16:00:15 #startmeeting nova 16:00:16 Meeting started Thu Feb 18 16:00:15 2021 UTC and is due to finish in 60 minutes. The chair is gibi. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:17 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:19 The meeting name has been set to 'nova' 16:00:31 o/ 16:00:33 o\ 16:00:34 ~o~ 16:00:51 o/ 16:00:53 Wait, I want to be Adam Driver from Star Wars 16:00:54 +o+ 16:01:04 o/ 16:01:12 o/ 16:01:59 #topic Bugs (stuck/critical) 16:02:03 no critical bug 16:02:07 #link 12 new untriaged bugs (-1 since the last meeting): #link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New 16:02:15 Is there any specific bug we need to discussi? 16:03:20 \o 16:03:27 o/ 16:03:53 o/ 16:04:25 if no specific bug then 16:04:26 #topic Gate status 16:04:45 I don't track any high visibility gate failure so I think the gate is fine :) 16:05:00 tell me if not : 16:05:06 nothing specific to nova that I know of, 16:05:10 but perf hasn't been great 16:05:16 I'm still pushing on some things 16:05:29 did we merge that patch to convert two jobs to parallel? I don't think we did 16:05:37 we did 16:05:47 no issues thus far AFAICT 16:05:51 oh nice 16:05:53 oh cool 16:05:56 https://review.opendev.org/c/openstack/nova/+/775293 16:06:18 yeah 16:06:22 lyarwood: any update on the cirros image rebuild? 16:06:38 dansmith: btw, did you want to push ahead with the standalone grenade job removal ahead of the actual migration of grenade to zuulv3? 16:06:59 lyarwood: well, I was deferring to you on that... I thought you wanted to wait 16:07:06 just being not on focal doesn't seem like a huge deal to me, 16:07:11 but if it is, then ... that's fine 16:07:17 sean-k-mooney: only that the fix for q35 landed but the cirros team don't see a release coming soon, going to send a mail later about hosting a dev build somewhere for us to use 16:07:29 yeah may be waiting for migration nova grenade to zuulv3 is better 16:07:43 well that assumes that someone is working on it 16:07:43 dansmith: it is not focal. all legacy are on bionic 16:07:49 gmann: I know 16:07:50 I've not got the bandwidth at the moment 16:08:00 so we either put it off and continue to consume resources 16:08:04 lyarwood: ok yes i see https://github.com/cirros-dev/cirros/issues/64 is closed thanks. 16:08:13 or switch to just multinode now and migrate to focal later in the cycle 16:08:13 I need to check, i think i have patch for that but id not resume 16:08:19 yeah you do 16:08:35 tbh I think it's worth more to kill the standalone job now 16:08:42 and then migrate to focal later 16:08:42 ok, I will look into that. cannot remember the status 16:08:47 lyarwood: that's fine with me 16:08:55 dansmith: cool 16:09:20 dansmith: have you looked at using your async approach during the upgrade in grenade btw? 16:09:28 dansmith: for the db migrations etc 16:09:51 lyarwood: nope not yet, but I could work on that maybe next week and see 16:10:10 dansmith: cool if not I'd love to help post m3 along with the focal migration stuff 16:10:14 grenade uses devstack underneat right 16:10:37 right but the upgrade part isn't part of that AFAIK 16:10:38 grenade zuulv3 yes, legacy use d-g 16:10:40 so if you set the envar it might work maybe a DNM test patch would be worth giving it a try 16:10:42 I too am stretched pretty thin, but this is high payoff work if it helps 16:10:58 sean-k-mooney: well, there's actual grenade things that could be parallelized 16:11:03 which I assume is what he meant 16:11:06 yup indeed 16:11:12 ah right 16:11:44 moving on 16:11:48 #topic Runway status 16:12:00 I did a scan of the open bps 16:12:25 we have a pretty long list that are close to being merged 16:12:48 we're 3 weeks from FF, right? 16:12:57 march 11th i think 16:13:02 so about that 16:13:06 yes 16:13:09 https://releases.openstack.org/wallaby/schedule.html 16:13:19 yeah, 3 weeks 16:13:38 let me copy some link here if you need some review targets :) 16:13:44 #link https://blueprints.launchpad.net/nova/+spec/libvirt-default-machine-type : review ongoing 16:13:46 and 2 weeks for non-client libs 16:13:50 #link https://review.opendev.org/q/topic:bp/routed-networks-scheduling : review ongoing 16:13:56 #link https://blueprints.launchpad.net/nova/+spec/libvirt-driver-ip-metadata : had 2 +2 at some point but needs a quick review from sean-k-mooney before we approve 16:14:11 #link https://blueprints.launchpad.net/nova/+spec/support-interface-attach-with-qos-ports : the last necessary patch needs a second core 16:14:53 gibi: ill review that after the meeting 16:15:00 sean-k-mooney: thanks 16:15:07 also there are things that also close but still need work 16:15:13 #link https://blueprints.launchpad.net/nova/+spec/nova-support-webvnc-with-password-anthentication : has multiple negative feedback 16:15:17 gibi: once I'm free from routed networks, you're next 16:15:17 #link https://blueprints.launchpad.net/nova/+spec/compact-db-migrations-wallaby : nova_api db patches needs review 16:15:25 #link https://blueprints.launchpad.net/nova/+spec/modernize-os-hypervisors-api : the api code landed, the python-novaclient patch and the policy patch needs some work 16:15:32 #link https://blueprints.launchpad.net/nova/+spec/allow-disabling-cpu-flags : good progress, but there is an open discussion in the review about a config option 16:15:39 #link https://blueprints.launchpad.net/nova/+spec/smarter-usb-devices : discussion seems to be concluded, implementation needs code review 16:15:50 bauzas: thanks, I try to get you out of routed net :) 16:16:33 also, that's not a BP but I promised to rework on https://review.opendev.org/c/openstack/nova/+/761452/ and I'd appreciate reviews 16:16:47 unless we merge features that touch the RPC API 16:17:04 bauzas: is that patch out of WIP state? 16:17:17 yeah I didn't realize there was stuff to look at on that 16:17:17 bauzas: I don't remember seeing a review with RPC bump recently 16:18:18 gibi: this change needs rebase due to the shelve API change from cyborg 16:18:20 5.13 IIRC 16:18:31 gibi: https://blueprints.launchpad.net/nova/+spec/port-scoped-sriov-numa-affinity is code complete for the sriov portion and i hope to have teh draft of the numa vswitch part done by the end of the week 16:18:37 and it's WIP because Zuul was mean to me 16:18:56 bauzas: no change from nov 24, 16:19:05 I thought you had other things to fix on that? 16:19:39 dansmith: technically, once I make support for 5.13, it should be ready for reviews 16:19:40 sean-k-mooney: ack I will try to look at it 16:19:46 bauzas: okay 16:19:55 dansmith: but I fought weird issues with the jobs 16:19:56 bauzas: ok 16:20:16 dansmith: and I can't see why they're failing, hence the WIP 16:20:17 bauzas: okay I thought the gate problem was because you actually broke the api and weren't setting the new version right or something 16:20:19 I've switched https://blueprints.launchpad.net/nova/+spec/pci-socket-affinity to 'Needs code review' FWIW, since I assume that's why it was not showing up in that list 16:20:20 but must be something else? 16:20:52 dansmith: maybe, a rebase is serisouly needed asap, so we can have time for fixing the problem at time for FF 16:21:13 bauzas: ack, yeah, we should be landing that at or just before M3, so.. time is close 16:21:31 but I was dragged on some PEP484 discussions :p 16:21:40 bauzas: :p 16:21:50 *eyeroll* 16:21:58 artom: sorry, I missed that now I'm awar that bp also has code to review, thanks 16:22:28 We've not yet recovered the Gerrit/Lauchpad integration bot, right? 16:22:30 (honestly the broken gerrit - launchpad intergration does not help either) 16:22:36 artom: right 16:22:37 There's my answer :P 16:23:05 any other feature we need to talk about? 16:23:23 #link https://review.opendev.org/q/topic:%22bp%252Fremove-tenant-id%22+(status:open%20OR%20status:merged) 16:23:31 I will re-review the remove-tenant-id series, most of nova changes are in good shape. Brian mentioned that one change in simple-tenant-usage API route did not work which I need to debug why. 16:24:06 but this is on top of https://review.opendev.org/c/openstack/nova/+/622336/29 for microversion number 16:24:09 gmann: yeah I aware of that but the novnc patch before it is blocked with negative review at the moment 16:24:11 which need more work 16:24:16 yeah 16:24:25 so we are still going in same order right? 16:24:40 novnc first then remove-tenant-id 16:24:49 those patches currently orderd, it can be reordered if needed you need to change the microversions 16:25:04 I mean the author need to change the microversion 16:25:11 if reordering is needed 16:25:13 yeah, 16:25:19 im hoping we can still complete https://specs.openstack.org/openstack/nova-specs/specs/wallaby/approved/libvirt-vdpa-support.html this cycle too but i have been held up by hardware avaiablity until recently. im hoping to move that along next week. no api chagne with this one however so no conflict with ^ 16:25:21 let's see how it goes 16:25:29 yeah 16:25:46 moving on then 16:25:46 #topic Release Planning 16:25:51 #topic Release Planning 16:26:02 as it was mentioned already we have 3 weeks until feature freeze 16:26:10 and two weeks until non client lib freeze 16:26:19 I think we made an os-vif relese this week 16:26:39 is there any outstanding commit for os-vif or os-traits / os-resource-classes? 16:27:26 sorry I mixed up 16:27:31 we did an os-traits release 16:27:43 os-vif i dont think so 16:28:06 Ok 16:28:47 I opened an etherpad for xena ptg #link https://etherpad.opendev.org/p/nova-xena-ptg 16:28:51 you can dump your topic there 16:28:57 for the ptg 16:29:25 any other release releated thing to discuss? 16:30:10 then 16:30:11 #topic Stable Branches 16:30:15 tempest-slow job is fixed -> Rocky gate is OK \o/ 16:30:21 other stable branches seem OK 16:30:22 gibi: do we have anythin to do for placment? 16:30:24 EOM(elod) 16:30:50 sean-k-mooney: release wise? I don't track anything pressing for placement 16:30:57 sean-k-mooney: or for ptg wise? 16:30:57 cool 16:31:03 release wise 16:31:13 we mention the libs like os-traits 16:31:25 just wanted to make sure it was good otherwise. we can move on 16:31:26 yeah os-traits are good now I think 16:31:32 sean-k-mooney: OK 16:31:40 so above you see stable status from elod 16:31:49 anything else from stable side to mention? 16:32:58 #topic Sub/related team Highlights 16:33:04 Libvirt (bauzas) 16:33:23 honestly, haven't looked this time 16:33:38 but I think we're all good 16:34:45 ack 16:34:50 #topic Open discussion 16:34:56 no topic on the agenda 16:35:07 i wanted to highlihgt http://lists.openstack.org/pipermail/openstack-discuss/2021-February/020580.html 16:35:23 nova has 2 public security bugs which we shoudl assess 16:35:45 the second one https://launchpad.net/bugs/1798904 16:35:47 Launchpad bug 1798904 in os-vif "tenant isolation is bypassed if port admin-state-up=false" [Critical,Confirmed] - Assigned to sean mooney (sean-k-mooney) 16:36:19 i think will be covered by a patch that is currenlty under review so i will test that as part of my testing of that patch and cofim i fthe latest comments i lefat are correct 16:36:29 the first bug https://bugs.launchpad.net/nova/+bug/1552042 16:36:30 Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,In progress] - Assigned to Matt Riedemann (mriedem) 16:36:45 has an abandonded patch that possibel fixes it https://review.opendev.org/c/openstack/nova/+/324720/ 16:37:03 but its a few years old and im not super famialr with this area 16:37:28 it would be good if we could re triage that and see if it still exist andif the patch is still valid 16:38:32 the second bug is related to file injection which is deprecated so as a ptg topic i would like to discuss if we can finally remove that form the api and what that would involve 16:38:55 what says the security team on both ? 16:39:10 they aren't embargoed so I guess those aren't critical 16:39:19 the embargos expired 16:39:23 do we have workarounds for the flaws ? 16:40:04 not really 16:40:12 we have potentally a way to fix both 16:40:12 well, the advisory is incomplete 16:40:31 on both 16:40:43 right because we did not fully triage them 16:41:19 in any case the secuity team has a long standing policy which they have relitvly recently started enforcing again 16:41:29 to not let security bugs sit in the prive state indefintly 16:42:27 it look like they have gone through the security tracked project and made public any that have long exceeded that embargo period with no recent activity 16:42:34 https://security.openstack.org/vmt-process.html 16:42:34 I can try to look at the old file injection fix to see if it make sense 16:42:35 for nova that is just these two bugs 16:42:53 for people unaware of the process, this guide helps ^ 16:43:16 gibi: i think its just removing a fall back wehre libguest fs is not avaiable 16:43:41 yeah, and we assume libguestfs is safe while the fallback is the real problem 16:43:48 yes 16:44:01 sean-k-mooney: gibi: my take is that given the VMT fully reviewed the impacts and the embargo expired on both, then we just need to treat them as usual bugs 16:44:08 that is my breif understanding but i have only looked at this for 30mins 16:44:22 sean-k-mooney: gibi: but we can debate on the priority 16:44:46 bauzas: yes they are now normal bugs but i think we shoudl try to fix them this cycle 16:45:39 bauzas: yeah, I'm fine treating them as normal bugs 16:45:44 the port one i have been trying to fix since 2017 i would really like to get that off my plate 16:46:02 sean-k-mooney: do you have time on owning them ? 16:46:21 https://bugs.launchpad.net/nova/+bug/1552042 is assigned to mriedem, so... :) 16:46:23 Launchpad bug 1552042 in OpenStack Compute (nova) "Host data corruption through nova inject_key feature" [Medium,In progress] - Assigned to Matt Riedemann (mriedem) 16:46:36 i can proably own the other one 16:46:55 well, if you have time on it, I can offer reviews 16:46:56 we can discuss this outside the meeting if we want 16:47:43 I can own the injection one 16:47:59 OK, anything else for today? 16:50:01 if not then 16:50:07 thank you for joining 16:50:13 see you around 16:50:14 gibi++ 16:50:17 #endmeeting