#openstack-cyborg log

03:07:09 <Yumeng> #startmeeting openstack-cyborg
03:07:10 <openstack> Meeting started Thu Jul 30 03:07:09 2020 UTC and is due to finish in 60 minutes.  The chair is Yumeng. Information about MeetBot at http://wiki.debian.org/MeetBot.
03:07:11 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
03:07:13 <openstack> The meeting name has been set to 'openstack_cyborg'
03:07:19 <Yumeng> https://wiki.openstack.org/wiki/Meetings/CyborgTeamMeeting#Agenda
03:08:33 <Yumeng> tomorrow is the end of milestone2, so we need to merge or delay patches for m2,
03:08:58 <Yumeng> #topic merge-spec
03:09:35 <Yumeng> I think Intel QAT driver and Inspur FPGA driver are ready to  merge: https://review.opendev.org/#/c/728014/ and https://review.opendev.org/#/c/730760/
03:10:49 <brinzhang_> agree
03:10:51 <Yumeng> so pls +2 or W+1, I will merge all at the end of today.
03:11:27 <xinranwang__> Hi all, sorry for late
03:12:16 <brinzhang_> hi xinranwang__
03:12:27 <Yumeng> hi xinranwang__
03:12:57 <Yumeng> #topic review features and reset to milestone3
03:13:12 <Yumeng> review policy refresh and API Programming support: https://review.opendev.org/#/c/740542/ and https://review.opendev.org/#/c/698190/
03:13:44 <Yumeng> policy and program api are big features for victoria release
03:14:15 <Yumeng> but we didn't got enough review for these two patches
03:14:35 <brinzhang_> Yuemng: what's the scope of PROJECT_ADMIN_OR_OWNER = 'rule:project_admin_or_owner'?
03:14:55 <brinzhang_> why not it is system_admin_or_owner?
03:15:02 <xinranwang__> I have asked Haibin to review program API patch.
03:16:00 <Yumeng> project_admin_or_owner is project admin(role:admin with a specific project_id) or project member(role:member with a specific project_id)
03:16:02 <s_shogo> Yes, please review the programming patch > all
03:16:19 <s_shogo> good! thanks > xinran and haibin
03:16:41 <Yumeng> a project_admin cannot access resources in another projects
03:17:08 <Yumeng> a system_admin can access resources in all the projects, domains,and systems
03:18:42 <brinzhang_> I release the system_admin_or_owner also need the project_id to verfy
03:18:56 <brinzhang_> s/release/relize
03:19:15 <swp20> Yumeng: Inspur FPGA driver has merged. ^
03:19:25 <brinzhang_> s/release/realize
03:19:42 <Yumeng> swp20, ok good.
03:20:06 <Yumeng> brinzhang_: nope. no need to verfy project_id
03:20:56 <Yumeng> will verify by like 'scope':'system'
03:21:22 <Yumeng> and for project_admin that's like 'scope':'project'
03:21:38 <brinzhang_> In nova there are PROJECT_MEMBER_OR_SYSTEM_ADMIN = 'rule:system_admin_or_owner'
03:21:38 <brinzhang_> PROJECT_READER_OR_SYSTEM_READER = 'rule:system_or_project_reader'
03:21:41 <Yumeng> with a project_id I think.
03:21:52 <brinzhang_> do we need to keep the same?
03:22:41 <Yumeng> until now, we don't need system_or_project_reader
03:23:03 <swp20> Yumeng: project_admin can access more than one project, right?
03:23:04 <brinzhang_> of course, we can remove this
03:23:05 <Yumeng> pls check what we've decided here: https://wiki.openstack.org/wiki/Cyborg/Policy
03:24:06 <Yumeng> swp20:no. project_admin can only access his own project
03:24:34 <Yumeng> hi shaohe_feng
03:24:39 <swp20> IMHO, project admin can create project.
03:24:48 <brinzhang_> I mean the rule:system_admin_or_owner in nova as the same as rule:project_admin_or_owner in cyborg
03:25:07 <brinzhang_> do we need to keep consistent?
03:25:20 <shaohe_feng> hi Yumeng, sorry for late, a conflict meeting
03:25:44 <Yumeng> brinzhang_: do you mean the old rule:project_admin_or_owner?
03:26:28 <brinzhang_> Yumeng: the new in your patch https://review.opendev.org/#/c/740542/15/cyborg/policies/base.py@42
03:28:10 <Yumeng> as for the definition, project_admin by keystone should only access its own project.
03:30:17 <Yumeng> brinzhang_: not sure what you mean here? "the rule:system_admin_or_owner in nova as the same as rule:project_admin_or_owner in cyborg"  I remember nova requires system_admin to create a flavor
03:30:17 <swp20> can project_admin create project?
03:30:45 <Yumeng> while cyborg also requires system_admin to create a device_profile
03:31:30 <brinzhang_> Yuemng: Let's talk later, please continue next anenda, next meetting sync the AGGREMENT
03:32:55 <brinzhang_> s/ anenda/agenda
03:33:13 <Yumeng> swp20: pls check here, at least in the new keystone policy, a domain or system admin is required to create project https://github.com/openstack/keystone/blob/master/keystone/common/policies/project.py#L152
03:34:11 <swp20> Oh, it's domain admin. i may make mistake.
03:34:36 <swp20> thanks, Yumeng.
03:34:59 <Yumeng> yes, that's different with old rules.
03:35:04 <Yumeng> no swp20
03:36:32 <brinzhang_> Yumeng, and all: Let me synchronize the progress of the following nova-cyborg interaction.
03:37:15 <brinzhang_> some patches updated by songwenping, and I synchronize the progress for these features
03:37:23 <Yumeng> yes pls.
03:37:24 <brinzhang_> Completed the legacy patch of nova-cyborg-interaction; https://review.opendev.org/#/c/716186/
03:37:31 <brinzhang_> Update the patch of cyborg evcaute support (conflict resolution, gibi -1 to be updated) https://review.opendev.org/#/c/715326/15
03:37:46 <brinzhang_> cyborg shelve/unshelve patch need to resolve merge conflict too
03:38:23 <brinzhang_> Yumeng, xinranwang__, s_shogo, swp20 and all: that's all
03:39:23 <swp20> tks, brinzhang_.
03:39:26 <Yumeng> thanks brinzhang_ and swp20 for all these work
03:40:32 <Yumeng> as from what sean said here http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2020-07-28.log.html#t2020-07-28T09:29:21 seems we don't have enough review from our own in nova.
03:41:02 <Yumeng> I will also review from now own. pls add me to the reviewers once you have cyborg-related patches
03:42:40 <Yumeng> once speaking of this irc log, I also  wanna mention microversion api(which is mentioned in this log)
03:43:15 <swp20> Yumeng: yeah. as sean mooney comment in https://review.opendev.org/#/c/738428/. we should add microversion api.
03:44:19 <Yumeng> sean think we need microversion api support for cyborg program api and project_id in api(https://review.opendev.org/#/c/738427/), otherwise nova don't think the need support project_id in arq binding api
03:45:27 <Yumeng> but this is not in a hurry, just mention.
03:45:58 <Yumeng> our next topic in agenda is (nova-neutron-cyborg integration) SmartNic Support spec: https://review.opendev.org/#/c/742785/
03:45:59 <swp20> ok, got it.
03:46:56 <xinranwang__> Have talked to Brin. We need to add decorator to API to check it. If there's any api changes.
03:48:21 <Yumeng> brinzhang_, xinranwang__: do you mean check the json type and fields, or check policy?
03:48:40 <xinranwang__> check api microversion
03:48:48 <Yumeng> aha
03:48:52 <Yumeng> ok. got it.
03:48:57 <Yumeng> yes, agree.
03:49:15 <xinranwang__> the schema check can be done seperately or together. Both are ok
03:50:33 <Yumeng> yes, that's necessary. do we still have enough time to implement in this release?
03:52:18 <Yumeng> from policy check's spective, we can implement project_id later.  not in a hurry.
03:53:20 <xinranwang__> IMO, if we do not have enough time, we can do microversion check decorator first. Cause some api changes depends on it. The microverison framework is done, so I think it will not take too much efforts.
03:53:36 <xinranwang__> Yumeng: brinzhang_  swp20
03:53:46 <xinranwang__> What do you think?
03:53:52 <swp20> does device_profile need add project_id?
03:54:15 <swp20> Agree.
03:55:04 <Yumeng> agree, microversion check decorator frist
03:55:11 <swp20> xinranwang__:so do you add the decorator back?
03:55:38 <Yumeng> device_profile need check project_id
03:56:08 <swp20> i see u commit before and delete after merge in one patch.
03:56:31 <swp20> Yumeng: ok.
03:57:24 <swp20> xinranwang__: https://review.opendev.org/#/c/696860/5.
03:57:46 <xinranwang__> swp20:  I probablely have no time to do it recently. If anyone else can take it, it will be nice.
03:57:56 <Yumeng> arq project_id depends on microversion check decorator, we can continue add arq project_id after that
03:58:13 <swp20> ok, i will try it.
03:59:17 <Yumeng> thanks swp20 and xinran
03:59:32 <Yumeng> ok. that's all from my side.
03:59:42 <xinranwang__> swp20: thanks, please feel free to ping me if any problems.
03:59:44 <Yumeng> Is there anything else for today?
03:59:52 <swp20> nop, Yumeng. ^
04:00:10 <xinranwang__> please reveiw sriov nic support when you got time.
04:00:17 <swp20> nop, xinranwang__. ^
04:00:23 <Yumeng> ok. thank you all for coming.
04:00:36 <Yumeng> have a nice lunch. and see you next week.
04:00:49 <swp20> nothing from my side, too.
04:00:52 <Yumeng> #endmeeting