#openstack-nova log

16:00:20 <bauzas> #startmeeting nova
16:00:20 <opendevmeet> Meeting started Tue Oct  5 16:00:20 2021 UTC and is due to finish in 60 minutes.  The chair is bauzas. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:20 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:20 <opendevmeet> The meeting name has been set to 'nova'
16:00:30 <bauzas> howdy folks
16:00:39 <dansmith> o/
16:00:40 <elodilles> o/
16:00:59 <gibi> o/
16:01:04 <bauzas> #link https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting
16:01:22 <bauzas> should hopefully be quickier than last week
16:01:50 <bauzas> let's start, people will come along
16:01:58 <bauzas> #topic Bugs (stuck/critical)
16:02:06 <bauzas> One Critical bug
16:02:19 <bauzas> #link https://bugs.launchpad.net/nova/+bug/1945983
16:02:46 <bauzas> that said, it's triaged incomplete for us and I think the root cause is on devstack
16:02:57 <sean-k-mooney> o/
16:03:04 <bauzas> I voted on lyarwood's change, we're waiting for devstack cores to look at it
16:03:25 <sean-k-mooney> ah the iscsi issue
16:03:28 <bauzas> correct
16:03:39 <gibi> so we can get back the live migration coverage
16:03:51 <bauzas> yup, that's what I was about to say
16:03:58 <bauzas> there is a Depends-On this change
16:04:07 <bauzas> for enabling again the job
16:04:09 <bauzas> #link https://review.opendev.org/c/openstack/devstack/+/812391
16:04:15 <bauzas> #link https://review.opendev.org/c/openstack/nova/+/812392
16:04:49 <bauzas> I'm gonna approve the nova change
16:05:08 <bauzas> but we need the devstack change first
16:05:23 <bauzas> any questions about this one ? I think most of us covered this one
16:05:45 <sean-k-mooney> i think it has a bug
16:05:51 <sean-k-mooney> i dont see where iscsi-iname is set
16:06:07 <sean-k-mooney> unless that is a command?
16:06:23 <sean-k-mooney> ah
16:06:24 <bauzas> I expect this to be a command
16:06:25 <sean-k-mooney> it is
16:06:27 <sean-k-mooney> https://linux.die.net/man/8/iscsi-iname
16:06:31 <sean-k-mooney> ok then it looks fine
16:06:32 <bauzas> I verified our docs
16:06:39 <bauzas> and it generates the FQDN and the port
16:06:46 <sean-k-mooney> yep
16:06:49 <bauzas> something like example.org:8008
16:07:03 <bauzas> ok, moving on then
16:07:37 <bauzas> #link 13 new untriaged bugs (+0 since the last meeting): #link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New
16:07:42 <bauzas> we did a few triage
16:07:48 <bauzas> thanks to the ones who did that
16:08:07 <bauzas> we still have a backlog and I'll try to see how to reduce it
16:08:27 <bauzas> more to discuss next week if I can't
16:08:34 <bauzas> No open bug marked with xena-rc-potential tag #link https://bugs.launchpad.net/nova/+bugs?field.tag=xena-rc-potential
16:08:44 <bauzas> actually this one is no longer needed, we're past RC
16:08:55 <bauzas> #topic Gate status
16:09:00 <bauzas> Nova gate bugs #link https://bugs.launchpad.net/nova/+bugs?field.tag=gate-failure
16:09:22 <bauzas> as we discussed, we're going to enable the live-migration job back
16:09:28 <bauzas> congrats to lyarwood for his effort
16:09:34 <bauzas> Placement periodic job status #link https://zuul.openstack.org/builds?project=openstack%2Fplacement&pipeline=periodic-weekly
16:09:52 <bauzas> placement periodic jobs look fine, nothing to say
16:10:12 <bauzas> any other point to address about the gate status ?
16:10:30 <bauzas> most of the wonky issues we had last week were fixed (thanks gmann for tracking it, btw.)
16:11:14 <bauzas> nothing ? okay, let's continue
16:11:18 <bauzas> #topic Release Planning
16:11:34 <bauzas> Release tracking etherpad #link https://etherpad.opendev.org/p/nova-xena-rc-potential
16:11:42 <bauzas> Final release candidates for both Nova and Placement are RC2
16:11:49 <bauzas> The new Xena OpenStack release will be on Wednesday (based on our RC2s)
16:12:05 <bauzas> (or maybe Thursday, I'm unsure about the exact date)
16:12:29 <bauzas> anything to mention about Xena ?
16:12:40 <sean-k-mooney> ack is the review to the release repo proposed yet
16:12:53 <bauzas> we'll do a retrospective at the PTG
16:13:09 <bauzas> sean-k-mooney: you mean the final tags ?
16:13:16 <gibi> https://review.opendev.org/c/openstack/releases/+/812251
16:13:37 <bauzas> thanks gibi
16:13:54 <sean-k-mooney> yes
16:13:58 <bauzas> I'll look at it tonight
16:14:59 <bauzas> #topic Review priorities
16:15:10 <bauzas> #link  https://review.opendev.org/q/status:open+(project:openstack/nova+OR+project:openstack/placement)+label:Review-Priority%252B1
16:15:24 <bauzas> I made a few runs over some
16:15:31 <bauzas> I'll continue this week
16:15:53 <bauzas> if people have changes they'd like to get reviews, ping me
16:17:02 <bauzas> ok, I assume no asks
16:17:07 <bauzas> #topic PTG Planning
16:17:12 <bauzas> every info is in the PTG etherpad #link https://etherpad.opendev.org/p/nova-yoga-ptg
16:17:23 <bauzas> I started to look at it
16:17:50 <bauzas> for the moment, I haven't moved the topics to group themselves by common interest, we only have a few of them
16:18:26 <bauzas> in the last week, I'll shuffle them if needed
16:18:47 <bauzas> nothing more boring than a placement-then-something-else-then-placement session :)
16:19:07 <gibi> bauzas: will there be TC - PTL meeting during the PTG?
16:19:12 <bauzas> I guess americans would appreciate to wake up later if placement was grouped early in the morning their time :)
16:19:29 <bauzas> gibi: excellent question, haven't heard yet
16:19:49 <gibi> hm If my memory serves we had such last time but I might be mistake
16:19:50 <gibi> n
16:19:53 <bauzas> I even don't know if the TC came up with an agenda
16:20:14 <bauzas> dansmith: do you know if there will be some session like it ?
16:20:29 <dansmith> um,
16:20:34 <bauzas> maybe about the next upstream priorities ?
16:20:39 <dansmith> there's a ptl interaction session
16:20:54 <dansmith> there's a goals session
16:21:09 <dansmith> I don't think there's a clear schedule yet, but the days (mon, thu, fri) are defined
16:21:14 <dansmith> https://etherpad.opendev.org/p/tc-yoga-ptg
16:21:15 <bauzas> ok, I need to do homework then and look at them
16:21:20 <bauzas> dansmith: thanks
16:21:25 <gibi> thanks
16:21:29 <bauzas> I also need to look at the goals candidates
16:21:38 <bauzas> (if we have some of them already)
16:22:03 <dansmith> rbac, I think, at least
16:22:07 <dansmith> should be uncontentious
16:22:12 <dansmith> but the session doesn't mention specific
16:22:15 <dansmith> *specifics
16:22:46 <bauzas> I'd appreciate if we could exactly define the needed efforts for rbac into our project
16:22:57 <bauzas> but I'll take a look
16:23:19 <bauzas> one thing I wanted to stress on,
16:23:22 <bauzas> we're missing at the moment cinder, neutron and keystone cross-project discussions
16:23:22 <sean-k-mooney> i think most of the rbac effrort will be with interacting with other project
16:23:27 <artom> I thought we were done with rbac?
16:23:42 <sean-k-mooney> e.g. making sure we can call neutron with system scopted tokens
16:23:43 <dansmith> artom: we're done getting ready for rbac :)
16:23:53 <bauzas> artom: sean-k-mooney: maybe, that's why I want to exactly know the key objectives for this proposed goal
16:24:27 <artom> dansmith, right, I meant Nova is read, other projects aren't yet, hence the custom policy "workaround" that's currently up for review
16:24:29 <artom> *ready
16:24:43 <dansmith> artom: ready, but not completed, AIUI
16:24:46 <bauzas> me too
16:24:48 <sean-k-mooney> nova can be called with the secure rbac
16:25:02 <sean-k-mooney> that does not mean it can call other project properly with it
16:25:08 <sean-k-mooney> or that they can call nova with it
16:25:22 <dansmith> can you manage aggregates with a non-project-scoped admin token?
16:25:38 <bauzas> we need at least some CI job running
16:25:38 <sean-k-mooney> proably not
16:25:50 <dansmith> and my next question was, if so, is it tested? :)
16:25:50 <bauzas> to identify the potential gaps
16:25:52 <sean-k-mooney> bauzas: yes that is part of the scope of the goal
16:25:56 <gibi> also we have the specify-target-host-with-project-admin issue open
16:26:15 <sean-k-mooney> so likely we have work to do
16:26:17 <dansmith> gibi: yeah, so beyond "meh, it probably works" I expect there are lots of corner cases like that
16:26:22 <bauzas> gibi: correct, hence my "we need to understand the goal's objectives"
16:26:23 <gibi> exactly
16:26:35 <dansmith> hence, I said "done getting ready" :)
16:26:39 <gibi> :)
16:26:41 <bauzas> lol
16:26:53 <bauzas> ok, I think we're done with that for now :)
16:26:54 <gibi> we are ready to do the _real_ work :D
16:26:56 <sean-k-mooney> we can discuss more at the ptg but i think it would be nice if we aimed to have a RBAC job running by m1
16:27:12 <sean-k-mooney> to give use time to fix the issue it will find
16:27:28 <artom> Can we do a nova-only job for that?
16:27:35 <artom> I keep hearing it's "all or nothing"
16:27:36 <gibi> sean-k-mooney: I'm not even sure tempest is ready to add RBAC testing
16:27:46 <dansmith> gibi: I think it is
16:27:48 <sean-k-mooney> lance has been working on some limited testing
16:27:54 <gibi> ahh OK
16:27:54 <artom> Actually, do we even need tempest?
16:27:55 <sean-k-mooney> with tempest
16:28:00 <sean-k-mooney> artom: yes we do
16:28:02 <dansmith> gibi: glance is testing it with its tempest plugin
16:28:03 <artom> Smells like something we can do in functional tests, no?
16:28:09 <dansmith> but it's much easier to test glance in isolation than nova
16:28:09 <sean-k-mooney> artom: no
16:28:13 <gibi> dansmith: cool, so we have an example
16:28:17 <sean-k-mooney> we need to test interservice interaction
16:28:18 <dansmith> definitely need tempest, IMHO
16:28:26 <bauzas> oh yes
16:28:28 <dansmith> functional will definitely not cut it
16:28:30 <sean-k-mooney> lances intiall testing show we cant boot with a neutron port
16:28:37 <bauzas> can't see how we could achieve this without tempest
16:28:49 <sean-k-mooney> because neturon as configured by devstack at lest currently cant send the network plugged event correctly
16:29:01 <dansmith> sean-k-mooney: is that their fault or ours?
16:29:03 <sean-k-mooney> so we definetly need to do tempeest integration testing
16:29:14 <dansmith> seems like it's likely ours
16:29:15 <bauzas> we need a job
16:29:19 <sean-k-mooney> dansmith: not sure yet proably a mix of devstack config and our policy
16:29:32 <dansmith> or maybe a combo I guess. if they use a system-scoped token but need to augment with project maybe
16:29:34 <dansmith> sean-k-mooney: ack
16:29:48 <bauzas> and first and foremost, we need people working on it, if so :)
16:29:52 <sean-k-mooney> i think it enabeld the new policy on our side but did not create the nova user with the right scope and neutron config
16:30:27 <dansmith> sean-k-mooney: honestly, I probably need to think on how that event interface should work
16:30:27 <sean-k-mooney> so we enforced scope but the token neutron used did not have system scope but was an admin token
16:30:40 <dansmith> like maybe a system-scoped token that looks up any instance on the system is okay
16:31:02 <dansmith> I would normally think that should be project-scoped, because instances are project-scoped and events are tied to instances
16:31:11 <dansmith> but it's intended to mostly be used by other services, so .. I dunno
16:31:22 <sean-k-mooney> i think it should be system scope
16:31:27 <bauzas> do we have sort of guidance from the keystone team about those events ?
16:31:33 <sean-k-mooney> becasue as you said this is for service to service interaction
16:31:38 <sean-k-mooney> but ya its tricky
16:31:39 <bauzas> or is it us just picking what we want ?
16:31:48 <dansmith> sean-k-mooney: but it's not something you can ever do without a project-scoped resource ...
16:31:56 <dansmith> bauzas: we should probably consult a bit
16:32:10 <sean-k-mooney> dansmith: yep which is why its tricky
16:32:20 <dansmith> this is kinda my problem with system scope, is that it actually doesn't apply to a lot of stuff, because almost everything is a project-scoped resource
16:32:21 <artom> Can ports ever be system-scope?
16:32:35 <artom> Instances are obviously project-scope, but Neutron external events have to do with ports as well
16:32:38 <sean-k-mooney> im a little relucted to say that api should be project-admin however
16:32:39 <bauzas> if that becomes a goal, we need some owner of this goal, just sayin' :)
16:32:43 <dansmith> aggregates are the one example of a system-scoped resource I use a lot
16:32:49 <artom> Is there some funky network topology that can have system-scoped ports?
16:32:56 <dansmith> sean-k-mooney: that's another thing, definitely doesn't need admin
16:32:57 <sean-k-mooney> dansmith: it proably shoudl be system-admin with project-ide set
16:33:13 <dansmith> sean-k-mooney: that's project-scoped, AFAIK
16:33:20 <dansmith> events don
16:33:24 <dansmith> don't need to be admin either
16:33:33 <sean-k-mooney> the event api is admin only
16:33:48 <dansmith> they don't need to be, and I don't think they initially were
16:33:49 <sean-k-mooney> since enduser including operators are not ment to call it
16:34:01 <dansmith> but admin != scope
16:34:03 <dansmith> anyway
16:34:07 <dansmith> clearly needs some discussion and thinking
16:34:10 <sean-k-mooney> we could make it system member
16:34:17 <sean-k-mooney> so yes
16:34:25 <sean-k-mooney> we could drop admin but ya
16:34:29 <bauzas> could we now put our thoughts into https://etherpad.opendev.org/p/nova-yoga-ptg L204 and move to other things ?
16:34:31 <sean-k-mooney> lets defer for now
16:34:49 <sean-k-mooney> am sure but we might want a sperate etherpad
16:35:00 <sean-k-mooney> linked form there to go though this in more detail
16:35:01 <bauzas> sean-k-mooney: feel free to link to it
16:35:09 <bauzas> also, this ties to my other point
16:35:28 <bauzas> for the moment, we don't have cinder, neutron and keystone cross project sessions at the PTG
16:35:52 <bauzas> I'd recommend us to engage some talks with the keystone team so we could wrap some stuff about RBAC during the PTG :)
16:35:54 <bauzas> just sayin'
16:35:58 <sean-k-mooney> if we had a neutorn one i have one potential topic
16:36:11 <sean-k-mooney> https://etherpad.opendev.org/p/ovn_live_migration
16:36:17 <bauzas> ok, so, I guess I can ask the neutron folks and the keystone folks at least
16:36:23 <bauzas> for timeslots
16:36:55 <gibi> I don't have any neutron topic at the momement
16:36:56 <bauzas> lyarwood or others, do people feel wanting to discuss some cinder topics ?
16:37:21 <artom> I believe he dropped off early today, might want to check with him async
16:37:25 <sean-k-mooney> i think lee had one topic but lee wont be able to attend the PTG
16:37:26 <bauzas> gibi: I'll ask the neutron team if they have nova-specific concerns too
16:37:45 <bauzas> I know lyarwood wants to address the Manila thing
16:37:46 <gibi> sure
16:37:49 <sean-k-mooney> Removing os-volume proxy API during Yoga
16:37:59 <sean-k-mooney> that was the one that i tought lee might bring up
16:38:10 <bauzas> but here, the question is, do we need the Cinder team for discussing those topics ?
16:38:14 <artom> That doesn't really affect Cinder, does it?
16:38:24 <bauzas> artom: that's my question
16:38:37 <bauzas> do we have topics to discuss that engage the cinder team ?
16:38:44 <bauzas> I can leave this for next week
16:39:00 <sean-k-mooney> the manila thing beign supprot for virtio-fs
16:39:18 <sean-k-mooney> if so then no there is no interation nwith cinder in that case
16:39:44 <bauzas> for the keystone x-p session, do you think it would be nice for us getting the whole crew or only publicize our discussions about Secure RBAC so people like lance would join ?
16:40:52 <sean-k-mooney> assuming unified limits work will continue we might want to discuss that too but im not sure if there is anything left on the keystone side
16:41:18 <sean-k-mooney> dansmith: you wanted some changes to the lib interface i think but not sure if that needs to be covered at the ptg
16:41:34 <dansmith> no, I don't think soi
16:41:50 <dansmith> I also think that the issues have been resolved with some of my recent changes to oslo.limit,
16:41:53 <dansmith> but I need to circle back
16:42:00 <dansmith> regardless, nothing needing lots of discussion I don't think
16:42:11 <bauzas> yeah
16:42:22 <bauzas> so this is rbac only
16:42:39 <bauzas> we'll figure that out
16:42:50 <bauzas> moving on
16:42:53 <bauzas> #topic Stable Branches
16:42:59 <bauzas> Nova Wallaby 23.1.0 release is proposed #link https://review.opendev.org/c/openstack/releases/+/809000
16:43:05 <bauzas> Nova Victoria 22.3.0 release is proposed #link https://review.opendev.org/c/openstack/releases/+/812291
16:43:11 <bauzas> Nova Ussuri 21.2.3 release is proposed #link https://review.opendev.org/c/openstack/releases/+/812292
16:43:17 <bauzas> elodilles: other things to mention ?
16:43:31 <elodilles> i'll ping release folks to review those tomorrow
16:43:49 <bauzas> cool
16:43:50 <elodilles> and maybe we could merge this: https://review.opendev.org/c/openstack/nova/+/810461
16:44:02 <bauzas> oh
16:44:16 <elodilles> as far as i remember we agreed to accept this
16:44:21 <bauzas> yup
16:44:31 <elodilles> and I can backport it to older branches then
16:44:44 <elodilles> and unblcok train-stein-rocky-queens-pike :)
16:44:44 <bauzas> I guess you revisioned it because of the pin version ?
16:45:09 <elodilles> tox min version needed a bump as stephenfin marked
16:45:10 <bauzas> yeah, that
16:45:16 <bauzas> ok, I'll +2 it
16:45:22 <elodilles> thanks \o/
16:45:30 <elodilles> that's it i think
16:45:35 <bauzas> cool
16:45:43 <bauzas> #topic Sub/related team Highlights
16:45:47 <bauzas> Libvirt (lyarwood)
16:45:50 <bauzas> well, he's off
16:46:06 <bauzas> but I haven't heard anything specifc
16:46:14 <bauzas> moving on
16:46:18 <bauzas> #topic Open discussion
16:46:35 <bauzas> nothing in the agenda, floor is yours
16:47:26 <gibi> it was a productive meeting
16:48:03 <bauzas> I can't promise this everyweek
16:48:07 <bauzas> #endmeeting