#openstack-cyborg log

03:00:43 <Sundar49> #startmeeting openstack-cyborg
03:00:44 <openstack> Meeting started Thu Dec 12 03:00:43 2019 UTC and is due to finish in 60 minutes.  The chair is Sundar49. Information about MeetBot at http://wiki.debian.org/MeetBot.
03:00:45 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
03:00:47 <openstack> The meeting name has been set to 'openstack_cyborg'
03:00:52 <Sundar49> Hi all
03:01:13 <chenke> Hi all.
03:01:19 <chenke> info chenke.
03:01:23 <chenke> info# chenke
03:01:25 <Yumeng> #info Yumeng
03:01:34 <Sundar49> Hi chenke, Yumeng
03:01:51 <Yumeng> Hi Sundar49
03:01:52 <Sundar49> Let's give a min for folks to join
03:02:08 <wangzhh> Hi all.
03:02:20 <Sundar49> Hi
03:02:26 <Yumeng> I just added https://wiki.openstack.org/wiki/Cyborg/Policy to the policy page
03:02:57 <Sundar49> Yumeng: nice!
03:03:02 <chenke> good
03:03:30 <wangzhh> Great.
03:03:53 <Sundar49> Good, let's get started
03:04:05 <Sundar49> Agenda: https://wiki.openstack.org/wiki/Meetings/CyborgTeamMeeting#Agenda
03:04:16 <s_shogo> #info s_shogo
03:04:21 <Sundar49> Anything to add?
03:04:58 <Sundar49> #topic Secure_Default_Policies_Popup_Team
03:05:01 <Yumeng> mainly three questions needs to disscuss with you guys. please take a look at the bottom of https://wiki.openstack.org/wiki/Cyborg/Policy
03:05:16 <Sundar49> Yumeng, could you explain to us what's happening in this area?
03:06:54 <Sundar49> What do the terms mean, member vs. reader?
03:08:24 <Sundar49> Yumeng: ^
03:08:49 <Yumeng> emmm. to be simple. the main problem today is that : 1) admin everywhere 2)insecure custom roles: many policy rules simply use "" as the rule 3)not support read-only
03:10:08 <Sundar49> Our RBAC policies allow for admin and user roles, I think. Are we considering more roles, like member and reader?
03:10:15 <Yumeng> these means sometimes users may have too much or not enough privileges
03:11:34 <Sundar49> Have there been any meetings across the popup team?
03:11:40 <Yumeng> something like that. 1)we need consistent admin over all openstack projects 2) we need to have read-only
03:12:10 <Yumeng> 3) we can have a scoped-RBAC including project-scope and system-scope
03:12:36 <Sundar49> I see. So you could have a project-scope admin?
03:13:37 <Yumeng> yes. project-scope works for most of our current cases. maybe we need consider add system-scope for device related RBAC
03:14:03 <Yumeng> emmm. seems I need to propose a spec to describe this in more details
03:14:11 <Sundar49> Re. the question about cyborg:arq:create, I agree that allowing any user to create an ARQ is too liberal, esp. because the ARQ creator can also program the device.
03:14:29 <Sundar49> Yea, a spec would be welcome
03:15:13 <Yumeng> yes. I have same concerns on cyborg:arq:create
03:15:28 <Sundar49> How do we fix that?
03:16:06 <xinranwang> Hi all, sorry for late
03:16:30 <Yumeng> should we change to admin?
03:17:15 <Yumeng> I was wondering why the initial design was allowing any user?
03:17:25 <Yumeng> Does anyone know that?
03:17:29 <Sundar49> That is too restrictive. We want some auhtorized users to crete, and others should be forbidden.
03:17:46 <Sundar49> I mean: ^ for admin
03:18:53 <Sundar49> Does it make to sense to have granular roles like, device profile reader/writer, ARQ reader/writer etc.?
03:19:32 <Yumeng> sundar49: emmm seems no writer, only reader
03:20:16 <Sundar49> Who can POST device profiles, PATCH arqs, etc.? Apart from admin?
03:21:35 <Sundar49> Yumeng, chenke, xinranwang, wangzhh: ^
03:22:01 <chenke> I only use admin to create device_profile.
03:22:12 <xinranwang> I think only admin
03:22:36 <Sundar49> admin in project scope?
03:22:58 <chenke> yes.
03:23:02 <wangzhh> emmm  Yep. I remembered that we disscussed about it before. And only admin allowed.
03:24:03 <Sundar49> Yumeng: So, the next step is that we need to review this table in the wiki?
03:24:20 <Sundar49> are you included in any meetings they have for this ?
03:26:09 <Sundar49> If anybody has any thoughts, please speak up.
03:27:08 <Sundar49> #topic Devstack components for multi-node
03:27:23 <Sundar49> Shaohe's table: end of https://etherpad.openstack.org/p/cyborg-ptg-ussuri
03:27:59 <Sundar49> Any further comments?
03:28:33 <Sundar49> If not, shall we close this as final?
03:29:09 <chenke> I have one.
03:29:18 <chenke> 9. agent enabled_drivers                              N                               Y                                N
03:29:47 <chenke> agent enabled_drivers?
03:30:36 <Sundar49> chenke, what is the comment?
03:30:38 <chenke> I think cyborg-agent node's conf need this .
03:31:09 <Sundar49> Oh yes, it should be  N N Y
03:31:16 <chenke> Ye.
03:31:26 <Sundar49> Please write that in the etherpad
03:31:53 <Sundar49> Thanks, chenke. Anything else?
03:32:21 <Yumeng> Sundar49: not yet. I just talked to zhurong. his idea is that this can be flexible. we can either use admin directly to post ARQ or use any user to make this post request to  a system user to help do this post and return results.
03:32:44 <chenke> about 10.  api ramdisk_heartbeat_timeout
03:33:07 <chenke> I don't know why we need this
03:33:26 <Yumeng> Sundar49: I will propose a spec today and welcome you guys to disscuss.
03:33:59 <Sundar49> Yumeng: when a user wants to launch a VM with accelerators, he needs the ability to POST and PATCH ARQs, right? Does he have to ask the admin to create the VM?
03:34:20 <Sundar49> Yumeng: ok, we can discuss in the spec
03:35:05 <Sundar49> chenke: I don't see a reason for it either. We can probably drop it.
03:35:25 <chenke> Agree.
03:36:29 <Sundar49> Ok, moving on
03:36:53 <Sundar49> For functional testing, we don't have Li today
03:37:14 <Sundar49> #topic Programming
03:37:34 <Sundar49> API proposal: https://etherpad.openstack.org/p/cyborg-ussuri-programming-apis
03:37:57 <Sundar49> Has anybody reviewed this yet?
03:39:18 <Sundar49> s_shogo, would you like to bring up or discuss your patch?
03:39:53 <s_shogo> Yap,My patch relates the bottom of the proposal, > " Update FPGA user logic (bitstream)"
03:41:16 <Sundar49> My first comment is, it probably needs more validation :)  Validation of inputs, Needs some checks: is the bitstream id valid, is the bitstream already programmed, is the deployable in use, etc.
03:41:23 <Sundar49> Also, UT
03:41:43 <s_shogo> There is no specific topic, so
03:42:14 <s_shogo> Thank you Sundar49 , I improve that.
03:42:21 <Sundar49> Thanks
03:43:49 <Sundar49> Before we move onto other things, have you all had a chance to look at the comments in https://review.opendev.org/#/c/692707/6/nova/objects/external_event.py@36 https://review.opendev.org/#/c/631244/51/nova/conductor/manager.py@1578
03:44:16 <Sundar49> This will have impact on Cyborg side too
03:45:01 <chenke> Ok. Will look at it after meeting.
03:45:25 <Sundar49> ok
03:45:36 <Sundar49> #topic Storyboard, specs, patches
03:46:19 <Sundar49> I know there is a long list of specs and patches for me to look at :). Does anybody want to raise anything specific to expedite?
03:47:45 <Sundar49> Very quiet meeting today :)
03:48:11 <Sundar49> Ok, I''m going to keep chugging on Nova side. Please ping me if you have comments/questions/concerns
03:48:40 <Sundar49> Have a good day, everybody!
03:48:50 <Yumeng> bye. see you
03:48:52 <Sundar49> #endmeeting