16:00:15 #startmeeting nova 16:00:15 Meeting started Tue Oct 4 16:00:15 2022 UTC and is due to finish in 60 minutes. The chair is bauzas. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:15 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:15 The meeting name has been set to 'nova' 16:00:21 hey stackers 16:00:29 o/ 16:00:33 #link https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting 16:01:04 o/ 16:02:05 okay, let's start, hopefully people will join later 16:02:28 #topic Bugs (stuck/critical) 16:02:34 #info No Critical bug 16:02:39 #link https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New 4 new untriaged bugs (-1 since the last meeting) 16:02:43 o/ 16:02:51 O/ 16:02:59 the etherpad I created for this week's triage https://etherpad.opendev.org/p/nova-bug-triage-20220927 16:03:38 and I have one security bug I'd like to discuss with the team, now we made it public 16:03:52 #link https://bugs.launchpad.net/nova/+bug/1989008 Security bug 16:04:16 I was consider it to close it as Wontfix 16:04:20 considering* 16:04:32 o/ 16:05:19 tl;dr: depending on your sudoers rules, you can trick nova user 16:05:37 we could change our privsep rules to be more restrictive 16:05:45 i filed a downstream backlog item to adress it properly 16:05:47 but we prefer deferring to the host config 16:05:58 about the permissions rights 16:06:01 so longterm i think we shoudl rewirte how we use privesep 16:06:15 I don't disagree 16:06:19 but i dont think we will have time in A 16:06:24 but this is a long-term effort 16:06:32 yeah and very tedious effort 16:06:53 i personally would not mind tipping away at this over time 16:07:04 for that reason, I think this is valid to close this bug as Wontfix 16:07:05 but not sure i can do it in A 16:07:17 as this is actually more a request for enhancement than a really butg 16:07:20 bug* 16:07:38 i have no objection to that as its really a speless blueprint or spec in my view 16:07:57 of course, deployers and openstack distros need to properly care about this bug 16:08:08 and make sure the rights they give are correctly set 16:08:19 its not quite an architectual change but it is a desgin pattern change 16:08:31 but from an upstream perspective, given no further effort can be simply made, we need to close it 16:08:42 sean-k-mooney: yeah a refactoring change 16:08:45 but, 16:08:51 so currently it cannot lead to privladge escalation if you dont already have the ablity to spwan the privsep helper 16:08:57 or have access to the unix socket of an exsiting one 16:08:58 sean-k-mooney: we correctly need to make it 16:09:09 sean-k-mooney: exactly my point 16:09:29 unless you fucked up with your sudo rights, you shouldn't hit this bug 16:09:39 yep 16:10:02 its kind of like exposing the docker socket to a container 16:10:10 so, agreed as Wontfix and leave a note saying we're not against modifying our privsep use, but this is deferred for now ? 16:10:29 ok with me 16:10:40 no objections so far ? 16:11:03 please explain in the bug (if not yet explained) that it cannot lead to escalation if you don't have the rights to spawn the privsep_helper 16:11:19 gibi: I explained it when I replied but I'll redo it 16:11:19 or talkt to the socket 16:11:33 bauzas: if it is there already then it is OK 16:11:55 gibi: quote from myself "I agree with all the above. Unless the user is accepted by sudoers to have root priviledges, it can't use privsep to get what they want from the kernel, so this isn't an exploit." 16:12:07 cool then 16:12:08 thanks 16:12:10 (comment #9) 16:12:16 sorry I not read through the bug 16:12:23 but I'll make it clear on my last reply 16:13:16 #agreed https://bugs.launchpad.net/nova/+bug/1989008 to be marked as Wontfix as this isn't a flaw if sudoers is correctly set and we don't know when we can modify our privsep usage in nova yet 16:13:40 voila, that's it for me unless other pings 16:14:05 #link https://storyboard.openstack.org/#!/project/openstack/placement 26 open stories (+0 since the last meeting) in Storyboard for Placement 16:14:12 #info Add yourself in the team bug roster if you want to help https://etherpad.opendev.org/p/nova-bug-triage-roster 16:14:24 elodilles: still fighting with the release, man ? 16:14:35 hopefully till tomorrow ;) 16:14:44 so yes, i can take the baton 16:14:46 then you have no excuse. 16:14:52 #info bug baton is being passed to elodilles 16:14:57 elodilles: thanks 16:14:57 ~o~ 16:15:08 np 16:15:09 elodilles: you won't feel overloaded 16:15:23 famous last words? :) 16:15:24 our untriaged backlog is very low todzy 16:15:48 cool :) 16:15:56 unless something big happens, like a tornado or a earthquake, you'll be fine (tm) 16:16:07 :] 16:16:17 moving on 16:16:20 #topic Gate status 16:16:30 #link https://bugs.launchpad.net/nova/+bugs?field.tag=gate-failure Nova gate bugs 16:16:38 #link https://zuul.openstack.org/builds?project=openstack%2Fplacement&pipeline=periodic-weekly Placement periodic job status 16:16:46 link https://zuul.openstack.org/builds?job_name=tempest-integrated-compute-centos-9-stream&project=openstack%2Fnova&pipeline=periodic-weekly Centos 9 Stream periodic job status 16:16:49 damn 16:16:52 #link https://zuul.openstack.org/builds?job_name=tempest-integrated-compute-centos-9-stream&project=openstack%2Fnova&pipeline=periodic-weekly Centos 9 Stream periodic job status 16:17:00 #link https://zuul.opendev.org/t/openstack/builds?job_name=nova-emulation&pipeline=periodic-weekly&skip=0 Emulation periodic job runs 16:17:08 all green above ^ 16:17:38 well, actually https://zuul.openstack.org/builds?project=openstack%2Fplacement&pipeline=periodic-weeklyhttps://zuul.openstack.org/builds?project=openstack%2Fplacement&pipeline=periodic-weekly is still fetching info 16:17:52 anyone having the same trouble than me when opening the url ? 16:17:59 you could just have one linke to the perodic pipeline 16:18:08 right 16:18:29 https://zuul.opendev.org/t/openstack/builds?pipeline=periodic-weekly&skip=0 16:18:35 they work ok for me 16:18:49 sean-k-mooney: so you basically let me providing those 3 links for the whole Yoga and Zed releases ? 16:18:57 meh p 16:18:59 :p 16:19:26 https://zuul.opendev.org/t/openstack/builds?project=openstack%2Fnova&project=openstack%2Fplacement&pipeline=periodic-weekly&skip=0 16:19:30 hehe 16:19:42 that one is nova and placment weekly jobs in one link 16:20:03 yeah, I never reconsidered to make one call once we added the two other checks :) 16:20:04 anyway the are looking good so we can move on 16:20:08 yeah, moving on 16:20:11 but this was fun 16:20:21 stupid me. 16:20:38 #info Please look at the gate failures and file a bug report with the gate-failure tag. 16:20:44 #info STOP DOING BLIND RECHECKS aka. 'recheck' https://docs.openstack.org/project-team-guide/testing.html#how-to-handle-test-failures 16:21:17 fyi, I think I'll start providing the weekly metrics for the recheck command in the nova project if our stats don't improve :) 16:22:07 there is one TC monitor https://etherpad.opendev.org/p/recheck-weekly-summary 16:22:12 https://etherpad.opendev.org/p/recheck-weekly-summary tells me we're at 50% 16:22:21 damn, burned by gmann 16:22:46 :) thanks to slaweq 16:22:48 gmann: yeah I know and I feel 50% is a too bug number 16:22:50 big 16:23:16 but its 1 out of 2 16:23:18 so at this point im not sure reminding people each week is helping 16:23:36 1 bare recheck is still not so bad 16:23:38 if my daughter was ranked 10/20 (this is a french note over 20 points), I'd ask her to change a few things 16:24:32 actually, nevermind me 16:24:40 I just saw the raw stats 16:24:41 can i suggest we drop this form the meeting going forward or talk about it at the ptg 16:24:46 yeah 16:24:56 but fwiw, our 90-day stat is at 25% 16:25:10 surprinsingly, we only had 2 rechecks this week 16:25:15 I think it will only improve we can can look at the actual bare rechecks 16:25:21 and 1 being a bare one 16:25:23 talking in meeting just a heads up is good reminder to all of us 16:25:34 I'll add a point to the PTG agenda 16:25:39 and we'll discuss it 16:25:45 moving on 16:25:47 and explain if / when it is OK and NOT OK to use it in situation 16:25:53 but i dont think it s the people that are in the meeting that need to be reminded 16:25:54 but yes, move on and return to it on the PT 16:25:55 G 16:26:13 #topic Release Planning 16:26:21 #link https://releases.openstack.org/zed/schedule.html 16:26:44 #link https://releases.openstack.org/antelope/schedule.html 16:26:53 #info Zed GA planned tomorrow 16:26:59 so RC2 was our final RC 16:27:06 kuds to the team for the hard work 16:27:12 kudos* 16:27:36 \o/ 16:27:42 ~o~ 16:28:01 about this, I'll talk at the next openinfra live session on this Thursday 16:28:05 1400UTC 16:28:34 like I did last cycle, I'll present our cycle highlights and I'll talk about what we plan for Antelope 16:28:45 cool 16:28:50 you should see some metrics, they are interested to read 16:28:56 interesting* 16:29:23 ack 16:29:33 which makes me move to the next topic 16:30:19 #topic PTG planning 16:30:32 #link https://etherpad.opendev.org/p/nova-antelope-ptg Antelope PTG etherpad 16:30:38 #link https://ptg.opendev.org/ptg.html PTG schedule 16:30:45 #info As a reminder, please provide your PTG topics before Oct-6 (Thursday) ! 16:31:16 which actually suits me, as I need to present this Thursday our plans for Antelope :) 16:31:27 so, typey typey please 16:31:41 i have one topic that im going to add but more of an fyi, i would like to repon the idea of move placment to launchpad (without copying and exitsing stories or bugs) 16:31:57 sean-k-mooney: already in the etherpad :) 16:32:05 oh ok :) 16:32:16 yeah, that's boring to me 16:32:29 so, about PTG topics 16:32:41 we're collecting inputs from other teams too 16:32:58 there should be a neutron x-p session 16:33:08 there are topic in there etherpad 16:33:36 I know 16:34:02 I need to sync up with ralonsoh to find a proper timeslot that suits both teams 16:34:07 also, 16:34:33 as you've seen in the lists, we should have a nova-ironic x-p session too 16:34:54 we have one hot topic that needs to be properly addressed at the PTG 16:35:13 even if there are already very valuable feedback from sean-k-mooney, gibi and dansmith 16:35:32 bauzas, we can sync tomorrow 16:35:34 so, JayF here wanted to see whether Monday 1400UTC suited for you 16:35:45 this is off the Nova hours 16:36:00 anyone having concerns by this timeslot ? 16:36:32 no issues with me 16:36:34 I appreciate everyone trying to get together to solve this for our users :) 16:36:40 we don't need the whole gang to attend, but I'd like to see attendance from some people at least 16:36:43 are we going to do the cross project topics all on monday 16:36:53 sean-k-mooney: I don't know 16:37:03 ok 16:37:09 not sure I can make that due to TC stuff, I'll have to check 16:37:10 the current agenda is pretty small as we speak 16:37:20 dansmith: I have an hard stop by 1500UTC 16:37:28 a hard* (damn English) 16:37:41 so the session would be one hour max 16:38:05 probably not sufficient to cover any possible solutions, but I guess the conversation will focus more about the problem first 16:38:25 Monday 15 UTC is also TC + Leaders sessions 16:38:32 gmann: that's my hard stop 16:38:35 +1 16:38:37 yeah, so I should be good then 16:38:57 fwiw, I was hoping to chime on the spec 16:39:14 but as I said, most of the points were already covered and explained 16:39:30 there's really not much to chime in on in its current form I think yeah 16:39:45 this is frankly not an easy problem to solve so I guess we need to focus on the use case firstr 16:40:10 dansmith: agreed and the limitations are given 16:40:18 anyway 16:40:27 sold for Monday 1400-1500UTC 16:40:31 JayF ^ 16:40:31 fundementally the way the ironic driver is written today does not aling with how we expect a driver too work 16:40:42 it will not be simple to reconsile the two 16:41:01 sean-k-mooney: the first step is to admit we can't easily reconcile 16:41:46 JayF: I'll put this in our etherpad, are you going to reserve the timeslot and book the room ? 16:42:08 he's maybe afk, moving on 16:42:15 bauzas: I can; but if you know how I'd prefer you do it. The PTG planning for this cycle was done by outgoing PTL and I don't know the steps right off 16:42:33 JayF: no worries, I'll book the room 16:42:37 thank you o/ 16:42:52 just hoping the bexar room to be free at that time :) 16:43:15 moving on 16:43:37 ralonsoh: no worries, let's catch up tomorrow morning EU-time 16:44:14 #agreed Nova-Ironic cross-project PTG session happening on Monday 1400-1500UTC 16:44:20 #topic Review priorities 16:44:27 #link https://review.opendev.org/q/status:open+(project:openstack/nova+OR+project:openstack/placement+OR+project:openstack/os-traits+OR+project:openstack/os-resource-classes+OR+project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/osc-placement)+(label:Review-Priority%252B1+OR+label:Review-Priority%252B2) 16:44:54 nothing from me to say 16:45:15 (we'll discuss this flag at the PTG, btw.) 16:45:47 #topic Stable Branches 16:45:53 elodilles: this is your show time 16:46:01 #info from stable/zed back till stable/train branches' gates should be OK 16:46:22 awsome 16:46:24 (i had only a quick look so hope it's true o:)) 16:46:31 #info stable/stein (and older) are blocked: grenade and other devstack based jobs fail 16:46:39 with the same timeout issue as stable/train was previously 16:46:46 #info stable branch status / gate failures tracking etherpad: https://etherpad.opendev.org/p/nova-stable-branch-ci 16:47:03 so actually nothing special, just the usual things 16:47:19 that was it 16:47:24 can we delete stable/train ? :) 16:47:43 and older :) 16:48:06 well, stein and older looks like abandoned 16:48:13 so that's for sure 16:48:21 propose a PTG topic :) 16:48:29 lets decide there 16:48:32 yeah 16:48:40 ++ 16:48:42 ack 16:49:16 technically, we won't delete the branches, right ? :) 16:49:22 just EOL them :) 16:49:37 bauzas: actually it means *deletion* 16:49:57 only the $series-eol tag can be retrieved 16:50:05 cool 16:50:09 after we EOL'd + deleted a branch 16:50:16 yeah OK then 16:50:50 (even if my payslip asks me to do things with newton-based environments, this is not about upstream so... :D ) 16:50:50 (so the history can be retrieved via that *-eol tag) 16:51:17 yep we can always restore 16:51:27 anything else to mention ? 16:51:29 i would be in favor of eloing stien and older but ya ptg 16:51:47 perfect place for this kind of discussion 16:52:28 in particular given not a lot of people care about stein and older (in terms of branch maintainance) 16:52:38 :) 16:52:39 anyway, moving on 16:52:52 (meanwhile i've added the topic to the PTG etherpad) 16:52:52 #topic Open discussion 16:53:00 elodilles: great, thanks 16:53:05 ++ 16:53:18 there is nothing to discuss in the open discussion section 16:53:27 anyone having anything they'd like to say ? 16:53:48 as a reminder, specless blueprints can be asked here :) 16:54:11 looks not, 16:54:20 I return you 6 mins of your time 16:54:24 thanks alll 16:54:27 all* even 16:54:30 #endmeeting