03:07:09 #startmeeting openstack-cyborg 03:07:10 Meeting started Thu Jul 30 03:07:09 2020 UTC and is due to finish in 60 minutes. The chair is Yumeng. Information about MeetBot at http://wiki.debian.org/MeetBot. 03:07:11 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 03:07:13 The meeting name has been set to 'openstack_cyborg' 03:07:19 https://wiki.openstack.org/wiki/Meetings/CyborgTeamMeeting#Agenda 03:08:33 tomorrow is the end of milestone2, so we need to merge or delay patches for m2, 03:08:58 #topic merge-spec 03:09:35 I think Intel QAT driver and Inspur FPGA driver are ready to merge: https://review.opendev.org/#/c/728014/ and https://review.opendev.org/#/c/730760/ 03:10:49 agree 03:10:51 so pls +2 or W+1, I will merge all at the end of today. 03:11:27 Hi all, sorry for late 03:12:16 hi xinranwang__ 03:12:27 hi xinranwang__ 03:12:57 #topic review features and reset to milestone3 03:13:12 review policy refresh and API Programming support: https://review.opendev.org/#/c/740542/ and https://review.opendev.org/#/c/698190/ 03:13:44 policy and program api are big features for victoria release 03:14:15 but we didn't got enough review for these two patches 03:14:35 Yuemng: what's the scope of PROJECT_ADMIN_OR_OWNER = 'rule:project_admin_or_owner'? 03:14:55 why not it is system_admin_or_owner? 03:15:02 I have asked Haibin to review program API patch. 03:16:00 project_admin_or_owner is project admin(role:admin with a specific project_id) or project member(role:member with a specific project_id) 03:16:02 Yes, please review the programming patch > all 03:16:19 good! thanks > xinran and haibin 03:16:41 a project_admin cannot access resources in another projects 03:17:08 a system_admin can access resources in all the projects, domains,and systems 03:18:42 I release the system_admin_or_owner also need the project_id to verfy 03:18:56 s/release/relize 03:19:15 Yumeng: Inspur FPGA driver has merged. ^ 03:19:25 s/release/realize 03:19:42 swp20, ok good. 03:20:06 brinzhang_: nope. no need to verfy project_id 03:20:56 will verify by like 'scope':'system' 03:21:22 and for project_admin that's like 'scope':'project' 03:21:38 In nova there are PROJECT_MEMBER_OR_SYSTEM_ADMIN = 'rule:system_admin_or_owner' 03:21:38 PROJECT_READER_OR_SYSTEM_READER = 'rule:system_or_project_reader' 03:21:41 with a project_id I think. 03:21:52 do we need to keep the same? 03:22:41 until now, we don't need system_or_project_reader 03:23:03 Yumeng: project_admin can access more than one project, right? 03:23:04 of course, we can remove this 03:23:05 pls check what we've decided here: https://wiki.openstack.org/wiki/Cyborg/Policy 03:24:06 swp20:no. project_admin can only access his own project 03:24:34 hi shaohe_feng 03:24:39 IMHO, project admin can create project. 03:24:48 I mean the rule:system_admin_or_owner in nova as the same as rule:project_admin_or_owner in cyborg 03:25:07 do we need to keep consistent? 03:25:20 hi Yumeng, sorry for late, a conflict meeting 03:25:44 brinzhang_: do you mean the old rule:project_admin_or_owner? 03:26:28 Yumeng: the new in your patch https://review.opendev.org/#/c/740542/15/cyborg/policies/base.py@42 03:28:10 as for the definition, project_admin by keystone should only access its own project. 03:30:17 brinzhang_: not sure what you mean here? "the rule:system_admin_or_owner in nova as the same as rule:project_admin_or_owner in cyborg" I remember nova requires system_admin to create a flavor 03:30:17 can project_admin create project? 03:30:45 while cyborg also requires system_admin to create a device_profile 03:31:30 Yuemng: Let's talk later, please continue next anenda, next meetting sync the AGGREMENT 03:32:55 s/ anenda/agenda 03:33:13 swp20: pls check here, at least in the new keystone policy, a domain or system admin is required to create project https://github.com/openstack/keystone/blob/master/keystone/common/policies/project.py#L152 03:34:11 Oh, it's domain admin. i may make mistake. 03:34:36 thanks, Yumeng. 03:34:59 yes, that's different with old rules. 03:35:04 no swp20 03:36:32 Yumeng, and all: Let me synchronize the progress of the following nova-cyborg interaction. 03:37:15 some patches updated by songwenping, and I synchronize the progress for these features 03:37:23 yes pls. 03:37:24 Completed the legacy patch of nova-cyborg-interaction; https://review.opendev.org/#/c/716186/ 03:37:31 Update the patch of cyborg evcaute support (conflict resolution, gibi -1 to be updated) https://review.opendev.org/#/c/715326/15 03:37:46 cyborg shelve/unshelve patch need to resolve merge conflict too 03:38:23 Yumeng, xinranwang__, s_shogo, swp20 and all: that's all 03:39:23 tks, brinzhang_. 03:39:26 thanks brinzhang_ and swp20 for all these work 03:40:32 as from what sean said here http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2020-07-28.log.html#t2020-07-28T09:29:21 seems we don't have enough review from our own in nova. 03:41:02 I will also review from now own. pls add me to the reviewers once you have cyborg-related patches 03:42:40 once speaking of this irc log, I also wanna mention microversion api(which is mentioned in this log) 03:43:15 Yumeng: yeah. as sean mooney comment in https://review.opendev.org/#/c/738428/. we should add microversion api. 03:44:19 sean think we need microversion api support for cyborg program api and project_id in api(https://review.opendev.org/#/c/738427/), otherwise nova don't think the need support project_id in arq binding api 03:45:27 but this is not in a hurry, just mention. 03:45:58 our next topic in agenda is (nova-neutron-cyborg integration) SmartNic Support spec: https://review.opendev.org/#/c/742785/ 03:45:59 ok, got it. 03:46:56 Have talked to Brin. We need to add decorator to API to check it. If there's any api changes. 03:48:21 brinzhang_, xinranwang__: do you mean check the json type and fields, or check policy? 03:48:40 check api microversion 03:48:48 aha 03:48:52 ok. got it. 03:48:57 yes, agree. 03:49:15 the schema check can be done seperately or together. Both are ok 03:50:33 yes, that's necessary. do we still have enough time to implement in this release? 03:52:18 from policy check's spective, we can implement project_id later. not in a hurry. 03:53:20 IMO, if we do not have enough time, we can do microversion check decorator first. Cause some api changes depends on it. The microverison framework is done, so I think it will not take too much efforts. 03:53:36 Yumeng: brinzhang_ swp20 03:53:46 What do you think? 03:53:52 does device_profile need add project_id? 03:54:15 Agree. 03:55:04 agree, microversion check decorator frist 03:55:11 xinranwang__:so do you add the decorator back? 03:55:38 device_profile need check project_id 03:56:08 i see u commit before and delete after merge in one patch. 03:56:31 Yumeng: ok. 03:57:24 xinranwang__: https://review.opendev.org/#/c/696860/5. 03:57:46 swp20: I probablely have no time to do it recently. If anyone else can take it, it will be nice. 03:57:56 arq project_id depends on microversion check decorator, we can continue add arq project_id after that 03:58:13 ok, i will try it. 03:59:17 thanks swp20 and xinran 03:59:32 ok. that's all from my side. 03:59:42 swp20: thanks, please feel free to ping me if any problems. 03:59:44 Is there anything else for today? 03:59:52 nop, Yumeng. ^ 04:00:10 please reveiw sriov nic support when you got time. 04:00:17 nop, xinranwang__. ^ 04:00:23 ok. thank you all for coming. 04:00:36 have a nice lunch. and see you next week. 04:00:49 nothing from my side, too. 04:00:52 #endmeeting