03:01:54 <Sundar> #startmeeting openstack-cyborg 03:01:55 <openstack> Meeting started Thu Feb 6 03:01:54 2020 UTC and is due to finish in 60 minutes. The chair is Sundar. Information about MeetBot at http://wiki.debian.org/MeetBot. 03:01:56 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 03:01:58 <openstack> The meeting name has been set to 'openstack_cyborg' 03:02:25 <Sundar> #topic Roll call 03:02:31 <Sundar> #info Sundar 03:02:43 <chenke> #info chenke 03:02:44 <s_shogo> #info s_shogo 03:02:50 <Yumeng> #info Yumeng 03:02:52 <brinzhang> #info brinzhang 03:03:11 <Sundar> #topic Agenda 03:03:44 <xinranwang> Hi 03:03:44 <xinranwang> #info xinranwang 03:03:57 <Yumeng> hi Xinran 03:04:37 <Li_Liu> #info Li_Liu 03:05:27 <Li_Liu> Hi guys 03:05:38 <Sundar> First, I'd like to start by saying that Cyborg has been a long journey for me, in my current role at Intel. I have been spending anywhere from 50-100% of my time on it, with the rest going to some Kubernetes efforts for FPGA. 03:06:08 <Sundar> But my role is changing, and it seems unlikely that I can stay engaged with Cyborg to the same extent. :( It is a big disappointment for me. 03:06:47 <Li_Liu> Thanks a lot for all the great efforts Sundar 03:07:10 <Sundar> Welcome, Li_Liu. 03:07:14 <Sundar> However, I am trying hard to close the Nova integration as quickly as I can. For the rest, I think we have a good blueprint for further development. 03:07:24 <brinzhang> I think this is a big loss for Cyborg and everyone. 03:07:35 <shaohe_feng73> hi all 03:07:47 <xinranwang> Thanks for your great efforts Sundar 03:07:47 <shaohe_feng73> sorry for late 03:07:58 <shaohe_feng73> something wrong with my network 03:08:39 <s_shogo> Thanks a lot, Sundar 03:08:56 <chenke> that's too regretful, 03:10:15 <brinzhang> We should imporve the priority to colse the Nova integration as soon as possible 03:10:16 <Sundar> It is great that we have so many smart and enthusiastic developers in Cyborg who have lots of interest in seeing it succeed. I am sure you will all carry this forward. To be sure, OpenStack in Asia is expected to grow fast, much faster than the rest of the world. So, adoption by those companies is reassuring. 03:10:38 <Yumeng> That's really depressing news for cyborg. Thanks Sundar for all the progress you've made for cyborg. 03:10:56 <Sundar> brinzhang: Yes, I am pushing it almost every day. It is mostly small details now. 03:11:09 <Sundar> Yumeng and all: Thanks for your kind words. 03:11:21 <brinzhang> Sundar: yea, I see 03:11:23 <Li_Liu> Well, hope you can still come here on and off to chat with us :P 03:11:37 <zhurong> Sundar thanks for your leadership of Cyborg, you really did a great things for Cyborg 03:12:08 <Sundar> I am going to be around as much as I can. :) 03:12:32 <shaohe_feng73> so what's your next work? still cloud related? 03:12:48 <Sundar> Apart from the Nova integration, what else do you all see as the next thing I should do soon? 03:14:15 <brinzhang> Sundar: Aha, I would like to see you complete your instance ops spec https://review.opendev.org/#/c/605237/ :) 03:15:08 <Sundar> brinzhang: Ok :) We had a discussion whether it really needs to be a spec, or should it be a doc. 03:15:36 <brinzhang> it just a document, it won't take up much of your time 03:15:44 <Sundar> Sure, I can do that 03:16:01 <Yumeng> I think V2 API and client are also important 03:16:20 <Yumeng> should be done asap 03:16:54 <Sundar> Yumeng: Yes. But Shogo is driving the client well, and you are all involved in different v2 APIs. Is there anything for me to do there? 03:17:03 <Yumeng> ops. sorry. that's Xinran and shogo's 03:17:47 <Sundar> np :) Yes. I could probably review them. But, for the client, reviews from Monty etc. are more important, honestly. 03:18:08 <brinzhang> Yeah, the v2 API's SPEC has been merged, I think while the PoC code pushed, Sundar can review it while he is free 03:18:35 <Sundar> brinzhang: You mean microversion spec? 03:18:48 <brinzhang> yea 03:19:00 <xinranwang> Yes, for Sundar, the most important is nova integration. The rest, we can take it over if needed. 03:19:12 <shaohe_feng73> yes. 03:19:16 <shaohe_feng73> agree. 03:19:40 <xinranwang> I think brinzhang means the api updated spec. 03:19:53 <shaohe_feng73> not sure Sundar will start his new job. 03:20:12 <Sundar> Microversion spec is merged. I think https://review.opendev.org/608624 is obsolete. Anyway we actually got most of the code in. So I may abandon it. 03:20:28 <chenke> Agree with xinran's idea. 03:20:49 <Sundar> xinranwang: In https://review.opendev.org/#/q/status:open+project:openstack/cyborg-specs, which one are you referring to? 03:20:57 <shaohe_feng73> hope these community jobs will increase his burden 03:21:17 <shaohe_feng73> will not 03:21:41 <brinzhang> Sundar: yes, you can ignore what I said, it's not true 03:21:59 <xinranwang> I think brinzhang means this one https://review.opendev.org/#/c/696012/? 03:22:39 <Sundar> shaohe_feng: I plan to hang around for some time, may be till the end of U release if possible, or a few weeks in the worst case. I don't feel comfortable dropping the ball abruptly. 03:23:06 <brinzhang> xinranwang: right 03:24:46 <shaohe_feng73> sundar: Thank you for your professionalism 03:25:07 <Sundar> NP. Good. If any of you have any further thoughts or concerns, you can ping me on WeChat or send me email. 03:25:38 <Sundar> For the rest of today, we can probably go over the important patches? 03:26:28 <Sundar> Yumeng: how do you feel about tehe policy refresh stuff? 03:27:06 <Yumeng> yes. I have mailny arq:create policy to discuss with you guys 03:28:03 <Yumeng> and another two quick questions on device and device_profile API policies. 03:28:43 <Yumeng> this spec is almost done, Collen and Lance from keystone have reviwed it and gave us many suggestions. 03:29:21 <Yumeng> ok. let's start. 03:29:34 <Sundar> If arq:create is open for all users, anybody who creates an ARQ can also start a bind, which can program devices. That is a security issue. But, if we make it admin only, most users cannot launch a VM. That is the issue, right? 03:30:56 <Yumeng> yes. from my understanding, user from nova should be able to arq initial creation,not only admin. 03:31:14 <Yumeng> maybe by two ways: either the user create itself with a specific project_id in the request context; 03:31:29 <shaohe_feng73> green bitstream can be program by users, write? 03:31:54 <shaohe_feng73> s/write/right? 03:31:57 <shaohe_feng73> maybe not all 03:32:27 <shaohe_feng73> such as smartnic, had better let admin or deployer to do program. 03:32:37 <Li_Liu> "green bitstream" is an intel specific concept right? 03:33:25 <Sundar> To me, it seems that we need two specific roles: accelerator_user and accelerator_programmer (need better name). Only users/tenants who have that role can do the resp. functions. 03:33:39 <shaohe_feng73> yes, not sure what's name in other fpga? 03:33:52 <Sundar> shaohe_feng, Li_Liu: yes, green bitstream is intel-specific. But 'custom user logic' is a generic term. 03:34:05 <Li_Liu> i see 03:34:53 <Sundar> A FPGA may be programmed as a whole chip. But, if it allows partial reconfiguration, we could have a shell (blue bits) and custom user logic (green bits). The blue/green terminology is old even within Intel. 03:35:43 <shaohe_feng73> let's user shell and custom user logic term 03:36:13 <Sundar> Either way, to program the custom user logic in an FPGA, or the device configuration Huawei Ascend chip, etc., we need a specific role that is allowed to configure devices, i.e., 'accelerator_programmer'. Right? 03:37:11 <brinzhang> how about arq:create us system_admin and project_admin role? 03:37:22 <brinzhang> s/us/use 03:37:52 <Sundar> brinzhang: then only admins can create VMs with accelerators. 03:38:37 <shaohe_feng73> we should think about project_admin can do any case 03:39:09 <shaohe_feng73> smartnic maybe not good for project_admin, only for system_admin 03:39:30 <brinzhang> In our customer scenario, ordinary users need to issue an application to use the VM. I think it is possible to use the admin role, and the project administrator issues the VM to the user (allowing batches). 03:41:09 <shaohe_feng73> In a really cloud ENV, the system_admin maybe do some plan for their cloud, and decide the device/acc usage 03:41:19 <brinzhang> just allow *_admin to create a VM 03:41:59 <shaohe_feng73> that's not a right way. 03:42:15 <brinzhang> shaohe_feng73: yes, mostly the project_admin is an executor 03:42:44 <shaohe_feng73> but in different cloud EVN, cloud provider define the policy. 03:43:05 <Sundar> brinzhang: So, for a user to create a VM with accelerators, they must file a request with the project admin. Not truly self-service. 03:43:07 <shaohe_feng73> the policy can be changed. 03:43:52 <shaohe_feng73> we should do more for it. 03:44:10 <Sundar> shaohe_feng: Yes. We should have some recommendation for the operators. We could make it admin only by default, and ask the operators to create accelerator_admin role as needed. Or, Cyborg could create that role by default. 03:44:14 <brinzhang> Yeah, the policy can be change, we can only set default role of this 03:44:49 <shaohe_feng73> yes. 03:44:59 <shaohe_feng73> and we can import it later. 03:45:01 <shaohe_feng73> such as: 03:45:07 <Sundar> What if Cyborg creates an accelerator_admin role by default and let the operator map it to specific users? 03:45:57 <shaohe_feng73> such as the system_admin pre-configure 03:46:16 <Sundar> Sure, that's a safe default. 03:46:33 <shaohe_feng73> reserve some pr are not can be used for common users. 03:46:56 <shaohe_feng73> we can think about it later. 03:47:20 <shaohe_feng73> plan and write a new spec for it, maybe 03:47:28 <Sundar> I think it is good to exit this meeting with some decision. This could influence Yumeng's work on policy refresh. 03:48:37 <shaohe_feng73> maybe it does not matter. Cloud provider may not use our default policy. 03:49:43 <Sundar> To be specific, the proposal is: Cyborg should create accelerator_user and accelerator_admin roles by default, map them both to project_admin by default, and document that operators should update them as needed. Agree or disagree? 03:51:15 <shaohe_feng73> OK, and improve it later. 03:51:46 <brinzhang> Sundar:agree, I think it makes sense, maybe we should give some warning in doc, if the default role was changed? 03:51:54 <shaohe_feng73> let system admin do some pre-configure for accelerator_user and accelerator_admin 03:52:29 <shaohe_feng73> NOTE it in the patch 03:52:46 <Sundar> Yumeng, Li_Liu, s_shogo, xinranwang, chenke: ^ agree? 03:53:17 <Li_Liu> seems fine to me 03:53:43 <s_shogo> agree, that seems to be straightforward. 03:53:59 <xinranwang> agree 03:54:01 <shaohe_feng73> anyway, we can distinguish these 2 roles later 03:54:16 <chenke> agree. 03:54:31 <Yumeng> looks fine for me .agree. 03:55:01 <Sundar> Excellent. That's a productive meeting. :) 03:55:24 <Sundar> #topic AoB 03:55:41 <Sundar> Since we are in the last 5 minutes, anything else to bring up? 03:55:51 <Yumeng> sorry, Sundar. another two quick questions. 03:56:07 <Yumeng> device_profile create and delete, role "admin" required, right? 03:56:26 <Yumeng> patch devices and deployables, role "admin" required, right? 03:56:57 <shaohe_feng73> project_admin can have their own DP. 03:57:20 <brinzhang> agree 03:57:33 <shaohe_feng73> patch devices is similar with program. 03:57:50 <shaohe_feng73> we should do more distinguish. 03:58:30 <brinzhang> system_admin and project_admin? if the project_admin can do, the system_admin also can do. 03:58:53 <Sundar> Agreed to both questions 03:59:00 <xinranwang> Yumeng: which one you mean when you say "admin", system_admin or project admin 03:59:12 <shaohe_feng73> yes, limit project_admin. 03:59:44 <Sundar> patche devices: sys admin. patch deployables: accelerator_admin 04:00:00 <Sundar> devic eprofiles create, delete: sys admin 04:00:04 <shaohe_feng73> it is evil if one can do anything. :] 04:00:31 <xinranwang> Sundar: I agree with you :) 04:00:43 <shaohe_feng73> DP can be project admin. 04:00:54 <Yumeng> Sundar: agree. 04:01:23 <shaohe_feng73> Did not agree with DP. 04:01:38 <Sundar> shaohe_feng73: what is "DP"? 04:01:53 <shaohe_feng73> device profiles 04:02:28 <Sundar> A device profile is similar to a flvaor. Only the system admin can create flavors, because it is often used for billing and accounting. 04:02:51 <shaohe_feng73> for, in really cloud sys admin can not prediction application scenarios 04:02:53 <Sundar> A project admin represents a tenant, and so cannot create flavors that he or she likes 04:04:07 <Sundar> If you look at AWS for instance, you will see pre-ceated VM templates, like M1, F1, etc. all with different amounts of GPUs or FPGAs. They bill the user based on that. The operator has to decide aht they support -- tenants (like project admins) cannot decide that 04:04:14 <shaohe_feng73> so if no flavor or DP satisfy with him, what should do? 04:04:27 <Sundar> Ask the operator and agree to pay more ;) 04:04:47 <shaohe_feng73> so the operator help to create a New one? 04:04:56 <shaohe_feng73> that's OK. 04:04:59 <Sundar> yes, as with flavors 04:05:36 <shaohe_feng73> but in some private, the cloud provider can let tenant to create their own DP. 04:05:52 <shaohe_feng73> anyway the policy can change by themselves. 04:06:19 <shaohe_feng73> for private maybe no need bill 04:06:27 <Sundar> Well, I think a cloud admin can delegate roles to others. If they really want to. 04:06:57 <xinranwang> Yes, the policy we discussed here is more like general policy in openstack 04:07:09 <Sundar> xinranwang: Exactly 04:07:27 <brinzhang> current role just we set in Cyborg by default. 04:07:56 <Sundar> brinzhang: what do you mean? 04:08:30 <brinzhang> if the user want to change I think they already think twice 04:08:47 <shaohe_feng73> general == public cloud? 04:09:02 <brinzhang> Sundar: I mean you ponit these policy is the default policy. 04:09:21 <brinzhang> patche devices: sys admin. patch deployables: accelerator_admin devic eprofiles create, delete: sys admin 04:09:39 <Sundar> Yes. 04:09:51 <xinranwang> If cloud provider want the add or change the policy, they can do by themselves. from this point of view, I agree with shaohe_feng73. 04:10:30 <Sundar> Yes. 04:11:39 <Sundar> Quick question to all: don't ave to answer right now. Re. Cyborg in various openStack installers, my understanding is Red Hat is not widely used in China, so I need not push for RDO much. But containers like Kolla and LOCI are more important, right? 04:12:15 <Sundar> We can pick this up next week. 04:12:27 <shaohe_feng73> I guess Kolla. 04:12:37 <Sundar> Any other topic for today? 04:12:41 <brinzhang> Kolla 04:13:13 <brinzhang> I think there is a patch for improve UT need to talk 04:13:28 <brinzhang> that impact some patches to merge 04:13:41 <Sundar> brinzhang: Got it. I'll add it to next week's agenda. 04:14:03 <brinzhang> Sundar: ok~! 04:15:02 <brinzhang> Sundar: You can record https://review.opendev.org/#/c/702807 04:15:07 <Sundar> Meanwhile, the patch that is blocking Nova series merging is https://review.opendev.org/698846. Let's see if we can expedite that and the patches it depends on. In particular, please give +2 to https://review.opendev.org/#/c/703253/ ! :) 04:15:47 <Sundar> brinzhang: Will do 04:16:04 <Li_Liu> sounds good, will do 04:16:12 <Sundar> Thanks a lot, everybody. Have a good day! :) 04:16:13 <chenke> ok 04:16:16 <Sundar> #endmeeting