs (out of these 3 hrs) hrs cross projects interaction/topic will be and which hrs TC specific19:32
gouthamri'll push TC/governance-only discussions to Friday as much as possible 19:35
sean-k-mooneywell its ok for them ot be on moday19:36
sean-k-mooneyits just we have a 2 hour widnow in the eu timeslot but htat a bit early for NA folks19:37
sean-k-mooneyso most corss project stuff woudl have to happenon tueday or durign the week19:37
sean-k-mooneyunless we do them in the na slots on monday 19:37
JayFsean-k-mooney: clif: I'll get https://review.opendev.org/c/openstack/ironic/+/983251 mergable tomorrow or next week, but it should be good enough to get started. Ironic+Nova services start with it enabled. There's a zuul job in there with a devstack config.21:56
clifnice21:57
sean-k-mooney[m]Cool just got to the ironc part of the openinfra live21:57
JayFit's mainly just an ad for the full one next week21:57
* sean-k-mooney[m] tries to ignore the conflicting use of the reserved capabilities: flavour extra spec22:01
sean-k-mooney[m][JayF_](https://matrix.to/#/@_oftc_JayF_:matrix.org) https://4a2cc9e4719053545829-344a6ad21c722e33f9112420ebbef28e.ssl.cf2.rackcdn.com/openstack/0127c1b07a614bf59b7652d259434573/controller/logs/local_conf.txt will be useful especially with the patch22:20
JayFsean-k-mooney[m]: feel free to give review feedback if it's on my change specifically; if it's an overall pattern then LOOK OVER THERE [/me runs]22:49
sean-k-mooney[m]Some telephone communication vibes.22:51
sean-k-mooney[m]Like instead of CUSTOM_GOLD trait I would expect you to use a CUSTOM_BEARMETAL_GOLD resource class so you can use unified limits of per sku quota and simpler billing22:55
JayFsean-k-mooney[m]: there's no doubt in my mind that some nontrivial % of that is carryover, if there are concrete improvements we can make in the devstack setup that'd be cool23:28
JayFsean-k-mooney[m]: I don't know as much as I should about the nova setup side of Ironic as I should, despite the work I've done on the virt driver, maybe could kill both those birds with one stone23:28
« Wednesday, 2026-04-01 Index Friday, 2026-04-03 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!