21:01:57 #startmeeting nova 21:01:58 Meeting started Thu Mar 28 21:01:57 2013 UTC. The chair is russellb. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:01:59 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 21:02:02 The meeting name has been set to 'nova' 21:02:05 o/ 21:02:05 #chair vishy 21:02:06 Current chairs: russellb vishy 21:02:06 Who's around to talk nova? 21:02:20 o/ 21:02:20 hi guys! 21:02:30 hi 21:02:41 yo 21:02:41 \o 21:02:57 vishy: mikal: you guys here? would be good for talking about this fixed_ip quota on ugprade issue 21:03:00 . 21:03:06 yay mikal 21:03:09 hi 21:03:09 \o 21:03:13 Sorry, just woke up 21:03:14 perfect 21:03:37 #link https://wiki.openstack.org/wiki/Meetings/Nova 21:03:42 #topic grizzly status 21:03:53 #link https://launchpad.net/nova/+milestone/grizzly-rc2 21:04:13 need to decide on plan for bug 1161190 21:04:14 Launchpad bug 1161190 in openstack-manuals "Fixed IPs quota can break upgrades" [Undecided,New] https://launchpad.net/bugs/1161190 21:04:21 #link https://bugs.launchpad.net/bugs/1161190 21:04:22 Launchpad bug 1161190 in openstack-manuals "Fixed IPs quota can break upgrades" [Undecided,New] 21:04:39 vishy: i didn't catch all of your earlier discussion with ttx ... 21:05:33 last comment on the bug is: "I think our best option here is actually to change the default to -1 and note in the release notes that providers should set it to a reasonable value." 21:05:40 So, we need to revist the default value for that quota in essex / folsom / grizzly 21:05:42 well the main issue is breaking existing users is really not ok 21:06:03 so the only option that won't break anyone is setting to -1 21:06:04 your comment there seems pretty reasonable 21:06:18 there are some hacky ways around it that will stop breakage in most situations 21:06:29 but they are hard to backport. 21:06:31 and document that it should be manually set to get protection 21:06:50 vishy: backports are probably re-writes, given the delta in quota code between releases 21:07:14 ttx: well, we suffered documentation fail with our first attempt at this... Apparently the quota isn't mentioned in the folsom release notes? 21:07:37 mikal: but setting to -1 by default should be easy, right? 21:07:44 I agree by the way, we should just set it to -1 in folsom / grizzly, and make sure its actually in the release notes 21:07:47 russellb: yes 21:07:57 We should also look at essex. Does it support -1s? 21:08:18 folsom/essex are a bit off-topic right now 21:08:43 Ok, but we need to fix them too. 21:08:43 We need a grizzly solution fast, for the others we have more time 21:08:46 so, who's going to write the grizzly patch? 21:08:49 I will 21:08:57 great, today? 21:09:00 Sure 21:09:12 k 21:09:26 * ttx would like to close the rc2 tomorrow and switch to regression-only mode 21:09:41 looks like that was the only outstanding issue 21:09:47 there's one other patch that was backported, but the gate is being mean 21:10:00 unit test fail 21:10:07 just rekicked 21:10:31 #note grizzly-rc2 to be closed out tomorrow, switch to regression only mode 21:10:37 anything else on grizzly status? 21:11:27 vishy: are you ok with RC2 publication tomorrow if the page shows everything is ok ? 21:11:28 #topic design summit 21:11:32 #undo 21:11:33 Removing item from minutes: 21:11:49 woo, nice, "undo" 21:11:54 heh, that didn't quite work 21:12:11 needs a better __repr__ 21:12:24 and needs to change the topic back :) 21:12:41 vishy: I'll assume yes unless you scream 21:13:17 k, feel free to come back to that topic later if needed ... 21:13:20 russellb: you can continue, we can ack that offline 21:13:21 #topic design summit 21:13:35 Deadline for submissions is the end of this weekend, but i'm really hoping we have everything already 21:14:02 as it's already quite full 21:14:28 After today, if you would like to discuss design summit planning with me, please email me directly. i'm going to be on vacation until Apr 10th or so 21:14:43 but will be working on summit planning in some stolen bits of time here and there 21:14:59 that generally applies to anything you want my attention for 21:15:36 #note Email russellb if you want his attention over the next couple weeks, on vacation, not on IRC 21:15:45 Do you want a flag in the subject or anything to make it easier to search? 21:15:57 [OMGWTFBBQ] Hope you're enjoying your holiday. 21:16:01 :) 21:16:15 whatever, be creative 21:16:27 just email direct, don't assume i'll see stuff on list ... 21:17:07 and of course we have the design summit soon to discuss anything big, so i don't think it'll be an issue 21:17:26 that's pretty much all i wanted to mention ... how to contact me during final summit planning 21:17:37 any last minute session proposals expected to come in? 21:17:49 or questions? comments/suggestions? whatever? 21:18:05 russellb: when will you finalize the approve for the sessions? 21:18:29 yjiang5_: before the design summit? :-) or whenever ttx says is the deadline ... 21:18:40 yjiang5_: shouldn't take me too much longer once I know I have the final list of sessions 21:18:47 russellb: :-) 21:18:47 yjiang5_: have a specific one you'd like to ask about? 21:19:02 russellb: the PCI/SR-IOV related stuff 21:19:25 russellb: "before the design summit" sounds good 21:19:28 :) 21:19:32 ttx: awesome. 21:19:45 ttx: heck i can pull that off by putting it off completely until after vacation! 21:20:04 yjiang5_: that's on my list of "very likely to accept for a full session timeslot" 21:20:11 russellb: the goal is to publish early in the week of April 8 21:20:24 "Key Community Members Going on Holiday Near Important Conferences and How It Can Be Prevented" 21:20:27 ttx: ok that's reasonable 21:20:34 russellb: thanks :) 21:20:47 russellb: did you notice if there was a topic on volume migration? 21:20:48 beagles: yeah ... i know ... i should have thought of this when i got married 5 years ago 21:20:58 russellb: so lame 21:21:19 russelb: i have an idea for it but it isn't worth a full session probably 21:21:44 vishy: there's not. there's one on volume encryption, and there's one on making block device handling more awesome 21:21:56 annnnd, let's see ... 21:22:04 :) 21:22:41 vishy: and "improving host maintenance and migrate APIs" 21:23:03 vishy: http://summit.openstack.org/cfp/details/18 21:23:10 sorta kinda related :-/ 21:23:21 that one might actually cover it 21:23:30 ok cool 21:23:45 vishy: let me know if you think of anything else 21:23:50 will do 21:24:02 i may have to merge a bunch of scheduler sessions as "lock scheduler people in a room parts 1 and 2" 21:24:38 too many good ideas for things to work on :) 21:24:44 \o/ 21:25:07 alrighty.. 21:25:11 #topic bugs 21:25:21 mikal would like to bang the bugs drum :) 21:25:44 Right. 21:25:50 So, we've fallen off the bug triage wage. 21:25:52 wagon even 21:26:03 We got lucky we noticed the folsom fixed ip upgrade bug as quick as we did. 21:26:11 * dansmith triaged several today 21:26:11 So y'all should remember to triage bugs please. 21:26:17 Fixing bugs is also nice. 21:26:19 https://bugs.launchpad.net/nova/+bug/1161175 should be in Grizzly I think 21:26:21 Launchpad bug 1161175 in oslo "tools/conf/generate_sample.sh fails" [Undecided,New] 21:26:22 #link http://webnumbr.com/untouched-nova-bugs 21:26:24 dansmith: I did notice that 21:26:29 mikal: woohoo! 21:26:57 * jog0 is sorry for jumping at the wrong time 21:26:58 That's all really. I just want to hassle people so they remember. 21:27:06 jog0: I forgive you 21:27:11 mikal: cool :) 21:27:22 jog0: what's the effect, those options not in the sample config? 21:27:33 russellb: yeah 21:28:05 russellb: this is the change needed to be synced in https://review.openstack.org/#/c/25297/ 21:28:09 yar ... seems safe enough if it can beat mikal's fixed_ip quotas patch, up to vishy though 21:28:52 russellb: I'll get the patch ready now 21:29:19 jog0: k, just sync up with vishy to see if he's good with it going into rc2 21:29:34 russellb: *nod* 21:29:42 so next is open discussion, and i have one question to start 21:29:45 #topic open discussion 21:29:59 I was talking to beagles earlier, he was asking me about floating IP behavior with nova-network 21:30:14 and whether it is expected that instances can't talk to each other over those IPs if they're on the same compute node 21:30:31 There has been at least one bug for this before 21:30:31 as that's what he sees after trying it, it was reported by someone else here internally 21:30:31 see, 21:30:35 I thought it was fixed? 21:30:41 I don't think that the instances should know their floating IPs 21:30:54 could be the case, i should note that this was all folsom probably 21:30:59 beagles: around right? 21:31:06 russellb: yes 21:31:15 I am sure that I saw vishy handle a bug like this a while ago... 21:31:28 as it happens, I found this bug about 10 minutes ago... 21:31:42 https://bugs.launchpad.net/nova/+bug/1096259 21:31:43 Launchpad bug 1096259 in nova "pinging own floating ip fails with external gateway" [Low,Fix released] 21:31:45 or rather 10 minutes before this meet started... 21:31:51 dansmith: well they don't, directly ... but it seems broken that you may or may not be able to connect to a given public IP, depending on something you're not supposed to care about (colocation of instances or not) 21:31:56 I think I was thinking of https://review.openstack.org/#/c/21689/ 21:32:20 mikal: nice 21:32:23 russellb: well, maybe 21:32:25 and that's grizzly only 21:32:29 https://bugs.launchpad.net/nova/+bug/1122335 21:32:31 Launchpad bug 1122335 in nova "Pinging a floating ip from an instance without floating can fail" [Low,Fix released] 21:32:35 We could talk about backports though 21:32:43 We know we need to do another folsom release because of fixed ip quota 21:32:45 mikal: ooh, I think I saw this but figured I messed my config up 21:32:59 beagles: note that patch isn't in folsom 21:33:14 * beagles nods 21:33:29 beagles: wasn't sure if you were testing latest or not for this 21:33:39 anyway, good references 21:34:07 right: I was at folsom.. .for my purposes, these are good clues as to what was going on. There is a documentation note that is somewhat... 21:34:07 discouraging 21:35:08 beagles: k, so may be as simple as backporting that patch ... we can talk more later 21:35:37 "Note that you cannot SSH to an instance with a public IP from within the same server as the routing configuration won't allow it. " 21:35:37 in http://docs.openstack.org/trunk/openstack-compute/admin/content/network-troubleshooting.html 21:35:38 granted it is somewhat ambiguous, but is this referring to a different case, or is it incorrect? 21:35:38 russellb: ack 21:36:34 sounds like it *should* work ... except dansmith has a fundamental disagreement that instances should ever be trying this anyway :-) 21:36:52 * dansmith stands firm 21:37:29 dansmith: i expect nothing less, sir! 21:37:31 :) I guess the case might be if that a client app somehow gets a URI (or similar) that has the public IP it should work without consideration of where that is 21:37:37 21:37:51 could be two different tenants entirely 21:37:52 I think Dan is wrong to be honest 21:38:00 that don't even know they're in the same cloud 21:38:04 IPs should always work 21:38:08 russellb: 'zactly 21:38:10 mikal: that's how i feel 21:38:37 so, I get that, 21:39:02 but it seems to me that the floating IP functionality is really an edge of the network notion (regardless of where it's implemented) 21:39:33 that should be used for directing traffic, load balancing, etc and the mere fact that it can sometimes work means that people will treat it differently than that 21:39:46 they can't bind to it on the instance, so they shouldn't know anything about it, IMHO 21:39:57 but I definitely see the other argument, of course :) 21:40:41 * beagles does not entirely disagree with dansmith 21:40:59 beagles: wait yes you can 21:41:11 oh wait 21:41:33 If the client can see the Internet, it can find its external IP no matter what we do, so obscuring it seems pointless. 21:41:35 beagles: there are some configurations where public -> public for instances on the same host may fail 21:41:45 but when asked why it doesn't work and trying to figure out if it can be made to work ... or not 21:42:17 beagles: it can work in some situations 21:42:38 a bug? or just fundamentally not going to work? 21:43:05 vishy: is it generally know what the key factors for not-going-to-work/should-work are? 21:43:20 s/know/known/ 21:43:28 dripton: it's not about whether it can determine it by colluding with an outside party, it's whether openstack's policy is that you're allowed to know it from an infrastructure point of view 21:43:37 beagles: at one point i know most of them 21:44:26 dansmith: i don't understand? why would we want to stop instances from knowing they have a floating ip? 21:44:58 beagles: iirc in most situations it is a security group problem, not a problem with traffic routing 21:45:00 and even if the instances don't know it, certainly the thing that deployed the application to the cloud knows it 21:45:14 vishy: well, maybe _we_ wouldn't I'm just saying it seems to _me_ that it's cleaner if they don't 21:45:19 beagles: as in it will look like the traffic is coming from the instance's private ip instead of its public. 21:45:55 * beagles nods 21:46:08 I suspect the DNAT/SNAT rules aren't entirely complete for this situation 21:46:08 i suspect we expose floating ips via the metadata server 21:46:11 but i don't remember 21:46:21 beagles: i looked at what it would take to fix it, it is really hard 21:46:33 we need to dynamically update ipsets for fixed and floating ips 21:46:44 and use ipsets in the rules instead of numeric ips 21:46:58 vishy: I managed to get it working at one point, but I had spent a few hours trying things out.. and I suspect I didn't undo something and couldn't find what the magic ingredient was 21:47:15 it gets really hard because security groups specify ranges 21:47:32 so you have to have special case rules if you are within a range 21:47:40 i ultimately decided it wasn't worth implementing 21:48:08 you'd have to do a fanout cast every time a floating ip moves telling everything to update their rules 21:48:10 * beagles nods 21:48:21 ugh 21:48:30 and you hve to look through every security group and say, do i fit in the range? if so special case a rule addition for the floating ip too. 21:48:48 if it's incredibly invasive, might be worth chalking up as a nova-network limitation, and only worrying about it in quantum 21:48:53 the good news is 21:48:58 yeah that is my thought 21:49:03 * beagles nods 21:49:19 that it is just security groups 21:49:35 so you just need to tell people that if they wish to use security groups 21:49:48 add rules for the floating range as well 21:50:12 or even better 21:50:18 don't use floating ips from instance to instance 21:50:24 :) 21:50:27 and use something else for your vip 21:50:32 like an haproxy instance 21:51:03 there is a known issue in the release notes for folsom about this 21:51:25 and some info i sent to the list about it when i realized that I can't fix it easily. 21:51:35 https://wiki.openstack.org/wiki/ReleaseNotes/Folsom#Known_Issues_2 21:51:47 "Security Groups do not mix well with floating ips. Users should use fixed ips in security group rules. More information here" 21:51:57 where here is http://lists.openstack.org/pipermail/openstack-dev/2012-September/001212.html 21:51:59 nice 21:52:16 cool 21:52:40 thanks a bunch, vishy 21:52:56 yes, thanks! 21:53:23 np 21:53:31 7 minutes left if anyone else has a topic 21:53:37 when was nova synced with oslo-incubator, when I did a sync of everything (of oslo grizzly and nova milestone) I get 71 lines cahnged 21:53:50 jog0: very recently 21:54:20 russellb: looking at the logs I didn't see a general sync in the milestone proposed branch 21:54:37 jog0: i did one before milestone-proposed 21:54:46 IIRC 21:54:52 no wait, that was after ... 21:55:03 yes, it was after. 21:55:14 we've only been backporting specific things we knew we needed 21:55:28 a lockutils thing ... some setup.py things 21:55:35 that i recall 21:57:22 As promised last week: https://blueprints.launchpad.net/nova/+spec/convert-to-alembic 21:57:28 russellb: ahh its just a little strange to not sync with the stable release 21:57:51 5 more session proposals during this meeting I think 21:58:37 dripton: nice, short on time to go into detail ... post to the -dev list to draw attention to code/wiki stuff once you have it to look at 21:58:46 russellb: ack 22:00:06 alright, time's up 22:00:08 thanks everyone! 22:00:10 #endmeeting