16:00:20 #startmeeting nova 16:00:20 Meeting started Tue Oct 5 16:00:20 2021 UTC and is due to finish in 60 minutes. The chair is bauzas. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:20 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:20 The meeting name has been set to 'nova' 16:00:30 howdy folks 16:00:39 o/ 16:00:40 o/ 16:00:59 o/ 16:01:04 #link https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting 16:01:22 should hopefully be quickier than last week 16:01:50 let's start, people will come along 16:01:58 #topic Bugs (stuck/critical) 16:02:06 One Critical bug 16:02:19 #link https://bugs.launchpad.net/nova/+bug/1945983 16:02:46 that said, it's triaged incomplete for us and I think the root cause is on devstack 16:02:57 o/ 16:03:04 I voted on lyarwood's change, we're waiting for devstack cores to look at it 16:03:25 ah the iscsi issue 16:03:28 correct 16:03:39 so we can get back the live migration coverage 16:03:51 yup, that's what I was about to say 16:03:58 there is a Depends-On this change 16:04:07 for enabling again the job 16:04:09 #link https://review.opendev.org/c/openstack/devstack/+/812391 16:04:15 #link https://review.opendev.org/c/openstack/nova/+/812392 16:04:49 I'm gonna approve the nova change 16:05:08 but we need the devstack change first 16:05:23 any questions about this one ? I think most of us covered this one 16:05:45 i think it has a bug 16:05:51 i dont see where iscsi-iname is set 16:06:07 unless that is a command? 16:06:23 ah 16:06:24 I expect this to be a command 16:06:25 it is 16:06:27 https://linux.die.net/man/8/iscsi-iname 16:06:31 ok then it looks fine 16:06:32 I verified our docs 16:06:39 and it generates the FQDN and the port 16:06:46 yep 16:06:49 something like example.org:8008 16:07:03 ok, moving on then 16:07:37 #link 13 new untriaged bugs (+0 since the last meeting): #link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New 16:07:42 we did a few triage 16:07:48 thanks to the ones who did that 16:08:07 we still have a backlog and I'll try to see how to reduce it 16:08:27 more to discuss next week if I can't 16:08:34 No open bug marked with xena-rc-potential tag #link https://bugs.launchpad.net/nova/+bugs?field.tag=xena-rc-potential 16:08:44 actually this one is no longer needed, we're past RC 16:08:55 #topic Gate status 16:09:00 Nova gate bugs #link https://bugs.launchpad.net/nova/+bugs?field.tag=gate-failure 16:09:22 as we discussed, we're going to enable the live-migration job back 16:09:28 congrats to lyarwood for his effort 16:09:34 Placement periodic job status #link https://zuul.openstack.org/builds?project=openstack%2Fplacement&pipeline=periodic-weekly 16:09:52 placement periodic jobs look fine, nothing to say 16:10:12 any other point to address about the gate status ? 16:10:30 most of the wonky issues we had last week were fixed (thanks gmann for tracking it, btw.) 16:11:14 nothing ? okay, let's continue 16:11:18 #topic Release Planning 16:11:34 Release tracking etherpad #link https://etherpad.opendev.org/p/nova-xena-rc-potential 16:11:42 Final release candidates for both Nova and Placement are RC2 16:11:49 The new Xena OpenStack release will be on Wednesday (based on our RC2s) 16:12:05 (or maybe Thursday, I'm unsure about the exact date) 16:12:29 anything to mention about Xena ? 16:12:40 ack is the review to the release repo proposed yet 16:12:53 we'll do a retrospective at the PTG 16:13:09 sean-k-mooney: you mean the final tags ? 16:13:16 https://review.opendev.org/c/openstack/releases/+/812251 16:13:37 thanks gibi 16:13:54 yes 16:13:58 I'll look at it tonight 16:14:59 #topic Review priorities 16:15:10 #link https://review.opendev.org/q/status:open+(project:openstack/nova+OR+project:openstack/placement)+label:Review-Priority%252B1 16:15:24 I made a few runs over some 16:15:31 I'll continue this week 16:15:53 if people have changes they'd like to get reviews, ping me 16:17:02 ok, I assume no asks 16:17:07 #topic PTG Planning 16:17:12 every info is in the PTG etherpad #link https://etherpad.opendev.org/p/nova-yoga-ptg 16:17:23 I started to look at it 16:17:50 for the moment, I haven't moved the topics to group themselves by common interest, we only have a few of them 16:18:26 in the last week, I'll shuffle them if needed 16:18:47 nothing more boring than a placement-then-something-else-then-placement session :) 16:19:07 bauzas: will there be TC - PTL meeting during the PTG? 16:19:12 I guess americans would appreciate to wake up later if placement was grouped early in the morning their time :) 16:19:29 gibi: excellent question, haven't heard yet 16:19:49 hm If my memory serves we had such last time but I might be mistake 16:19:50 n 16:19:53 I even don't know if the TC came up with an agenda 16:20:14 dansmith: do you know if there will be some session like it ? 16:20:29 um, 16:20:34 maybe about the next upstream priorities ? 16:20:39 there's a ptl interaction session 16:20:54 there's a goals session 16:21:09 I don't think there's a clear schedule yet, but the days (mon, thu, fri) are defined 16:21:14 https://etherpad.opendev.org/p/tc-yoga-ptg 16:21:15 ok, I need to do homework then and look at them 16:21:20 dansmith: thanks 16:21:25 thanks 16:21:29 I also need to look at the goals candidates 16:21:38 (if we have some of them already) 16:22:03 rbac, I think, at least 16:22:07 should be uncontentious 16:22:12 but the session doesn't mention specific 16:22:15 *specifics 16:22:46 I'd appreciate if we could exactly define the needed efforts for rbac into our project 16:22:57 but I'll take a look 16:23:19 one thing I wanted to stress on, 16:23:22 we're missing at the moment cinder, neutron and keystone cross-project discussions 16:23:22 i think most of the rbac effrort will be with interacting with other project 16:23:27 I thought we were done with rbac? 16:23:42 e.g. making sure we can call neutron with system scopted tokens 16:23:43 artom: we're done getting ready for rbac :) 16:23:53 artom: sean-k-mooney: maybe, that's why I want to exactly know the key objectives for this proposed goal 16:24:27 dansmith, right, I meant Nova is read, other projects aren't yet, hence the custom policy "workaround" that's currently up for review 16:24:29 *ready 16:24:43 artom: ready, but not completed, AIUI 16:24:46 me too 16:24:48 nova can be called with the secure rbac 16:25:02 that does not mean it can call other project properly with it 16:25:08 or that they can call nova with it 16:25:22 can you manage aggregates with a non-project-scoped admin token? 16:25:38 we need at least some CI job running 16:25:38 proably not 16:25:50 and my next question was, if so, is it tested? :) 16:25:50 to identify the potential gaps 16:25:52 bauzas: yes that is part of the scope of the goal 16:25:56 also we have the specify-target-host-with-project-admin issue open 16:26:15 so likely we have work to do 16:26:17 gibi: yeah, so beyond "meh, it probably works" I expect there are lots of corner cases like that 16:26:22 gibi: correct, hence my "we need to understand the goal's objectives" 16:26:23 exactly 16:26:35 hence, I said "done getting ready" :) 16:26:39 :) 16:26:41 lol 16:26:53 ok, I think we're done with that for now :) 16:26:54 we are ready to do the _real_ work :D 16:26:56 we can discuss more at the ptg but i think it would be nice if we aimed to have a RBAC job running by m1 16:27:12 to give use time to fix the issue it will find 16:27:28 Can we do a nova-only job for that? 16:27:35 I keep hearing it's "all or nothing" 16:27:36 sean-k-mooney: I'm not even sure tempest is ready to add RBAC testing 16:27:46 gibi: I think it is 16:27:48 lance has been working on some limited testing 16:27:54 ahh OK 16:27:54 Actually, do we even need tempest? 16:27:55 with tempest 16:28:00 artom: yes we do 16:28:02 gibi: glance is testing it with its tempest plugin 16:28:03 Smells like something we can do in functional tests, no? 16:28:09 but it's much easier to test glance in isolation than nova 16:28:09 artom: no 16:28:13 dansmith: cool, so we have an example 16:28:17 we need to test interservice interaction 16:28:18 definitely need tempest, IMHO 16:28:26 oh yes 16:28:28 functional will definitely not cut it 16:28:30 lances intiall testing show we cant boot with a neutron port 16:28:37 can't see how we could achieve this without tempest 16:28:49 because neturon as configured by devstack at lest currently cant send the network plugged event correctly 16:29:01 sean-k-mooney: is that their fault or ours? 16:29:03 so we definetly need to do tempeest integration testing 16:29:14 seems like it's likely ours 16:29:15 we need a job 16:29:19 dansmith: not sure yet proably a mix of devstack config and our policy 16:29:32 or maybe a combo I guess. if they use a system-scoped token but need to augment with project maybe 16:29:34 sean-k-mooney: ack 16:29:48 and first and foremost, we need people working on it, if so :) 16:29:52 i think it enabeld the new policy on our side but did not create the nova user with the right scope and neutron config 16:30:27 sean-k-mooney: honestly, I probably need to think on how that event interface should work 16:30:27 so we enforced scope but the token neutron used did not have system scope but was an admin token 16:30:40 like maybe a system-scoped token that looks up any instance on the system is okay 16:31:02 I would normally think that should be project-scoped, because instances are project-scoped and events are tied to instances 16:31:11 but it's intended to mostly be used by other services, so .. I dunno 16:31:22 i think it should be system scope 16:31:27 do we have sort of guidance from the keystone team about those events ? 16:31:33 becasue as you said this is for service to service interaction 16:31:38 but ya its tricky 16:31:39 or is it us just picking what we want ? 16:31:48 sean-k-mooney: but it's not something you can ever do without a project-scoped resource ... 16:31:56 bauzas: we should probably consult a bit 16:32:10 dansmith: yep which is why its tricky 16:32:20 this is kinda my problem with system scope, is that it actually doesn't apply to a lot of stuff, because almost everything is a project-scoped resource 16:32:21 Can ports ever be system-scope? 16:32:35 Instances are obviously project-scope, but Neutron external events have to do with ports as well 16:32:38 im a little relucted to say that api should be project-admin however 16:32:39 if that becomes a goal, we need some owner of this goal, just sayin' :) 16:32:43 aggregates are the one example of a system-scoped resource I use a lot 16:32:49 Is there some funky network topology that can have system-scoped ports? 16:32:56 sean-k-mooney: that's another thing, definitely doesn't need admin 16:32:57 dansmith: it proably shoudl be system-admin with project-ide set 16:33:13 sean-k-mooney: that's project-scoped, AFAIK 16:33:20 events don 16:33:24 don't need to be admin either 16:33:33 the event api is admin only 16:33:48 they don't need to be, and I don't think they initially were 16:33:49 since enduser including operators are not ment to call it 16:34:01 but admin != scope 16:34:03 anyway 16:34:07 clearly needs some discussion and thinking 16:34:10 we could make it system member 16:34:17 so yes 16:34:25 we could drop admin but ya 16:34:29 could we now put our thoughts into https://etherpad.opendev.org/p/nova-yoga-ptg L204 and move to other things ? 16:34:31 lets defer for now 16:34:49 am sure but we might want a sperate etherpad 16:35:00 linked form there to go though this in more detail 16:35:01 sean-k-mooney: feel free to link to it 16:35:09 also, this ties to my other point 16:35:28 for the moment, we don't have cinder, neutron and keystone cross project sessions at the PTG 16:35:52 I'd recommend us to engage some talks with the keystone team so we could wrap some stuff about RBAC during the PTG :) 16:35:54 just sayin' 16:35:58 if we had a neutorn one i have one potential topic 16:36:11 https://etherpad.opendev.org/p/ovn_live_migration 16:36:17 ok, so, I guess I can ask the neutron folks and the keystone folks at least 16:36:23 for timeslots 16:36:55 I don't have any neutron topic at the momement 16:36:56 lyarwood or others, do people feel wanting to discuss some cinder topics ? 16:37:21 I believe he dropped off early today, might want to check with him async 16:37:25 i think lee had one topic but lee wont be able to attend the PTG 16:37:26 gibi: I'll ask the neutron team if they have nova-specific concerns too 16:37:45 I know lyarwood wants to address the Manila thing 16:37:46 sure 16:37:49 Removing os-volume proxy API during Yoga 16:37:59 that was the one that i tought lee might bring up 16:38:10 but here, the question is, do we need the Cinder team for discussing those topics ? 16:38:14 That doesn't really affect Cinder, does it? 16:38:24 artom: that's my question 16:38:37 do we have topics to discuss that engage the cinder team ? 16:38:44 I can leave this for next week 16:39:00 the manila thing beign supprot for virtio-fs 16:39:18 if so then no there is no interation nwith cinder in that case 16:39:44 for the keystone x-p session, do you think it would be nice for us getting the whole crew or only publicize our discussions about Secure RBAC so people like lance would join ? 16:40:52 assuming unified limits work will continue we might want to discuss that too but im not sure if there is anything left on the keystone side 16:41:18 dansmith: you wanted some changes to the lib interface i think but not sure if that needs to be covered at the ptg 16:41:34 no, I don't think soi 16:41:50 I also think that the issues have been resolved with some of my recent changes to oslo.limit, 16:41:53 but I need to circle back 16:42:00 regardless, nothing needing lots of discussion I don't think 16:42:11 yeah 16:42:22 so this is rbac only 16:42:39 we'll figure that out 16:42:50 moving on 16:42:53 #topic Stable Branches 16:42:59 Nova Wallaby 23.1.0 release is proposed #link https://review.opendev.org/c/openstack/releases/+/809000 16:43:05 Nova Victoria 22.3.0 release is proposed #link https://review.opendev.org/c/openstack/releases/+/812291 16:43:11 Nova Ussuri 21.2.3 release is proposed #link https://review.opendev.org/c/openstack/releases/+/812292 16:43:17 elodilles: other things to mention ? 16:43:31 i'll ping release folks to review those tomorrow 16:43:49 cool 16:43:50 and maybe we could merge this: https://review.opendev.org/c/openstack/nova/+/810461 16:44:02 oh 16:44:16 as far as i remember we agreed to accept this 16:44:21 yup 16:44:31 and I can backport it to older branches then 16:44:44 and unblcok train-stein-rocky-queens-pike :) 16:44:44 I guess you revisioned it because of the pin version ? 16:45:09 tox min version needed a bump as stephenfin marked 16:45:10 yeah, that 16:45:16 ok, I'll +2 it 16:45:22 thanks \o/ 16:45:30 that's it i think 16:45:35 cool 16:45:43 #topic Sub/related team Highlights 16:45:47 Libvirt (lyarwood) 16:45:50 well, he's off 16:46:06 but I haven't heard anything specifc 16:46:14 moving on 16:46:18 #topic Open discussion 16:46:35 nothing in the agenda, floor is yours 16:47:26 it was a productive meeting 16:48:03 I can't promise this everyweek 16:48:07 #endmeeting