#openstack-meeting-3 log

16:00:15 <gibi> #startmeeting nova
16:00:16 <openstack> Meeting started Thu Feb 18 16:00:15 2021 UTC and is due to finish in 60 minutes.  The chair is gibi. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:17 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:19 <openstack> The meeting name has been set to 'nova'
16:00:31 <lyarwood> o/
16:00:33 <gibi> o\
16:00:34 <artom> ~o~
16:00:51 <gmann> o/
16:00:53 <artom> Wait, I want to be Adam Driver from Star Wars
16:00:54 <artom> +o+
16:01:04 <dansmith> o/
16:01:12 <elod> o/
16:01:59 <gibi> #topic Bugs (stuck/critical)
16:02:03 <gibi> no critical bug
16:02:07 <gibi> #link 12 new untriaged bugs (-1 since the last meeting): #link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New
16:02:15 <gibi> Is there any specific bug we need to discussi?
16:03:20 <bauzas> \o
16:03:27 <stephenfin> o/
16:03:53 <sean-k-mooney> o/
16:04:25 <gibi> if no specific bug then
16:04:26 <gibi> #topic Gate status
16:04:45 <gibi> I don't track any high visibility gate failure so I think the gate is fine :)
16:05:00 <gibi> tell me if not :
16:05:06 <dansmith> nothing specific to nova that I know of,
16:05:10 <dansmith> but perf hasn't been great
16:05:16 <dansmith> I'm still pushing on some things
16:05:29 <dansmith> did we merge that patch to convert two jobs to parallel? I don't think we did
16:05:37 <lyarwood> we did
16:05:47 <lyarwood> no issues thus far AFAICT
16:05:51 <sean-k-mooney> oh nice
16:05:53 <dansmith> oh cool
16:05:56 <lyarwood> https://review.opendev.org/c/openstack/nova/+/775293
16:06:18 <gmann> yeah
16:06:22 <sean-k-mooney> lyarwood: any update on the cirros image rebuild?
16:06:38 <lyarwood> dansmith: btw, did you want to push ahead with the standalone grenade job removal ahead of the actual migration of grenade to zuulv3?
16:06:59 <dansmith> lyarwood: well, I was deferring to you on that... I thought you wanted to wait
16:07:06 <dansmith> just being not on focal doesn't seem like a huge deal to me,
16:07:11 <dansmith> but if it is, then ... that's fine
16:07:17 <lyarwood> sean-k-mooney: only that the fix for q35 landed but the cirros team don't see a release coming soon, going to send a mail later about hosting a dev build somewhere for us to use
16:07:29 <gmann> yeah may be waiting for migration nova grenade to zuulv3 is better
16:07:43 <lyarwood> well that assumes that someone is working on it
16:07:43 <gmann> dansmith: it is not focal. all legacy are on bionic
16:07:49 <dansmith> gmann: I know
16:07:50 <lyarwood> I've not got the bandwidth at the moment
16:08:00 <lyarwood> so we either put it off and continue to consume resources
16:08:04 <sean-k-mooney> lyarwood: ok yes i see https://github.com/cirros-dev/cirros/issues/64 is closed thanks.
16:08:13 <lyarwood> or switch to just multinode now and migrate to focal later in the cycle
16:08:13 <gmann> I need to check, i think i have patch for that but id not resume
16:08:19 <lyarwood> yeah you do
16:08:35 <lyarwood> tbh I think it's worth more to kill the standalone job now
16:08:42 <lyarwood> and then migrate to focal later
16:08:42 <gmann> ok, I will look into that. cannot remember the status
16:08:47 <dansmith> lyarwood: that's fine with me
16:08:55 <lyarwood> dansmith: cool
16:09:20 <lyarwood> dansmith: have you looked at using your async approach during the upgrade in grenade btw?
16:09:28 <lyarwood> dansmith: for the db migrations etc
16:09:51 <dansmith> lyarwood: nope not yet, but I could work on that maybe next week and see
16:10:10 <lyarwood> dansmith: cool if not I'd love to help post m3 along with the focal migration stuff
16:10:14 <sean-k-mooney> grenade uses devstack underneat right
16:10:37 <lyarwood> right but the upgrade part isn't part of that AFAIK
16:10:38 <gmann> grenade zuulv3 yes, legacy use d-g
16:10:40 <sean-k-mooney> so if you set the envar it might work maybe a DNM test patch would be worth giving it a try
16:10:42 <dansmith> I too am stretched pretty thin, but this is high payoff work if it helps
16:10:58 <dansmith> sean-k-mooney: well, there's actual grenade things that could be parallelized
16:11:03 <dansmith> which I assume is what he meant
16:11:06 <lyarwood> yup indeed
16:11:12 <sean-k-mooney> ah right
16:11:44 <gibi> moving on
16:11:48 <gibi> #topic Runway status
16:12:00 <gibi> I did a scan of the open bps
16:12:25 <gibi> we have a pretty long list that are close to being merged
16:12:48 <bauzas> we're 3 weeks from FF, right?
16:12:57 <sean-k-mooney> march 11th i think
16:13:02 <sean-k-mooney> so about that
16:13:06 <gibi> yes
16:13:09 <bauzas> https://releases.openstack.org/wallaby/schedule.html
16:13:19 <bauzas> yeah, 3 weeks
16:13:38 <gibi> let me copy some link here if you need some review targets :)
16:13:44 <gibi> #link https://blueprints.launchpad.net/nova/+spec/libvirt-default-machine-type : review ongoing
16:13:46 <sean-k-mooney> and 2 weeks for non-client libs
16:13:50 <gibi> #link https://review.opendev.org/q/topic:bp/routed-networks-scheduling : review ongoing
16:13:56 <gibi> #link https://blueprints.launchpad.net/nova/+spec/libvirt-driver-ip-metadata : had 2 +2 at some point but needs a quick review from sean-k-mooney before we approve
16:14:11 <gibi> #link https://blueprints.launchpad.net/nova/+spec/support-interface-attach-with-qos-ports : the last necessary patch needs a second core
16:14:53 <sean-k-mooney> gibi: ill review that after the meeting
16:15:00 <gibi> sean-k-mooney: thanks
16:15:07 <gibi> also there are things that also close but still need work
16:15:13 <gibi> #link https://blueprints.launchpad.net/nova/+spec/nova-support-webvnc-with-password-anthentication : has multiple negative feedback
16:15:17 <bauzas> gibi: once I'm free from routed networks, you're next
16:15:17 <gibi> #link https://blueprints.launchpad.net/nova/+spec/compact-db-migrations-wallaby : nova_api db patches needs review
16:15:25 <gibi> #link https://blueprints.launchpad.net/nova/+spec/modernize-os-hypervisors-api : the api code landed, the python-novaclient patch and the policy patch needs some work
16:15:32 <gibi> #link https://blueprints.launchpad.net/nova/+spec/allow-disabling-cpu-flags : good progress, but there is an open discussion in the review about a config option
16:15:39 <gibi> #link https://blueprints.launchpad.net/nova/+spec/smarter-usb-devices : discussion seems to be concluded, implementation needs code review
16:15:50 <gibi> bauzas: thanks, I try to get you out of routed net :)
16:16:33 <bauzas> also, that's not a BP but I promised to rework on https://review.opendev.org/c/openstack/nova/+/761452/ and I'd appreciate reviews
16:16:47 <bauzas> unless we merge features that touch the RPC API
16:17:04 <gibi> bauzas: is that patch out of WIP state?
16:17:17 <dansmith> yeah I didn't realize there was stuff to look at on that
16:17:17 <gibi> bauzas: I don't remember seeing a review with RPC bump recently
16:18:18 <bauzas> gibi: this change needs rebase due to the shelve API change from cyborg
16:18:20 <bauzas> 5.13 IIRC
16:18:31 <sean-k-mooney> gibi: https://blueprints.launchpad.net/nova/+spec/port-scoped-sriov-numa-affinity is code complete for the sriov portion and i hope to have teh draft of the numa vswitch part done by the end of the week
16:18:37 <bauzas> and it's WIP because Zuul was mean to me
16:18:56 <dansmith> bauzas: no change from nov 24,
16:19:05 <dansmith> I thought you had other things to fix on that?
16:19:39 <bauzas> dansmith: technically, once I make support for 5.13, it should be ready for reviews
16:19:40 <gibi> sean-k-mooney: ack I will try to look at it
16:19:46 <dansmith> bauzas: okay
16:19:55 <bauzas> dansmith: but I fought weird issues with the jobs
16:19:56 <gibi> bauzas: ok
16:20:16 <bauzas> dansmith: and I can't see why they're failing, hence the WIP
16:20:17 <dansmith> bauzas: okay I thought the gate problem was because you actually broke the api and weren't setting the new version right or something
16:20:19 <artom> I've switched https://blueprints.launchpad.net/nova/+spec/pci-socket-affinity to 'Needs code review' FWIW, since I assume that's why it was not showing up in that list
16:20:20 <dansmith> but must be something else?
16:20:52 <bauzas> dansmith: maybe, a rebase is serisouly needed asap, so we can have time for fixing the problem at time for FF
16:21:13 <dansmith> bauzas: ack, yeah, we should be landing that at or just before M3, so.. time is close
16:21:31 <bauzas> but I was dragged on some PEP484 discussions :p
16:21:40 <gibi> bauzas: :p
16:21:50 <dansmith> *eyeroll*
16:21:58 <gibi> artom: sorry, I missed that now I'm awar that bp also has code to review, thanks
16:22:28 <artom> We've not yet recovered the Gerrit/Lauchpad integration bot, right?
16:22:30 <gibi> (honestly the broken gerrit - launchpad intergration does not help either)
16:22:36 <gibi> artom: right
16:22:37 <artom> There's my answer :P
16:23:05 <gibi> any other feature we need to talk about?
16:23:23 <gmann> #link https://review.opendev.org/q/topic:%22bp%252Fremove-tenant-id%22+(status:open%20OR%20status:merged)
16:23:31 <gmann> I will re-review the remove-tenant-id series, most of nova changes are in good shape. Brian mentioned that one change in simple-tenant-usage API route did not work which I need to debug why.
16:24:06 <gmann> but this is on top of https://review.opendev.org/c/openstack/nova/+/622336/29 for microversion number
16:24:09 <gibi> gmann: yeah I aware of that but the novnc patch before it is blocked with negative review at the moment
16:24:11 <gmann> which need more work
16:24:16 <gmann> yeah
16:24:25 <gmann> so we are still going in same order right?
16:24:40 <gmann> novnc first then remove-tenant-id
16:24:49 <gibi> those patches currently orderd, it can be reordered if needed you need to change the microversions
16:25:04 <gibi> I mean the author need to change the microversion
16:25:11 <gibi> if reordering is needed
16:25:13 <gmann> yeah,
16:25:19 <sean-k-mooney> im hoping we can still complete https://specs.openstack.org/openstack/nova-specs/specs/wallaby/approved/libvirt-vdpa-support.html this cycle too but i have been held up by hardware avaiablity until recently. im hoping to move that along next week. no api chagne with this one however so no conflict with ^
16:25:21 <gmann> let's see how it goes
16:25:29 <gibi> yeah
16:25:46 <gibi> moving on then
16:25:46 <gibi> #topic Release Planning
16:25:51 <gibi> #topic Release Planning
16:26:02 <gibi> as it was mentioned already we have 3 weeks until feature freeze
16:26:10 <gibi> and two weeks until non client lib freeze
16:26:19 <gibi> I think we made an os-vif relese this week
16:26:39 <gibi> is there any outstanding commit for os-vif or os-traits / os-resource-classes?
16:27:26 <gibi> sorry I mixed up
16:27:31 <gibi> we did an os-traits release
16:27:43 <sean-k-mooney> os-vif i dont think so
16:28:06 <gibi> Ok
16:28:47 <gibi> I opened an etherpad for xena ptg #link https://etherpad.opendev.org/p/nova-xena-ptg
16:28:51 <gibi> you can dump your topic there
16:28:57 <gibi> for the ptg
16:29:25 <gibi> any other release releated thing to discuss?
16:30:10 <gibi> then
16:30:11 <gibi> #topic Stable Branches
16:30:15 <gibi> tempest-slow job is fixed -> Rocky gate is OK \o/
16:30:21 <gibi> other stable branches seem OK
16:30:22 <sean-k-mooney> gibi: do we have anythin to do for placment?
16:30:24 <gibi> EOM(elod)
16:30:50 <gibi> sean-k-mooney: release wise? I don't track anything pressing for placement
16:30:57 <gibi> sean-k-mooney: or for ptg wise?
16:30:57 <sean-k-mooney> cool
16:31:03 <sean-k-mooney> release wise
16:31:13 <sean-k-mooney> we mention the libs like os-traits
16:31:25 <sean-k-mooney> just wanted to make sure it was good otherwise. we can move on
16:31:26 <gibi> yeah os-traits are good now I think
16:31:32 <gibi> sean-k-mooney: OK
16:31:40 <gibi> so above you see stable status from elod
16:31:49 <gibi> anything else from stable side to mention?
16:32:58 <gibi> #topic Sub/related team Highlights
16:33:04 <gibi> Libvirt (bauzas)
16:33:23 <bauzas> honestly, haven't looked this time
16:33:38 <bauzas> but I think we're all good
16:34:45 <gibi> ack
16:34:50 <gibi> #topic Open discussion
16:34:56 <gibi> no topic on the agenda
16:35:07 <sean-k-mooney> i wanted to highlihgt http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020580.html
16:35:23 <sean-k-mooney> nova has 2 public security bugs which we shoudl assess
16:35:45 <sean-k-mooney> the second one https://launchpad.net/bugs/1798904
16:35:47 <openstack> Launchpad bug 1798904 in os-vif "tenant isolation is bypassed if port admin-state-up=false" [Critical,Confirmed] - Assigned to sean mooney (sean-k-mooney)
16:36:19 <sean-k-mooney> i think will be covered by a patch that is currenlty under review so i will test that as part of my testing of that patch and cofim i fthe latest comments i lefat are  correct
16:36:29 <sean-k-mooney> the first bug https://bugs.launchpad.net/nova/+bug/1552042
16:36:30 <openstack> Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,In progress] - Assigned to Matt Riedemann (mriedem)
16:36:45 <sean-k-mooney> has an abandonded patch that possibel fixes it https://review.opendev.org/c/openstack/nova/+/324720/
16:37:03 <sean-k-mooney> but its a few years old and im not super famialr with this area
16:37:28 <sean-k-mooney> it would be good if we could re triage that and see if it still exist andif the patch is still valid
16:38:32 <sean-k-mooney> the second bug is related to file injection which is deprecated so as a ptg topic i would like to discuss if we can finally remove that form the api and what that would involve
16:38:55 <bauzas> what says the security team on both ?
16:39:10 <bauzas> they aren't embargoed so I guess those aren't critical
16:39:19 <sean-k-mooney> the embargos expired
16:39:23 <bauzas> do we have workarounds for the flaws ?
16:40:04 <sean-k-mooney> not really
16:40:12 <sean-k-mooney> we have potentally a way to fix both
16:40:12 <bauzas> well, the advisory is incomplete
16:40:31 <bauzas> on both
16:40:43 <sean-k-mooney> right because we did not fully triage them
16:41:19 <sean-k-mooney> in any case the secuity team has a long standing policy which they have relitvly recently started enforcing again
16:41:29 <sean-k-mooney> to not let security bugs sit in the prive state indefintly
16:42:27 <sean-k-mooney> it look like they have gone through the security tracked project and made public any that have long exceeded that embargo period with no recent activity
16:42:34 <bauzas> https://security.openstack.org/vmt-process.html
16:42:34 <gibi> I can try to look at the old file injection fix to see if it make sense
16:42:35 <sean-k-mooney> for nova that is just these two bugs
16:42:53 <bauzas> for people unaware of the process, this guide helps ^
16:43:16 <sean-k-mooney> gibi: i think its just removing a fall back  wehre libguest fs is not avaiable
16:43:41 <gibi> yeah, and we assume libguestfs is safe while the fallback is the real problem
16:43:48 <sean-k-mooney> yes
16:44:01 <bauzas> sean-k-mooney: gibi: my take is that given the VMT fully reviewed the impacts and the embargo expired on both, then we just need to treat them as usual bugs
16:44:08 <sean-k-mooney> that is my breif understanding but i have only looked at this for 30mins
16:44:22 <bauzas> sean-k-mooney: gibi: but we can debate on the priority
16:44:46 <sean-k-mooney> bauzas: yes they are now normal bugs but i think we shoudl try to fix them this cycle
16:45:39 <gibi> bauzas: yeah, I'm fine treating them as normal bugs
16:45:44 <sean-k-mooney> the port one i have been trying to fix since 2017 i would really like to get that off my plate
16:46:02 <bauzas> sean-k-mooney: do you have time on owning them ?
16:46:21 <bauzas> https://bugs.launchpad.net/nova/+bug/1552042 is assigned to mriedem, so... :)
16:46:23 <openstack> Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,In progress] - Assigned to Matt Riedemann (mriedem)
16:46:36 <sean-k-mooney> i can proably own the other one
16:46:55 <bauzas> well, if you have time on it, I can offer reviews
16:46:56 <sean-k-mooney> we can discuss this outside the meeting if we want
16:47:43 <gibi> I can own the injection one
16:47:59 <gibi> OK, anything else for today?
16:50:01 <gibi> if not then
16:50:07 <gibi> thank you for joining
16:50:13 <gibi> see you around
16:50:14 <bauzas> gibi++
16:50:17 <gibi> #endmeeting