From fungi at yuggoth.org Thu Nov 1 01:14:56 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Thu, 1 Nov 2018 01:14:56 +0000 Subject: [openstack-dev] Storyboard python script In-Reply-To: References: Message-ID: <20181101011455.2kzewydkraar7ea5@yuggoth.org> On 2018-10-31 22:39:01 +0000 (+0000), Krishna Jain wrote: > I’m an animator with some coding experience picking up Python. I > came across your python-storyboardclient library, which would be > very helpful for automating our pipeline in Toon Boom Storyboard > Pro. [...] The python-storyboardclient library is for use with the free/libre open source StoryBoard task and defect tracker project described by the documentation located at https://docs.openstack.org/infra/storyboard/ and not the commercial "Toon Boom Storyboard Pro" animation software to which you seem to be referring. Sorry for the confusion! -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From zigo at debian.org Thu Nov 1 07:52:50 2018 From: zigo at debian.org (Thomas Goirand) Date: Thu, 1 Nov 2018 08:52:50 +0100 Subject: [openstack-dev] [oslo] No complains about rabbitmq SSL problems: could we have this in the logs? In-Reply-To: <08C09D03-132D-406E-AFDE-7845B2D55B5F@vexxhost.com> References: <08C09D03-132D-406E-AFDE-7845B2D55B5F@vexxhost.com> Message-ID: <1d5364ed-076b-ac86-6c54-9d9a16bc87a2@debian.org> On 10/31/18 2:40 PM, Mohammed Naser wrote: > For what it’s worth: I ran into the same issue. I think the problem lies a bit deeper because it’s a problem with kombu as when debugging I saw that Oslo messaging tried to connect and hung after. > > Sent from my iPhone > >> On Oct 31, 2018, at 2:29 PM, Thomas Goirand wrote: >> >> Hi, >> >> It took me a long long time to figure out that my SSL setup was wrong >> when trying to connect Heat to rabbitmq over SSL. Unfortunately, Oslo >> (or heat itself) never warn me that something was wrong, I just got >> nothing working, and no log at all. >> >> I'm sure I wouldn't be the only one happy about having this type of >> problems being yelled out loud in the logs. Right now, it does work if I >> turn off SSL, though I'm still not sure what's wrong in my setup, and >> I'm given no clue if the issue is on rabbitmq-server or on the client >> side (ie: heat, in my current case). >> >> Just a wishlist... :) >> Cheers, >> >> Thomas Goirand (zigo) I've opened a bug here: https://bugs.launchpad.net/oslo.messaging/+bug/1801011 Cheers, Thomas Goirand (zigo) From dtantsur at redhat.com Thu Nov 1 10:53:24 2018 From: dtantsur at redhat.com (Dmitry Tantsur) Date: Thu, 1 Nov 2018 11:53:24 +0100 Subject: [openstack-dev] [ironic] Team gathering at the Forum? In-Reply-To: <7D82DA8E-0159-46F1-9987-3E97450BBB8E@telfer.org> References: <627c8ab5-1918-8ca4-1dae-29cb78859d57@redhat.com> <7D82DA8E-0159-46F1-9987-3E97450BBB8E@telfer.org> Message-ID: <34fbcaf6-cdcd-7bc1-56ce-651e19d14d22@redhat.com> Hi, You mean Lindenbrau, right? I was thinking of changing the venue, but if you're there, I think we should go there too! I just hope they can still fit 15 ppl :) Will try reserving tomorrow. Dmitry On 11/1/18 12:11 AM, Stig Telfer wrote: > Hello Ironicers - > > We’ve booked the same venue for the Scientific SIG for Wednesday evening, and hopefully we’ll see you there. There’s plenty of cross-over between our groups, particularly at an operator level. > > Cheers, > Stig > > >> On 29 Oct 2018, at 14:58, Dmitry Tantsur wrote: >> >> Hi folks! >> >> This is your friendly reminder to vote on the day. Even if you're fine with all days, please leave a vote, so that we know how many people are coming. We will need to make a reservation, and we may not be able to accommodate more people than voted! >> >> Dmitry >> >> On 10/22/18 6:06 PM, Dmitry Tantsur wrote: >>> Hi ironicers! :) >>> We are trying to plan an informal Ironic team gathering in Berlin. If you care about Ironic and would like to participate, please fill in https://doodle.com/poll/iw5992px765nthde. Note that the location is tentative, also depending on how many people sign up. >>> Dmitry >> >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > From mrhillsman at gmail.com Thu Nov 1 11:25:31 2018 From: mrhillsman at gmail.com (Melvin Hillsman) Date: Thu, 1 Nov 2018 06:25:31 -0500 Subject: [openstack-dev] [openlab] October Report Message-ID: Hi everyone, Here are some highlights from OpenLab for the month of October: CI additions - cluster-api-provider-openstack - AdoptOpenJDK - very important open source project - many Java developers - strategic for open source ecosystem Website redesign completed - fielding resource and support requests via GitHub - ML sign up via website - Community page - CI Infrastructure and High level request pipeline still manual but driven by Google Sheets - closer to being fully automated; easier to manage via spreadsheet instead of website backend Promotion - OSN Day Dallas, November 6th, 2018 https://events.linuxfoundation.org/events/osn_days_2018/north-america/ dallas/ - Twitter account is live - @askopenlab Mailing List - https://lists.openlabtesting.org - running latest mailman - postorious frontend - net new members - 7 OpenLab Tests (October) - total number of tests run - 3504 - SUCCESS - 2421 - FAILURE - 871 - POST_FAILURE- 72 - RETRY_LIMIT - 131 - TIMED_OUT - 9 - NODE_FAILURE - 0 - SKIPPED - 0 - 69.0925% : 30.9075% (success to fail/other job ratio) (September) - total number of tests run - 4350 - SUCCESS - 2611 - FAILURE - 1326 - POST_FAILURE- 336 - RETRY_LIMIT - 66 - TIMED_OUT - 11 - NODE_FAILURE - 0 - SKIPPED - 0 - 60.0230% : 39.9770% (success to fail/other job ratio) Delta - 9.0695% increase in success to fail/other job ratio - testament to great support by Chenrui and Liusheng "keeping the lights on". Additional Infrastructure - Packet - 80 vCPUs, 80G RAM, 1000G Disk - ARM - ARM-based OpenStack Cloud - Managed by codethink.co.uk - single compute node - 96 vCPUs, 128G RAM, 800G Disk - Massachusetts Open Cloud - in progress - small project for now - academia partner Build Status Legend: SUCCESS job executed correctly and exited without failure FAILURE job executed correctly, but exited with a failure RETRY_LIMIT pre-build tasks/plays failed more than the maximum number of retry attempts POST_FAILURE post-build tasks/plays failed SKIPPED one of the build dependencies failed and this job was not executed NODE_FAILURE no device available to run the build TIMED_OUT build got stuck at some point and hit the timeout limit Thank you to everyone who has read through this month’s update. If you have any question/concerns please feel free to start a thread on the mailing list or if it is something not to be shared publicly right now you can email info at openlabtesting.org Kind regards, OpenLab Governance Team -- Kind regards, Melvin Hillsman mrhillsman at gmail.com mobile: (832) 264-2646 -------------- next part -------------- An HTML attachment was scrubbed... URL: From derekh at redhat.com Thu Nov 1 11:46:40 2018 From: derekh at redhat.com (Derek Higgins) Date: Thu, 1 Nov 2018 11:46:40 +0000 Subject: [openstack-dev] [tripleo] reducing our upstream CI footprint In-Reply-To: References: Message-ID: On Wed, 31 Oct 2018 at 17:22, Alex Schultz wrote: > > Hey everyone, > > Based on previous emails around this[0][1], I have proposed a possible > reducing in our usage by switching the scenario001--011 jobs to > non-voting and removing them from the gate[2]. This will reduce the > likelihood of causing gate resets and hopefully allow us to land > corrective patches sooner. In terms of risks, there is a risk that we > might introduce breaking changes in the scenarios because they are > officially non-voting, and we will still be gating promotions on these > scenarios. This means that if they are broken, they will need the > same attention and care to fix them so we should be vigilant when the > jobs are failing. > > The hope is that we can switch these scenarios out with voting > standalone versions in the next few weeks, but until that I think we > should proceed by removing them from the gate. I know this is less > than ideal but as most failures with these jobs in the gate are either > timeouts or unrelated to the changes (or gate queue), they are more of > hindrance than a help at this point. > > Thanks, > -Alex While on the topic of reducing the CI footprint something worth considering when pushing up a string of patches would be to remove a bunch of the check jobs at the start of the patch set. e.g. If I'm working on t-h-t and have a series of 10 patches, while looking for feedback I could remove most of the jobs from zuul.d/layout.yaml in patch 1 so all 10 patches don't run the entire suite of CI jobs. Once it becomes clear that the patchset is nearly ready to merge, I change patch 1 leave zuul.d/layout.yaml as is. I'm not suggesting everybody does this but anybody who tends to push up multiple patch sets together could consider it to not tie up resources for hours. > > [0] http://lists.openstack.org/pipermail/openstack-dev/2018-October/136141.html > [1] http://lists.openstack.org/pipermail/openstack-dev/2018-October/135396.html > [2] https://review.openstack.org/#/q/topic:reduce-tripleo-usage+(status:open+OR+status:merged) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From gokhan.isik at tubitak.gov.tr Thu Nov 1 11:52:56 2018 From: gokhan.isik at tubitak.gov.tr (=?utf-8?Q?G=C3=B6khan_I=C5=9EIK_=28B=C4=B0LGEM_BTE=29?=) Date: Thu, 1 Nov 2018 14:52:56 +0300 (EET) Subject: [openstack-dev] [Oslo][nova][openstack-ansible] About Rabbitmq warning problems on nova-compute side Message-ID: <1101609091.2040456.1541073176882.JavaMail.zimbra@tubitak.gov.tr> Hi folks, I have problems about rabbitmq on nova-compute side. I see lots of warnings in log file like that “client unexpectedly closed TCP connection”.[1] I have a HA OpenStack environment on ubuntu 16.04.5 which is installed with Openstack Ansible Project. My OpenStack environment version is Pike. My environment consists of 3 controller nodes ,23 compute nodes and 1 log node. Cinder volume service is installed on compute nodes and I am using NetApp Storage. I tried lots of configs on nova about oslo messaging and rabbitmq side, but I didn’t resolve this problem. My latest configs are below: rabbitmq.config is : http://paste.openstack.org/show/733767/ nova.conf is: [ http://paste.openstack.org/show/733768/ | http://paste.openstack.org/show/733768/ ] Services versions are : http://paste.openstack.org/show/733769/ Can you share your experiences on rabbitmq side and How can I solve these warnings on nova-compute side ? What will you advice ? [1] http://paste.openstack.org/show/733766/ -------------- next part -------------- An HTML attachment was scrubbed... URL: From doug at doughellmann.com Thu Nov 1 12:52:05 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 08:52:05 -0400 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: References: Message-ID: zuul at openstack.org writes: > Build failed. > > - publish-openstack-releasenotes-python3 http://logs.openstack.org/86/86022835fb39cb318e28994ed0290caddfb451be/tag/publish-openstack-releasenotes-python3/7347218/ : POST_FAILURE in 13m 53s > - publish-openstack-releasenotes http://logs.openstack.org/86/86022835fb39cb318e28994ed0290caddfb451be/tag/publish-openstack-releasenotes/a4c2e21/ : SUCCESS in 13m 54s > > _______________________________________________ > Release-job-failures mailing list > Release-job-failures at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/release-job-failures Keystone is configured in stable/queens with the release-notes-jobs project template and in master with the release-notes-jobs-python3 template. This is, AFAICT, exactly what we said should be done. However, both of the templates include jobs in the "tag" pipeline, and tags are not branch-aware. That means we end up running both versions of the release notes publishing jobs when we tag a release, and the results may be unpredictable. This problem will affect other projects as well. I think we have a few options. 1. Move the job settings out of the source repository into project-config, like we do for the release jobs, so that we always run the same version in all cases. This has two downsides. First, we would have to support the python3 variant even on very old stable branches. That shouldn't be a very big concern, though, because that job does not install the source for the project or its dependencies. Second, we would have to modify all of the zuul configurations for all of our old branches, again. As much as I'm enjoying the jokes about how I'm padding my contribution stats this cycle, I don't really want to do that. 2. Make the job itself smart enough to figure out whether to run with python 2 or 3. We could update both jobs to look at some setting in the repo to decide which version to use. This feels excessively complicated, might still result in having to modify some settings in the stable branches, and would mean we would have to customize the shared versions of the jobs defined in the zuul-jobs repo. 3. Modify the python 2 version of the project template ("release-notes-jobs") to remove the "tag" pipeline settings. This would let us continue to use the python 2 variant for tests and when patches merge, and only use the python 3 job for tags. As with option 1, we would have to be sure that the release notes job works under python 3 for all repos, but as described above that isn't a big concern. I think we should take option 3, and will be preparing a patch to do that shortly. Did I miss any options or issues with this approach? Doug From doug at doughellmann.com Thu Nov 1 12:52:54 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 08:52:54 -0400 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: References: Message-ID: Doug Hellmann writes: > zuul at openstack.org writes: > >> Build failed. >> >> - publish-openstack-releasenotes-python3 http://logs.openstack.org/86/86022835fb39cb318e28994ed0290caddfb451be/tag/publish-openstack-releasenotes-python3/7347218/ : POST_FAILURE in 13m 53s >> - publish-openstack-releasenotes http://logs.openstack.org/86/86022835fb39cb318e28994ed0290caddfb451be/tag/publish-openstack-releasenotes/a4c2e21/ : SUCCESS in 13m 54s >> >> _______________________________________________ >> Release-job-failures mailing list >> Release-job-failures at lists.openstack.org >> http://lists.openstack.org/cgi-bin/mailman/listinfo/release-job-failures > > Keystone is configured in stable/queens with the release-notes-jobs > project template and in master with the release-notes-jobs-python3 > template. This is, AFAICT, exactly what we said should be done. However, > both of the templates include jobs in the "tag" pipeline, and tags are > not branch-aware. That means we end up running both versions of the > release notes publishing jobs when we tag a release, and the results may > be unpredictable. This problem will affect other projects as well. > > I think we have a few options. > > 1. Move the job settings out of the source repository into > project-config, like we do for the release jobs, so that we always > run the same version in all cases. > > This has two downsides. > > First, we would have to support the python3 variant even on very old > stable branches. That shouldn't be a very big concern, though, > because that job does not install the source for the project or its > dependencies. > > Second, we would have to modify all of the zuul configurations for > all of our old branches, again. As much as I'm enjoying the jokes > about how I'm padding my contribution stats this cycle, I don't > really want to do that. > > 2. Make the job itself smart enough to figure out whether to run with > python 2 or 3. > > We could update both jobs to look at some setting in the repo to > decide which version to use. This feels excessively complicated, > might still result in having to modify some settings in the stable > branches, and would mean we would have to customize the shared > versions of the jobs defined in the zuul-jobs repo. > > 3. Modify the python 2 version of the project template > ("release-notes-jobs") to remove the "tag" pipeline settings. > > This would let us continue to use the python 2 variant for tests and > when patches merge, and only use the python 3 job for tags. As with > option 1, we would have to be sure that the release notes job works > under python 3 for all repos, but as described above that isn't a big > concern. > > I think we should take option 3, and will be preparing a patch to do > that shortly. > > Did I miss any options or issues with this approach? > > Doug See https://review.openstack.org/614758 Doug From sean.mcginnis at gmx.com Thu Nov 1 13:07:09 2018 From: sean.mcginnis at gmx.com (Sean McGinnis) Date: Thu, 1 Nov 2018 08:07:09 -0500 Subject: [openstack-dev] [release] Release countdown for week R-22, November 5-9 Message-ID: <20181101130709.GA17076@sm-workstation> Development Focus ----------------- Teams should now be focused on feature development and completion of release goals [0]. [0] https://governance.openstack.org/tc/goals/stein/index.html General Information ------------------- We are now past the Stein-1 milestone. Following the changes described in [0] we have release most of the cycle-with-intermediary libraries. It is a good time to think about any additional client (or deliverables marked as type:"other") releases. All projects with these deliverables should try to have a release done before Stein-2. All cycle-with-milestone deliverables have been switched over to be cycle-with-rc [1]. Just a reminder that we can still do milestone beta releases if there is a need for them, but we want to avoid doing so just because that is what we've historically done. Any questions about these changes, or any release planning or process questions in general, please reach out to us in the #openstack-release channel or on the mailing list. [0] http://lists.openstack.org/pipermail/openstack-dev/2018-October/135689.html [1] http://lists.openstack.org/pipermail/openstack-dev/2018-September/135088.html Upcoming Deadlines & Dates -------------------------- Forum at OpenStack Summit in Berlin: November 13-15 Start using openstack-discuss ML: November 19 Stein-2 Milestone: January 10 -- Sean McGinnis (smcginnis) From doug at doughellmann.com Thu Nov 1 13:15:11 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 09:15:11 -0400 Subject: [openstack-dev] [tc] publishing openstack_governance library to PyPI Message-ID: TC members, I have a series of patches up for review starting at [1] to create a small library for reading and manipulating the project reference data in the YAML files in the openstack/governance repository. After copying similar code into a 3rd repository that wants to consume it last cycle, I thought I ought to just go ahead and do this properly. The patch in [2] is an example of how the releases repository can take advantage of having a library like this. Please add the series to your review queue. Doug [1] https://review.openstack.org/#/c/614597 [2] https://review.openstack.org/614606 From fungi at yuggoth.org Thu Nov 1 13:18:20 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Thu, 1 Nov 2018 13:18:20 +0000 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: References: Message-ID: <20181101131819.rbrezm4pi37x6vpx@yuggoth.org> On 2018-11-01 08:52:05 -0400 (-0400), Doug Hellmann wrote: [...] > Did I miss any options or issues with this approach? https://review.openstack.org/578557 -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From doug at doughellmann.com Thu Nov 1 13:27:03 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 09:27:03 -0400 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: <20181101131819.rbrezm4pi37x6vpx@yuggoth.org> References: <20181101131819.rbrezm4pi37x6vpx@yuggoth.org> Message-ID: Jeremy Stanley writes: > On 2018-11-01 08:52:05 -0400 (-0400), Doug Hellmann wrote: > [...] >> Did I miss any options or issues with this approach? > > https://review.openstack.org/578557 How high of a priority is rolling that feature out? It does seem to eliminate this particular issue (even the edge cases described in the commit message shouldn't affect us based on our typical practices), but until we have one of the two changes in place we're going to have this issue with every release we tag. Doug > > -- > Jeremy Stanley > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From doug at doughellmann.com Thu Nov 1 14:57:34 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 10:57:34 -0400 Subject: [openstack-dev] [tc] agenda for TC meeting 1 Nov 1400 UTC In-Reply-To: References: Message-ID: Doug Hellmann writes: > TC members, > > The TC will be meeting on 1 Nov at 1400 UTC in #openstack-tc to discuss > some of our ongoing initiatives. Here is the agenda for this week. > > * meeting procedures > > * discussion of topics for joint leadership meeting at Summit in > Berlin > > * completing TC liaison assignments > ** https://wiki.openstack.org/wiki/OpenStack_health_tracker#Project_Teams > > * documenting chair responsibilities > ** https://etherpad.openstack.org/p/tc-chair-responsibilities > > * reviewing the health-check check list > ** https://wiki.openstack.org/wiki/OpenStack_health_tracker#Health_check_list > > * deciding next steps on technical vision statement > ** https://review.openstack.org/592205 > > * deciding next steps on python 3 and distro versions for PTI > ** https://review.openstack.org/610708 Add optional python3.7 unit test enablement to python3-first > ** https://review.openstack.org/611010 Make Python 3 testing requirement less specific > ** https://review.openstack.org/611080 Explicitly declare Stein supported runtimes > ** https://review.openstack.org/613145 Resolution on keeping up with Python 3 releases > > * reviews needing attention > ** https://review.openstack.org/613268 Indicate relmgt style for each deliverable > ** https://review.openstack.org/613856 Remove Dragonflow from the official projects list > > If you have suggestions for topics for the next meeting (6 Dec), please > add them to the wiki at > https://wiki.openstack.org/wiki/Meetings/TechnicalCommittee#Agenda_Suggestions > > Doug > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev The logs for this meeting are available now at Minutes: http://eavesdrop.openstack.org/meetings/tc/2018/tc.2018-11-01-14.01.html Minutes (text): http://eavesdrop.openstack.org/meetings/tc/2018/tc.2018-11-01-14.01.txt Log: http://eavesdrop.openstack.org/meetings/tc/2018/tc.2018-11-01-14.01.log.html Doug From mriedemos at gmail.com Thu Nov 1 14:57:56 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Thu, 1 Nov 2018 09:57:56 -0500 Subject: [openstack-dev] [nova] Is anyone running their own script to purge old instance_faults table entries? Message-ID: <856536e5-631c-c975-7a6f-91a2167e9baf@gmail.com> I came across this bug [1] in triage today and I thought this was fixed already [2] but either something regressed or there is more to do here. I'm mostly just wondering, are operators already running any kind of script which purges old instance_faults table records before an instance is deleted and archived/purged? Because if so, that might be something we want to add as a nova-manage command. [1] https://bugs.launchpad.net/nova/+bug/1800755 [2] https://review.openstack.org/#/c/409943/ -- Thanks, Matt From fungi at yuggoth.org Thu Nov 1 15:08:09 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Thu, 1 Nov 2018 15:08:09 +0000 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: References: <20181101131819.rbrezm4pi37x6vpx@yuggoth.org> Message-ID: <20181101150809.7xjutvh4kh5p2533@yuggoth.org> On 2018-11-01 09:27:03 -0400 (-0400), Doug Hellmann wrote: > Jeremy Stanley writes: > > > On 2018-11-01 08:52:05 -0400 (-0400), Doug Hellmann wrote: > > [...] > >> Did I miss any options or issues with this approach? > > > > https://review.openstack.org/578557 > > How high of a priority is rolling that feature out? It does seem to > eliminate this particular issue (even the edge cases described in the > commit message shouldn't affect us based on our typical practices), but > until we have one of the two changes in place we're going to have this > issue with every release we tag. It was written as a potential solution to this problem back when we first discussed it in June, but at the time we thought it might be solvable via job configuration with minimal inconvenience so that feature was put on hold as a fallback option in case we ended up needing it. I expect since it's already seen some review and is passing tests it could probably be picked back up fairly quickly now that alternative solutions have proven more complex than originally envisioned. -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From sean.mcginnis at gmx.com Thu Nov 1 15:38:14 2018 From: sean.mcginnis at gmx.com (Sean McGinnis) Date: Thu, 1 Nov 2018 10:38:14 -0500 Subject: [openstack-dev] [Release-job-failures][release][infra] Tag of openstack/keystone failed In-Reply-To: <20181101150809.7xjutvh4kh5p2533@yuggoth.org> References: <20181101131819.rbrezm4pi37x6vpx@yuggoth.org> <20181101150809.7xjutvh4kh5p2533@yuggoth.org> Message-ID: <20181101153813.GA18688@sm-workstation> On Thu, Nov 01, 2018 at 03:08:09PM +0000, Jeremy Stanley wrote: > On 2018-11-01 09:27:03 -0400 (-0400), Doug Hellmann wrote: > > Jeremy Stanley writes: > > > > > On 2018-11-01 08:52:05 -0400 (-0400), Doug Hellmann wrote: > > > [...] > > >> Did I miss any options or issues with this approach? > > > > > > https://review.openstack.org/578557 > > > > How high of a priority is rolling that feature out? It does seem to > > eliminate this particular issue (even the edge cases described in the > > commit message shouldn't affect us based on our typical practices), but > > until we have one of the two changes in place we're going to have this > > issue with every release we tag. > > It was written as a potential solution to this problem back when we > first discussed it in June, but at the time we thought it might be > solvable via job configuration with minimal inconvenience so that > feature was put on hold as a fallback option in case we ended up > needing it. I expect since it's already seen some review and is > passing tests it could probably be picked back up fairly quickly now > that alternative solutions have proven more complex than originally > envisioned. > -- > Jeremy Stanley Doug's option 3 made sense to me as a way to address this for now. I could see doing that for the time being, but if this is coming in the near future, we can wait and go with it as option 4. Sean From lijie at unitedstack.com Thu Nov 1 15:43:25 2018 From: lijie at unitedstack.com (=?utf-8?B?UmFtYm8=?=) Date: Thu, 1 Nov 2018 23:43:25 +0800 Subject: [openstack-dev] [cinder] about use nfs driver to backup the volume snapshot Message-ID: Hi,all Recently, I use the nfs driver as the cinder-backup backend, when I use it to backup the volume snapshot, the result is return the NotImplementedError[1].And the nfs.py doesn't has the create_volume_from_snapshot function. Does the community plan to achieve it which is as nfs as the cinder-backup backend?Can you tell me about this?Thank you very much! [1]https://github.com/openstack/cinder/blob/master/cinder/volume/driver.py#L2142 Best Regards Rambo -------------- next part -------------- An HTML attachment was scrubbed... URL: From aschultz at redhat.com Thu Nov 1 16:26:36 2018 From: aschultz at redhat.com (Alex Schultz) Date: Thu, 1 Nov 2018 10:26:36 -0600 Subject: [openstack-dev] [tripleo] gate issues please do not approve/recheck In-Reply-To: References: Message-ID: Ok since the podman revert patche has been successfully merged and we've landed most of the non-voting scenario patches, it should be OK to restore/recheck. It would be a good idea to prioritized things to land and if it's not critical, let's hold off on approving until we're sure the gate is much better. Thanks, -Alex On Wed, Oct 31, 2018 at 9:39 AM Alex Schultz wrote: > > Hey folks, > > So we have identified an issue that has been causing a bunch of > failures and proposed a revert of our podman testing[0]. We have > cleared the gate and are asking that you not approve or recheck any > patches at this time. We will let you know when it is safe to start > approving things. > > Thanks, > -Alex > > [0] https://review.openstack.org/#/c/614537/ From ifatafekn at gmail.com Thu Nov 1 17:26:00 2018 From: ifatafekn at gmail.com (Ifat Afek) Date: Thu, 1 Nov 2018 19:26:00 +0200 Subject: [openstack-dev] [vitrage] I have some problems with Prometheus alarms in vitrage. In-Reply-To: References:

Message-ID: Hi, On Wed, Oct 31, 2018 at 11:00 AM Won wrote: > Hi, > >> >> This is strange. I would expect your original definition to work as well, >> since the alarm key in Vitrage is defined by a combination of the alert >> name and the instance. We will check it again. >> BTW, we solved a different bug related to Prometheus alarms not being >> cleared [1]. Could it be related? >> > > Using the original definition, no matter how different the instances are, > the alarm names are recognized as the same alarm in vitrage. > And I tried to install the rocky version and the master version on the new > server and retest but the problem was not solved. The latest bugfix seems > irrelevant. > Ok. We will check this issue. For now your workaround is ok, right? > Does the wrong timestamp appear if you run 'vitrage alarm list' cli >> command? please try running 'vitrage alarm list --debug' and send me the >> output. >> > > I have attached 'vitrage-alarm-list.txt.' > I believe that you attached the wrong file. It seems like another log of vitrage-graph. > > >> Please send me vitrage-collector.log and vitrage-graph.log from the time >> that the problematic vm was created and deleted. Please also create and >> delete a vm on your 'ubuntu' server, so I can check the differences in the >> log. >> > > I have attached 'vitrage_log_on_compute1.zip' and > 'vitrage_log_on_ubuntu.zip' files. > When creating a vm on computer1, a vitrage-collect log occurred, but no > log occurred when it was removed. > Looking at the logs, I see two issues: 1. On ubuntu server, you get a notification about the vm deletion, while on compute1 you don't get it. Please make sure that Nova sends notifications to 'vitrage_notifications' - it should be configured in /etc/nova/nova.conf. 2. Once in 10 minutes (by default) nova.instance datasource queries all instances. The deleted vm is supposed to be deleted in Vitrage at this stage, even if the notification was lost. Please check in your collector log for the a message of "novaclient.v2.client [-] RESP BODY" before and after the deletion, and send me its content. Br, Ifat -------------- next part -------------- An HTML attachment was scrubbed... URL: From openstack at nemebean.com Thu Nov 1 17:24:47 2018 From: openstack at nemebean.com (Ben Nemec) Date: Thu, 1 Nov 2018 12:24:47 -0500 Subject: [openstack-dev] [tripleo] Zuul Queue backlogs and resource usage In-Reply-To: <1540934167.1342260.1560169400.784F8BDF@webmail.messagingengine.com> References: <1540915417.449870.1559798696.1CFB3E75@webmail.messagingengine.com> <1077343a-b708-4fa2-0f44-2575363419e9@nemebean.com> <1540923927.492007.1559968608.2F968E3E@webmail.messagingengine.com> <2aafb949-e76b-f1a9-19bf-890fc7d99179@nemebean.com> <1540934167.1342260.1560169400.784F8BDF@webmail.messagingengine.com> Message-ID: On 10/30/18 4:16 PM, Clark Boylan wrote: > On Tue, Oct 30, 2018, at 1:01 PM, Ben Nemec wrote: >> >> >> On 10/30/18 1:25 PM, Clark Boylan wrote: >>> On Tue, Oct 30, 2018, at 10:42 AM, Alex Schultz wrote: >>>> On Tue, Oct 30, 2018 at 11:36 AM Ben Nemec wrote: >>>>> >>>>> Tagging with tripleo since my suggestion below is specific to that project. >>>>> >>>>> On 10/30/18 11:03 AM, Clark Boylan wrote: >>>>>> Hello everyone, >>>>>> >>>>>> A little while back I sent email explaining how the gate queues work and how fixing bugs helps us test and merge more code. All of this still is still true and we should keep pushing to improve our testing to avoid gate resets. >>>>>> >>>>>> Last week we migrated Zuul and Nodepool to a new Zookeeper cluster. In the process of doing this we had to restart Zuul which brought in a new logging feature that exposes node resource usage by jobs. Using this data I've been able to generate some report information on where our node demand is going. This change [0] produces this report [1]. >>>>>> >>>>>> As with optimizing software we want to identify which changes will have the biggest impact and to be able to measure whether or not changes have had an impact once we have made them. Hopefully this information is a start at doing that. Currently we can only look back to the point Zuul was restarted, but we have a thirty day log rotation for this service and should be able to look at a month's worth of data going forward. >>>>>> >>>>>> Looking at the data you might notice that Tripleo is using many more node resources than our other projects. They are aware of this and have a plan [2] to reduce their resource consumption. We'll likely be using this report generator to check progress of this plan over time. >>>>> >>>>> I know at one point we had discussed reducing the concurrency of the >>>>> tripleo gate to help with this. Since tripleo is still using >50% of the >>>>> resources it seems like maybe we should revisit that, at least for the >>>>> short-term until the more major changes can be made? Looking through the >>>>> merge history for tripleo projects I don't see a lot of cases (any, in >>>>> fact) where more than a dozen patches made it through anyway*, so I >>>>> suspect it wouldn't have a significant impact on gate throughput, but it >>>>> would free up quite a few nodes for other uses. >>>>> >>>> >>>> It's the failures in gate and resets. At this point I think it would >>>> be a good idea to turn down the concurrency of the tripleo queue in >>>> the gate if possible. As of late it's been timeouts but we've been >>>> unable to track down why it's timing out specifically. I personally >>>> have a feeling it's the container download times since we do not have >>>> a local registry available and are only able to leverage the mirrors >>>> for some levels of caching. Unfortunately we don't get the best >>>> information about this out of docker (or the mirrors) and it's really >>>> hard to determine what exactly makes things run a bit slower. >>> >>> We actually tried this not too long ago https://git.openstack.org/cgit/openstack-infra/project-config/commit/?id=22d98f7aab0fb23849f715a8796384cffa84600b but decided to revert it because it didn't decrease the check queue backlog significantly. We were still running at several hours behind most of the time. >> >> I'm surprised to hear that. Counting the tripleo jobs in the gate at >> positions 11-20 right now, I see around 84 nodes tied up in long-running >> jobs and another 32 for shorter unit test jobs. The latter probably >> don't have much impact, but the former is a non-trivial amount. It may >> not erase the entire 2300+ job queue that we have right now, but it >> seems like it should help. >> >>> >>> If we want to set up better monitoring and measuring and try it again we can do that. But we probably want to measure queue sizes with and without the change like that to better understand if it helps. >> >> This seems like good information to start capturing, otherwise we are >> kind of just guessing. Is there something in infra already that we could >> use or would it need to be new tooling? > > Digging around in graphite we currently track mean in pipelines. This is probably a reasonable metric to use for this specific case. > > Looking at the check queue [3] shows the mean time enqueued in check during the rough period window floor was 10 and [4] shows it since then. The 26th and 27th are bigger peaks than previously seen (possibly due to losing inap temporarily) but otherwise a queue backlog of ~200 minutes was "normal" in both time periods. > > [3] http://graphite.openstack.org/render/?from=20181015&until=20181019&target=scale(stats.timers.zuul.tenant.openstack.pipeline.check.resident_time.mean,%200.00001666666) > [4] http://graphite.openstack.org/render/?from=20181019&until=20181030&target=scale(stats.timers.zuul.tenant.openstack.pipeline.check.resident_time.mean,%200.00001666666) > > You should be able to change check to eg gate or other queue names and poke around more if you like. Note the scale factor scales from milliseconds to minutes. > > Clark > Cool, thanks. Seems like things have been better for the past couple of days, but I'll keep this in my back pocket for future reference. From doug at doughellmann.com Thu Nov 1 17:48:39 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 13:48:39 -0400 Subject: [openstack-dev] [tc][all][goals] selecting community-wide goals for T development cycle Message-ID: We will have a session at the forum to discuss the community-wide goals [0] we want to select for the T cycle. That's a long way off, but given the fact that we don't have a PTG between Berlin and Denver, and that we've recently had feedback that we need to have tools finished better before starting, I think we do need to begin the conversation now. The Forum session is on Thursday at 17:10, at the end of the Forum [1]. There's an etherpad up [2] for folks to start offering suggestions. And the etherpad with the archives of past ideas is also still online [3]. Let's use this thread to talk about the Forum session. If you want to propose a specific goal, please start a *new* thread here on openstack-dev so that we can keep all of the discussion clearly separated. Please keep in mind that these goals should apply to most, if not all, projects. Work to integrate 2 services can be managed through the normal feature prioritization processes of the teams involved. I will be moderating the discussion at the Forum, but I am not signing up as a goal champion or to drive the goal selection. If you are interested in helping with either of those things, please let me know. Doug [0] https://governance.openstack.org/tc/goals/index.html [1] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22814/t-series-community-goal-discussion [2] https://etherpad.openstack.org/p/BER-t-series-goals [3] https://etherpad.openstack.org/p/community-goals From doug at doughellmann.com Thu Nov 1 18:01:06 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Thu, 01 Nov 2018 14:01:06 -0400 Subject: [openstack-dev] [goals][python3][heat][manila][qinling][zaqar][magnum][keystone][congress] switching python package jobs In-Reply-To: References: Message-ID: Doug Hellmann writes: > Doug Hellmann writes: > > I asked the owners of the name "heat" to allow us to use it, and they > rejected the request. So, I proposed a change to heat to update the > sdist name to "openstack-heat". > > * https://review.openstack.org/606160 This patch is now passing tests. Please prioritize reviewing it, because it is going to block releases of heat. Doug From whayutin at redhat.com Thu Nov 1 19:13:51 2018 From: whayutin at redhat.com (Wesley Hayutin) Date: Thu, 1 Nov 2018 13:13:51 -0600 Subject: [openstack-dev] [tripleo] gate issues please do not approve/recheck In-Reply-To: References: Message-ID: Thanks Alex! On Thu, Nov 1, 2018 at 10:27 AM Alex Schultz wrote: > Ok since the podman revert patche has been successfully merged and > we've landed most of the non-voting scenario patches, it should be OK > to restore/recheck. It would be a good idea to prioritized things to > land and if it's not critical, let's hold off on approving until we're > sure the gate is much better. > > Thanks, > -Alex > > On Wed, Oct 31, 2018 at 9:39 AM Alex Schultz wrote: > > > > Hey folks, > > > > So we have identified an issue that has been causing a bunch of > > failures and proposed a revert of our podman testing[0]. We have > > cleared the gate and are asking that you not approve or recheck any > > patches at this time. We will let you know when it is safe to start > > approving things. > > > > Thanks, > > -Alex > > > > [0] https://review.openstack.org/#/c/614537/ > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Wes Hayutin Associate MANAGER Red Hat whayutin at redhat.com T: +1919 <+19197544114>4232509 IRC: weshay View my calendar and check my availability for meetings HERE -------------- next part -------------- An HTML attachment was scrubbed... URL: From melwittt at gmail.com Thu Nov 1 19:25:58 2018 From: melwittt at gmail.com (melanie witt) Date: Thu, 1 Nov 2018 12:25:58 -0700 Subject: [openstack-dev] [nova] Stein summit forum sessions and presentations of interest Message-ID: <120e35c9-c2b0-640f-3d9e-ca6023144daf@gmail.com> Howdy all, We've made a list of cross-project forum sessions and nova-related sessions/presentations that you might be interested in attending at the summit and added them to our forum etherpad: https://etherpad.openstack.org/p/nova-forum-stein The "Cross-project Forum sessions that should include nova participation" section contains a list of community sessions where it would be nice to have a nova representative in attendance. Please feel free to add your name to sessions you think you could attend and bring back any interesting info to the team. Let know if I've missed any cross-project sessions or nova-related sessions/presentations and I can add them. Looking forward to seeing you all at the summit! Cheers, -melanie From emilien at redhat.com Thu Nov 1 20:24:31 2018 From: emilien at redhat.com (Emilien Macchi) Date: Thu, 1 Nov 2018 16:24:31 -0400 Subject: [openstack-dev] [tripleo] Proposing Bob Fournier as core reviewer In-Reply-To: <836ebd56-2150-5fda-2f18-ca79038ba44f@redhat.com> References: <836ebd56-2150-5fda-2f18-ca79038ba44f@redhat.com> Message-ID: done, you're now core in TripleO; Thanks Bob for your hard work! On Mon, Oct 22, 2018 at 4:55 PM Jason E. Rist wrote: > On 10/19/2018 06:23 AM, Juan Antonio Osorio Robles wrote: > > Hello! > > > > > > I would like to propose Bob Fournier (bfournie) as a core reviewer in > > TripleO. His patches and reviews have spanned quite a wide range in our > > project, his reviews show great insight and quality and I think he would > > be a addition to the core team. > > > > What do you folks think? > > > > > > Best Regards > > > > > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > yup. > > -- > Jason E. Rist > Senior Software Engineer > OpenStack User Interfaces > Red Hat, Inc. > Freenode: jrist > github/twitter: knowncitizen > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Emilien Macchi -------------- next part -------------- An HTML attachment was scrubbed... URL: From bfournie at redhat.com Thu Nov 1 20:29:52 2018 From: bfournie at redhat.com (Bob Fournier) Date: Thu, 1 Nov 2018 16:29:52 -0400 Subject: [openstack-dev] [tripleo] Proposing Bob Fournier as core reviewer In-Reply-To: References: <836ebd56-2150-5fda-2f18-ca79038ba44f@redhat.com> Message-ID: On Thu, Nov 1, 2018 at 4:26 PM Emilien Macchi wrote: > done, you're now core in TripleO; Thanks Bob for your hard work! > Thank you Emilien, Juan, and everyone else! > > On Mon, Oct 22, 2018 at 4:55 PM Jason E. Rist wrote: > >> On 10/19/2018 06:23 AM, Juan Antonio Osorio Robles wrote: >> > Hello! >> > >> > >> > I would like to propose Bob Fournier (bfournie) as a core reviewer in >> > TripleO. His patches and reviews have spanned quite a wide range in our >> > project, his reviews show great insight and quality and I think he would >> > be a addition to the core team. >> > >> > What do you folks think? >> > >> > >> > Best Regards >> > >> > >> > >> > >> __________________________________________________________________________ >> > OpenStack Development Mailing List (not for usage questions) >> > Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > >> yup. >> >> -- >> Jason E. Rist >> Senior Software Engineer >> OpenStack User Interfaces >> Red Hat, Inc. >> Freenode: jrist >> github/twitter: knowncitizen >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > > > -- > Emilien Macchi > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jsbryant at electronicjungle.net Thu Nov 1 20:44:33 2018 From: jsbryant at electronicjungle.net (Jay Bryant) Date: Thu, 1 Nov 2018 15:44:33 -0500 Subject: [openstack-dev] [cinder] about use nfs driver to backup the volume snapshot In-Reply-To: References: Message-ID: On Thu, Nov 1, 2018, 10:44 AM Rambo wrote: > Hi,all > > Recently, I use the nfs driver as the cinder-backup backend, when I > use it to backup the volume snapshot, the result is return the > NotImplementedError[1].And the nfs.py doesn't has the > create_volume_from_snapshot function. Does the community plan to achieve > it which is as nfs as the cinder-backup backend?Can you tell me about > this?Thank you very much! > > Rambo, The NFS driver doesn't have full snapshot support. I am not sure if that function missing was an oversight or not. I would reach out to Eric Harney as he implemented that code. Jay > > > [1] > https://github.com/openstack/cinder/blob/master/cinder/volume/driver.py#L2142 > > > > > > > > > Best Regards > Rambo > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From duc.openstack at gmail.com Thu Nov 1 22:59:45 2018 From: duc.openstack at gmail.com (Duc Truong) Date: Thu, 1 Nov 2018 15:59:45 -0700 Subject: [openstack-dev] [senlin] Meeting cancelled for Nov 2 Message-ID: Everyone, There isn't much to talk about this week so I'm cancelling the weekly meeting. The only thing that needs attention is the upgrade checker patch set: https://review.openstack.org/#/c/613788/ If anybody has time, please take a look and see if you can figure out why it is not working. Thanks, Duc From kennelson11 at gmail.com Fri Nov 2 00:22:49 2018 From: kennelson11 at gmail.com (Kendall Nelson) Date: Thu, 1 Nov 2018 17:22:49 -0700 Subject: [openstack-dev] StoryBoard Forum Session: Remaining Blockers Message-ID: Hello Everyone! We've made a lot of progress in StoryBoard-land over the last couple of releases cleaning up bugs, fixing UI annoyances, and adding features that people have requested. All along we've also continued to migrate projects as they've become unblocked. While there are still a few blockers on our to-do list, we want to make sure our list is complete[1]. We have a session at the upcoming forum to collect any remaining blockers that you may have encountered while messing around with the dev storyboard[2] site or using the real storyboard interacting with projects that have already migrated. If you encountered any issues that are blocking your project from migrating, please come share them with with us[3]. Hope to see you there! -Kendall (diablo_rojo) & the StoryBoard team [1] https://storyboard.openstack.org/#!/worklist/493 [2] https://storyboard-dev.openstack.org/ [2] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22839/storyboard-migration-the-remaining-blockers -------------- next part -------------- An HTML attachment was scrubbed... URL: From dangtrinhnt at gmail.com Fri Nov 2 02:41:23 2018 From: dangtrinhnt at gmail.com (Trinh Nguyen) Date: Fri, 2 Nov 2018 11:41:23 +0900 Subject: [openstack-dev] The first Vietnam OSUG upstream contribution mentoring webinar Message-ID: Hello, The Vietnam OpenStack User Group has planned to organize an upstream contribution mentoring program for a while and finally, we decided the first webinar will be on next Monday, 5 November. Attendees will be anyone who is interested in the development process of OpenStack (mostly Vietnamese, students, developer, etc.). Mentors will be some experienced OpenStack upstream developers, core members of some projects, etc. You can check out the details on the Meetup link below [1]. We also want to say thank to the work of Ian Y. Choi and the Korea user group [2]. You inspired us. [1] https://www.meetup.com/VietOpenStack/events/hpcglqyxpbhb/ [2] http://lists.openstack.org/pipermail/community/2018-October/001909.html?fbclid=IwAR0nTZFMzc56PYT0jMDf02Wci2qbaGxhay3EU53Wfd_RntgFqZ0ybwzpFY8 Bests, -- *Trinh Nguyen* *www.edlab.xyz * -------------- next part -------------- An HTML attachment was scrubbed... URL: From ducnv at vn.fujitsu.com Fri Nov 2 03:26:27 2018 From: ducnv at vn.fujitsu.com (Nguyen, Van Duc) Date: Fri, 2 Nov 2018 03:26:27 +0000 Subject: [openstack-dev] The first Vietnam OSUG upstream contribution mentoring webinar In-Reply-To: References: Message-ID: <53ceb7dffc164a8b86d96f2b87217bfc@G07SGEXCMSGPS05.g07.fujitsu.local> Thank you and the Vietnamese user group for your contributions. I look forward to participating in the webinar. +1 ☺ From: Trinh Nguyen Sent: Friday, November 02, 2018 9:41 AM To: OpenStack Development Mailing List (not for usage questions) Cc: community at lists.openstack.org Subject: [openstack-dev] The first Vietnam OSUG upstream contribution mentoring webinar Hello, The Vietnam OpenStack User Group has planned to organize an upstream contribution mentoring program for a while and finally, we decided the first webinar will be on next Monday, 5 November. Attendees will be anyone who is interested in the development process of OpenStack (mostly Vietnamese, students, developer, etc.). Mentors will be some experienced OpenStack upstream developers, core members of some projects, etc. You can check out the details on the Meetup link below [1]. We also want to say thank to the work of Ian Y. Choi and the Korea user group [2]. You inspired us. [1] https://www.meetup.com/VietOpenStack/events/hpcglqyxpbhb/ [2] http://lists.openstack.org/pipermail/community/2018-October/001909.html?fbclid=IwAR0nTZFMzc56PYT0jMDf02Wci2qbaGxhay3EU53Wfd_RntgFqZ0ybwzpFY8 Bests, -- Trinh Nguyen www.edlab.xyz -------------- next part -------------- An HTML attachment was scrubbed... URL: From scheuran at linux.vnet.ibm.com Fri Nov 2 08:47:42 2018 From: scheuran at linux.vnet.ibm.com (Andreas Scheuring) Date: Fri, 2 Nov 2018 09:47:42 +0100 Subject: [openstack-dev] [nova] Announcing new Focal Point for s390x libvirt/kvm Nova Message-ID: Dear Nova Community, I want to announce the new focal point for Nova s390x libvirt/kvm. Please welcome "Cathy Zhang” to the Nova team. She and her team will be responsible for maintaining the s390x libvirt/kvm Thirdparty CI [1] and any s390x specific code in nova and os-brick. I personally took a new opportunity already a few month ago but kept maintaining the CI as good as possible. With new manpower we can hopefully contribute more to the community again. You can reach her via * email: bjzhjing at linux.vnet.ibm.com * IRC: Cathyz Cathy, I wish you and your team all the best for this exciting role! I also want to say thank you for the last years. It was a great time, I learned a lot from you all, will miss it! Cheers, Andreas (irc: scheuran) [1] https://wiki.openstack.org/wiki/ThirdPartySystems/IBM_zKVM_CI From cdent+os at anticdent.org Fri Nov 2 11:48:37 2018 From: cdent+os at anticdent.org (Chris Dent) Date: Fri, 2 Nov 2018 11:48:37 +0000 (GMT) Subject: [openstack-dev] [placement] update 18-44 Message-ID: HTML: https://anticdent.org/placement-update-18-44.html Good morning, it's placement update time. # Most Important Lately attention has been primarily on specs, database migration tooling, and progress on documentation. These remain the important areas. # What's Changed * [Placement docs](https://docs.openstack.org/placement/latest/) * Upgrade-to-placement in deployment tooling [thread](http://lists.openstack.org/pipermail/openstack-dev/2018-October/136075.html) # Bugs * Placement related [bugs not yet in progress](https://goo.gl/TgiPXb): 16. +1. * [In progress placement bugs](https://goo.gl/vzGGDQ) 11. # Specs Progress continues on reviewing specs. * Account for host agg allocation ratio in placement (Still in rocky/) * Add subtree filter for GET /resource_providers * Resource provider - request group mapping in allocation candidate * VMware: place instances on resource pool (still in rocky/) * Standardize CPU resource tracking * Allow overcommit of dedicated CPU (Has an alternative which changes allocations to a float) * Modelling passthrough devices for report to placement * Spec: allocation candidates in tree * Nova Cyborg interaction specification. * supporting virtual NVDIMM devices * Spec: Support filtering by forbidden aggregate * Proposes NUMA topology with RPs * Count quota based on resource class * WIP: High Precision Event Timer (HPET) on x86 guests * Add support for emulated virtual TPM * Adds spec for instance live resize * Provider config YAML file # Main Themes ## Making Nested Useful The nested allocations support has merged. That was the stuff that was on this topic: * There are some reshaper patches in progress. * I suspect we need some real world fiddling with nested workloads to have any real confidence with this stuff. ## Extraction There continue to be three main tasks in regard to placement extraction: 1. upgrade and integration testing 2. database schema migration and management 3. documentation publishing Most of this work is now being tracked on a [new etherpad](https://etherpad.openstack.org/p/placement-extract-stein-4). If you're looking for something to do (either code or review), there is a good place to look to find something. The db-related work is getting very close, which will allow grenade and devstack changes to merge. # Other Various placement changes out in the world. * Improve handling of default allocation ratios * Neutron minimum bandwidth implementation * Add OWNERSHIP $SERVICE traits * Puppet: Initial cookiecutter and import from nova::placement * zun: Use placement for unified resource management * Update allocation ratio when config changes * Deal with root_id None in resource provider * Use long rpc timeout in select_destinations * Bandwith Resource Providers! * Harden placement init under wsgi * Using gabbi-tempest for integration tests. * Make tox -ereleasenotes work * placement: Add a doc describing a quick live environment * Adding alembic environment * Blazar using the placement-api * Placement role for ansible project config * hyperv bump placement version # End Apologies if this is messier than normal, I'm rushing to get it out before I travel. -- Chris Dent ٩◔̯◔۶ https://anticdent.org/ freenode: cdent tw: @anticdent From kgiusti at gmail.com Fri Nov 2 13:14:21 2018 From: kgiusti at gmail.com (Ken Giusti) Date: Fri, 2 Nov 2018 09:14:21 -0400 Subject: [openstack-dev] [Oslo][nova][openstack-ansible] About Rabbitmq warning problems on nova-compute side In-Reply-To: <1101609091.2040456.1541073176882.JavaMail.zimbra@tubitak.gov.tr> References: <1101609091.2040456.1541073176882.JavaMail.zimbra@tubitak.gov.tr> Message-ID: Hi Gokhan, There's been a flurry of folks reporting issues recently related to pike and SSL. See: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 and https://bugs.launchpad.net/oslo.messaging/+bug/1801011 I'm currently working on this - no status yet. As a test would it be possible to try disabling SSL in your configuration to see if the problem persists? On Thu, Nov 1, 2018 at 7:53 AM Gökhan IŞIK (BİLGEM BTE) < gokhan.isik at tubitak.gov.tr> wrote: > Hi folks, > > I have problems about rabbitmq on nova-compute side. I see lots of > warnings in log file like that “client unexpectedly closed TCP > connection”.[1] > > I have a HA OpenStack environment on ubuntu 16.04.5 which is installed > with Openstack Ansible Project. My OpenStack environment version is Pike. > My environment consists of 3 controller nodes ,23 compute nodes and 1 log > node. Cinder volume service is installed on compute nodes and I am using > NetApp Storage. > > I tried lots of configs on nova about oslo messaging and rabbitmq side, > but I didn’t resolve this problem. My latest configs are below: > > rabbitmq.config is : http://paste.openstack.org/show/733767/ > > nova.conf is: http://paste.openstack.org/show/733768/ > > Services versions are : http://paste.openstack.org/show/733769/ > > > Can you share your experiences on rabbitmq side and How can I solve these > warnings on nova-compute side ? What will you advice ? > > > [1] http://paste.openstack.org/show/733766/ > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Ken Giusti (kgiusti at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From kgiusti at gmail.com Fri Nov 2 13:24:07 2018 From: kgiusti at gmail.com (Ken Giusti) Date: Fri, 2 Nov 2018 09:24:07 -0400 Subject: [openstack-dev] [oslo] No complains about rabbitmq SSL problems: could we have this in the logs? In-Reply-To: <1d5364ed-076b-ac86-6c54-9d9a16bc87a2@debian.org> References: <08C09D03-132D-406E-AFDE-7845B2D55B5F@vexxhost.com> <1d5364ed-076b-ac86-6c54-9d9a16bc87a2@debian.org> Message-ID: Hi, There does seem to be something currently wonky with SSL & oslo.messaging. I'm looking into it now. And there's this recently reported issue: https://bugs.launchpad.net/oslo.messaging/+bug/1800957 In the above bug something seems to have broken SSL between ocata and pike. The current suspected change is a patch that fixed a threading issue. Stay tuned... On Thu, Nov 1, 2018 at 3:53 AM Thomas Goirand wrote: > On 10/31/18 2:40 PM, Mohammed Naser wrote: > > For what it’s worth: I ran into the same issue. I think the problem > lies a bit deeper because it’s a problem with kombu as when debugging I saw > that Oslo messaging tried to connect and hung after. > > > > Sent from my iPhone > > > >> On Oct 31, 2018, at 2:29 PM, Thomas Goirand wrote: > >> > >> Hi, > >> > >> It took me a long long time to figure out that my SSL setup was wrong > >> when trying to connect Heat to rabbitmq over SSL. Unfortunately, Oslo > >> (or heat itself) never warn me that something was wrong, I just got > >> nothing working, and no log at all. > >> > >> I'm sure I wouldn't be the only one happy about having this type of > >> problems being yelled out loud in the logs. Right now, it does work if I > >> turn off SSL, though I'm still not sure what's wrong in my setup, and > >> I'm given no clue if the issue is on rabbitmq-server or on the client > >> side (ie: heat, in my current case). > >> > >> Just a wishlist... :) > >> Cheers, > >> > >> Thomas Goirand (zigo) > > I've opened a bug here: > > https://bugs.launchpad.net/oslo.messaging/+bug/1801011 > > Cheers, > > Thomas Goirand (zigo) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Ken Giusti (kgiusti at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From dprince at redhat.com Fri Nov 2 13:39:07 2018 From: dprince at redhat.com (Dan Prince) Date: Fri, 2 Nov 2018 09:39:07 -0400 Subject: [openstack-dev] [TripleO] PSA lets use deploy_steps_tasks Message-ID: I pushed a patch[1] to update our containerized deployment architecture docs yesterday. There are 2 new fairly useful sections we can leverage with TripleO's stepwise deployment. They appear to be used somewhat sparingly so I wanted to get the word out. The first is 'deploy_steps_tasks' which gives you a means to run Ansible snippets on each node/role in a stepwise fashion during deployment. Previously it was only possible to execute puppet or docker commands where as now that we have deploy_steps_tasks we can execute ad-hoc ansible in the same manner. The second is 'external_deploy_tasks' which allows you to use run Ansible snippets on the Undercloud during stepwise deployment. This is probably most useful for driving an external installer but might also help with some complex tasks that need to originate from a single Ansible client. The only downside I see to these approaches is that both appear to be implemented with Ansible's default linear strategy. I saw shardy's comment here [2] that the :free strategy does not yet apparently work with the any_errors_fatal option. Perhaps we can reach out to someone in the Ansible community in this regard to improve running these things in parallel like TripleO used to work with Heat agents. This is also how host_prep_tasks is implemented which BTW we should now get rid of as a duplicate architectural step since we have deploy_steps_tasks anyway. [1] https://review.openstack.org/#/c/614822/ [2] http://git.openstack.org/cgit/openstack/tripleo-heat-templates/tree/common/deploy-steps.j2#n554 From jaosorior at redhat.com Fri Nov 2 13:43:32 2018 From: jaosorior at redhat.com (Juan Antonio Osorio Robles) Date: Fri, 2 Nov 2018 15:43:32 +0200 Subject: [openstack-dev] [TripleO] PSA lets use deploy_steps_tasks In-Reply-To: References: Message-ID: Thanks! We have been slow to update our docs. I did put up a blog post about these sections of the templates [1], in case folks find that useful. [1] http://jaormx.github.io/2018/dissecting-tripleo-service-templates-p2/ On 11/2/18 3:39 PM, Dan Prince wrote: > I pushed a patch[1] to update our containerized deployment > architecture docs yesterday. There are 2 new fairly useful sections we > can leverage with TripleO's stepwise deployment. They appear to be > used somewhat sparingly so I wanted to get the word out. > > The first is 'deploy_steps_tasks' which gives you a means to run > Ansible snippets on each node/role in a stepwise fashion during > deployment. Previously it was only possible to execute puppet or > docker commands where as now that we have deploy_steps_tasks we can > execute ad-hoc ansible in the same manner. > > The second is 'external_deploy_tasks' which allows you to use run > Ansible snippets on the Undercloud during stepwise deployment. This is > probably most useful for driving an external installer but might also > help with some complex tasks that need to originate from a single > Ansible client. > > The only downside I see to these approaches is that both appear to be > implemented with Ansible's default linear strategy. I saw shardy's > comment here [2] that the :free strategy does not yet apparently work > with the any_errors_fatal option. Perhaps we can reach out to someone > in the Ansible community in this regard to improve running these > things in parallel like TripleO used to work with Heat agents. > > This is also how host_prep_tasks is implemented which BTW we should > now get rid of as a duplicate architectural step since we have > deploy_steps_tasks anyway. > > [1] https://review.openstack.org/#/c/614822/ > [2] http://git.openstack.org/cgit/openstack/tripleo-heat-templates/tree/common/deploy-steps.j2#n554 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From mriedemos at gmail.com Fri Nov 2 13:45:05 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Fri, 2 Nov 2018 08:45:05 -0500 Subject: [openstack-dev] StoryBoard Forum Session: Remaining Blockers In-Reply-To: References: Message-ID: On 11/1/2018 7:22 PM, Kendall Nelson wrote: > We've made a lot of progress in StoryBoard-land over the last couple of > releases cleaning up bugs, fixing UI annoyances, and adding features > that people have requested. All along we've also continued to migrate > projects as they've become unblocked. While there are still a few > blockers on our to-do list, we want to make sure our list is complete[1]. > > We have a session at the upcoming forum to collect any remaining > blockers that you may have encountered while messing around with the dev > storyboard[2] site or using the real storyboard interacting with > projects that have already migrated. If you encountered any issues that > are blocking your project from migrating, please come share them with > with us[3]. Hope to see you there! > > -Kendall (diablo_rojo) & the StoryBoard team > > [1] https://storyboard.openstack.org/#!/worklist/493 > I'm not sure why/how but you seem to have an encoded URL for this [1] link, which when I was using it redirected me to my own dashboard in storyboard. The real link, https://storyboard.openstack.org/#!/worklist/493, does work though. Just FYI for anyone else having the same problem. > [2] https://storyboard-dev.openstack.org/ > [2] > https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22839/storyboard-migration-the-remaining-blockers > -- Thanks, Matt From eharney at redhat.com Fri Nov 2 14:00:13 2018 From: eharney at redhat.com (Eric Harney) Date: Fri, 2 Nov 2018 10:00:13 -0400 Subject: [openstack-dev] [cinder] about use nfs driver to backup the volume snapshot In-Reply-To: References: Message-ID: <501142a5-ff4d-9671-d3b9-34f5fd2da01a@redhat.com> On 11/1/18 4:44 PM, Jay Bryant wrote: > On Thu, Nov 1, 2018, 10:44 AM Rambo wrote: > >> Hi,all >> >> Recently, I use the nfs driver as the cinder-backup backend, when I >> use it to backup the volume snapshot, the result is return the >> NotImplementedError[1].And the nfs.py doesn't has the >> create_volume_from_snapshot function. Does the community plan to achieve >> it which is as nfs as the cinder-backup backend?Can you tell me about >> this?Thank you very much! >> >> Rambo, > > The NFS driver doesn't have full snapshot support. I am not sure if that > function missing was an oversight or not. I would reach out to Eric Harney > as he implemented that code. > > Jay > create_volume_from_snapshot is implemented in the NFS driver. It is in the remotefs code that the NFS driver inherits from. But, I'm not sure I understand what's being asked here -- how is this related to using NFS as the backup backend? >> >> >> [1] >> https://github.com/openstack/cinder/blob/master/cinder/volume/driver.py#L2142 >> >> >> >> >> >> >> >> >> Best Regards >> Rambo From amy at demarco.com Fri Nov 2 15:14:24 2018 From: amy at demarco.com (Amy Marrich) Date: Fri, 2 Nov 2018 10:14:24 -0500 Subject: [openstack-dev] OpenStack Diversity and Inclusion Survey Message-ID: The Diversity and Inclusion WG is still looking for your assistance in reaching and including data from as many members of our community as possible. We revised the Diversity Survey that was originally distributed to the Community in the Fall of 2015 and reached out in August with our new survey. We are looking to update our view of the OpenStack community and it's diversity. We are pleased to be working with members of the CHAOSS project who have signed confidentiality agreements in order to assist us in the following ways: 1) Assistance in analyzing the results 2) And feeding the results into the CHAOSS software and metrics development work so that we can help other Open Source projects Please take the time to fill out the survey and share it with others in the community. The survey can be found at: https://www.surveymonkey.com/r/OpenStackDiversity Thank you for assisting us in this important task! Please feel free to reach out to me via email, in Berlin, or to myself or any WG member in #openstack-diversity! Amy Marrich (spotz) Diversity and Inclusion Working Group Chair -------------- next part -------------- An HTML attachment was scrubbed... URL: From james.slagle at gmail.com Fri Nov 2 15:27:43 2018 From: james.slagle at gmail.com (James Slagle) Date: Fri, 2 Nov 2018 11:27:43 -0400 Subject: [openstack-dev] [TripleO] PSA lets use deploy_steps_tasks In-Reply-To: References: Message-ID: On Fri, Nov 2, 2018 at 9:39 AM Dan Prince wrote: > > I pushed a patch[1] to update our containerized deployment > architecture docs yesterday. There are 2 new fairly useful sections we > can leverage with TripleO's stepwise deployment. They appear to be > used somewhat sparingly so I wanted to get the word out. > > The first is 'deploy_steps_tasks' which gives you a means to run > Ansible snippets on each node/role in a stepwise fashion during > deployment. Previously it was only possible to execute puppet or > docker commands where as now that we have deploy_steps_tasks we can > execute ad-hoc ansible in the same manner. > > The second is 'external_deploy_tasks' which allows you to use run > Ansible snippets on the Undercloud during stepwise deployment. This is > probably most useful for driving an external installer but might also > help with some complex tasks that need to originate from a single > Ansible client. +1 > The only downside I see to these approaches is that both appear to be > implemented with Ansible's default linear strategy. I saw shardy's > comment here [2] that the :free strategy does not yet apparently work > with the any_errors_fatal option. Perhaps we can reach out to someone > in the Ansible community in this regard to improve running these > things in parallel like TripleO used to work with Heat agents. It's effectively parallel across one role at a time at the moment, up to the number of configured forks (default: 25). The reason it won't parallelize across roles, is because it's a different task file used with import_tasks for each role. Ansible won't run that in parallel since the task list is different. I was able to make this parallel across roles for the pre and post deployments by making the task file the same for each role, and controlling the difference with group and host vars: https://review.openstack.org/#/c/574474/ >From Ansible's perspective, the task list is now the same for each host, although different things will be done depending on the value of vars for each host. It's possible a similar approach could be done with the other interfaces you point out here. In addition to the any_errors_fatal issue when using strategy:free, is that you'd also lose the grouping of the task output per role after each task finishes. This is mostly cosmetic, but using free does create a lot more noisier output IMO. -- -- James Slagle -- From colleen at gazlene.net Fri Nov 2 15:33:36 2018 From: colleen at gazlene.net (Colleen Murphy) Date: Fri, 02 Nov 2018 16:33:36 +0100 Subject: [openstack-dev] [keystone] Keystone Team Update - Week of 29 October 2018 Message-ID: <1541172816.512691.1563565520.2DCA999B@webmail.messagingengine.com> # Keystone Team Update - Week of 29 October 2018 ## News ### Berlin Summit Somewhat quiet week as we've been getting into summit prep mode. We'll have two forum sessions, one for operator feedback[1] and one to discuss Keystone as an IdP Proxy[2]. We'll have our traditional project update[3] and project onboarding[4] along with many keystone-related talks from the team[5][6][7][8][9][10]. [1] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22792/keystone-operator-feedback [2] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22791/keystone-as-an-identity-provider-proxy [3] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22728/keystone-project-updates [4] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22727/keystone-project-onboarding [5] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22557/enforcing-quota-consistently-with-unified-limits [6] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22320/towards-an-open-cloud-exchange [7] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22044/pushing-keystone-over-the-edge [8] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22607/a-seamlessly-federated-multi-cloud [9] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/21977/openstack-policy-101 [10] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/21976/dynamic-policy-for-openstack-with-open-policy-agent ## Open Specs Stein specs: https://bit.ly/2Pi6dGj Ongoing specs: https://bit.ly/2OyDLTh ## Recently Merged Changes Search query: https://bit.ly/2pquOwT We merged 31 changes this week. ## Changes that need Attention Search query: https://bit.ly/2PUk84S There are 45 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots. ## Bugs This week we opened 5 new bugs and closed 9. Bugs opened (5) Bug #1801111 (keystone:Low) opened by Egor Panfilov https://bugs.launchpad.net/keystone/+bug/1801111 Bug #1800651 (keystone:Undecided) opened by Ramon Heidrich https://bugs.launchpad.net/keystone/+bug/1800651 Bug #1801095 (keystone:Undecided) opened by artem.v.vasilyev https://bugs.launchpad.net/keystone/+bug/1801095 Bug #1801309 (keystone:Undecided) opened by wangxiyuan https://bugs.launchpad.net/keystone/+bug/1801309 Bug #1801101 (keystoneauth:Undecided) opened by Egor Panfilov https://bugs.launchpad.net/keystoneauth/+bug/1801101 Bugs closed (5) Bug #1553224 (keystone:Wishlist) https://bugs.launchpad.net/keystone/+bug/1553224 Bug #1642988 (keystone:Wishlist) https://bugs.launchpad.net/keystone/+bug/1642988 Bug #1710329 (keystone:Undecided) https://bugs.launchpad.net/keystone/+bug/1710329 Bug #1713574 (keystoneauth:Undecided) https://bugs.launchpad.net/keystoneauth/+bug/1713574 Bug #1801101 (keystoneauth:Undecided) https://bugs.launchpad.net/keystoneauth/+bug/1801101 Bugs fixed (4) Bug #1788415 (keystone:High) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1788415 Bug #1797876 (keystone:High) fixed by Vishakha Agarwal https://bugs.launchpad.net/keystone/+bug/1797876 Bug #1798716 (keystone:Low) fixed by wangxiyuan https://bugs.launchpad.net/keystone/+bug/1798716 Bug #1800017 (keystonemiddleware:Medium) fixed by Guang Yee https://bugs.launchpad.net/keystonemiddleware/+bug/1800017 ## Milestone Outlook https://releases.openstack.org/stein/schedule.html Our spec proposal freeze for Stein was two weeks ago, so barring extraordinary circumstances we'll be working on refining our remaining three Stein specs for the spec freeze after the new year. ## Shout-outs Thanks Nathan Kinder for all the ldappool fixes! ## Help with this newsletter Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter Dashboard generated using gerrit-dash-creator and https://gist.github.com/lbragstad/9b0477289177743d1ebfc276d1697b67 From bdobreli at redhat.com Fri Nov 2 16:32:43 2018 From: bdobreli at redhat.com (Bogdan Dobrelya) Date: Fri, 2 Nov 2018 17:32:43 +0100 Subject: [openstack-dev] [Edge-computing] [tripleo][FEMDC] IEEE Fog Computing: Call for Contributions - Deadline Approaching In-Reply-To: References: <53cf2d33-cee7-3f0d-7f28-74b29091a7ef@redhat.com> <8acb2f9e-9fbd-77be-a274-eb3d54ae2ab4@redhat.com> Message-ID: Hello folks. Here is an update for today. I crated a draft [0], and spend some time with building LaTeX with live-updating for the compiled PDF... The latter is only informational, if someone wants to contribute, please follow the instructions listed by the link (hint: you need no to have any LaTeX experience, only basic markdown knowledge should be enough!) [0] https://github.com/bogdando/papers-ieee/#in-the-current-development-looking-for-co-authors On 10/31/18 6:54 PM, Ildiko Vancsa wrote: > Hi, > > Thank you for sharing your proposal. > > I think this is a very interesting topic with a list of possible solutions some of which this group is also discussing. It would also be great to learn more about the IEEE activities and have experience about the process in this group on the way forward. > > I personally do not have experience with IEEE conferences, but I’m happy to help with the paper if I can. > > Thanks, > Ildikó > > (added from the parallel thread) >> On 2018. Oct 31., at 19:11, Mike Bayer wrote: >> >> On Wed, Oct 31, 2018 at 10:57 AM Bogdan Dobrelya wrote: >>> >>> (cross-posting openstack-dev) >>> >>> Hello. >>> [tl;dr] I'm looking for co-author(s) to come up with "Edge clouds data >>> consistency requirements and challenges" a position paper [0] (papers >>> submitting deadline is Nov 8). >>> >>> The problem scope is synchronizing control plane and/or >>> deployments-specific data (not necessary limited to OpenStack) across >>> remote Edges and central Edge and management site(s). Including the same >>> aspects for overclouds and undercloud(s), in terms of TripleO; and other >>> deployment tools of your choice. >>> >>> Another problem is to not go into different solutions for Edge >>> deployments management and control planes of edges. And for tenants as >>> well, if we think of tenants also doing Edge deployments based on Edge >>> Data Replication as a Service, say for Kubernetes/OpenShift on top of >>> OpenStack. >>> >>> So the paper should name the outstanding problems, define data >>> consistency requirements and pose possible solutions for synchronization >>> and conflicts resolving. Having maximum autonomy cases supported for >>> isolated sites, with a capability to eventually catch up its distributed >>> state. Like global database [1], or something different perhaps (see >>> causal-real-time consistency model [2],[3]), or even using git. And >>> probably more than that?.. (looking for ideas) >> >> >> I can offer detail on whatever aspects of the "shared / global >> database" idea. The way we're doing it with Galera for now is all >> about something simple and modestly effective for the moment, but it >> doesn't have any of the hallmarks of a long-term, canonical solution, >> because Galera is not well suited towards being present on many >> (dozens) of endpoints. The concept that the StarlingX folks were >> talking about, that of independent databases that are synchronized >> using some kind of middleware is potentially more scalable, however I >> think the best approach would be API-level replication, that is, you >> have a bunch of Keystone services and there is a process that is >> regularly accessing the APIs of these keystone services and >> cross-publishing state amongst all of them. Clearly the big >> challenge with that is how to resolve conflicts, I think the answer >> would lie in the fact that the data being replicated would be of >> limited scope and potentially consist of mostly or fully >> non-overlapping records. >> >> That is, I think "global database" is a cheap way to get what would be >> more effective as asynchronous state synchronization between identity >> services. > > Recently we’ve been also exploring federation with an IdP (Identity Provider) master: https://wiki.openstack.org/wiki/Keystone_edge_architectures#Identity_Provider_.28IdP.29_Master_with_shadow_users > > One of the pros is that it removes the need for synchronization and potentially increases scalability. > > Thanks, > Ildikó -- Best regards, Bogdan Dobrelya, Irc #bogdando From openstack at fried.cc Fri Nov 2 19:22:53 2018 From: openstack at fried.cc (Eric Fried) Date: Fri, 2 Nov 2018 14:22:53 -0500 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker Message-ID: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> All- Based on a (long) discussion yesterday [1] I have put up a patch [2] whereby you can set [compute]resource_provider_association_refresh to zero and the resource tracker will never* refresh the report client's provider cache. Philosophically, we're removing the "healing" aspect of the resource tracker's periodic and trusting that placement won't diverge from whatever's in our cache. (If it does, it's because the op hit the CLI, in which case they should SIGHUP - see below.) *except: - When we initially create the compute node record and bootstrap its resource provider. - When the virt driver's update_provider_tree makes a change, update_from_provider_tree reflects them in the cache as well as pushing them back to placement. - If update_from_provider_tree fails, the cache is cleared and gets rebuilt on the next periodic. - If you send SIGHUP to the compute process, the cache is cleared. This should dramatically reduce the number of calls to placement from the compute service. Like, to nearly zero, unless something is actually changing. Can I get some initial feedback as to whether this is worth polishing up into something real? (It will probably need a bp/spec if so.) [1] http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 [2] https://review.openstack.org/#/c/614886/ ========== Background ========== In the Queens release, our friends at CERN noticed a serious spike in the number of requests to placement from compute nodes, even in a stable-state cloud. Given that we were in the process of adding a ton of infrastructure to support sharing and nested providers, this was not unexpected. Roughly, what was previously: @periodic_task: GET /resource_providers/$compute_uuid GET /resource_providers/$compute_uuid/inventories became more like: @periodic_task: # In Queens/Rocky, this would still just return the compute RP GET /resource_providers?in_tree=$compute_uuid # In Queens/Rocky, this would return nothing GET /resource_providers?member_of=...&required=MISC_SHARES... for each provider returned above: # i.e. just one in Q/R GET /resource_providers/$compute_uuid/inventories GET /resource_providers/$compute_uuid/traits GET /resource_providers/$compute_uuid/aggregates In a cloud the size of CERN's, the load wasn't acceptable. But at the time, CERN worked around the problem by disabling refreshing entirely. (The fact that this seems to have worked for them is an encouraging sign for the proposed code change.) We're not actually making use of most of that information, but it sets the stage for things that we're working on in Stein and beyond, like multiple VGPU types, bandwidth resource providers, accelerators, NUMA, etc., so removing/reducing the amount of information we look at isn't really an option strategically. From torin.woltjer at granddial.com Fri Nov 2 19:27:30 2018 From: torin.woltjer at granddial.com (Torin Woltjer) Date: Fri, 02 Nov 2018 19:27:30 GMT Subject: [openstack-dev] [Openstack] DHCP not accessible on new compute node. Message-ID: I've completely wiped the node and reinstalled it, and the problem still persists. I can't ping instances on other compute nodes, or ping the DHCP ports. Instances don't get addresses or metadata when started on this node. From: Marcio Prado Sent: 11/1/18 9:51 AM To: torin.woltjer at granddial.com Cc: openstack at lists.openstack.org Subject: Re: [Openstack] DHCP not accessible on new compute node. I believe you have not forgotten anything. This should probably be bug ... As my cloud is not production, but rather masters research. I migrate the VM live to a node that is working, restart it, after that I migrate back to the original node that was not working and it keeps running ... Em 30-10-2018 17:50, Torin Woltjer escreveu: > Interestingly, I created a brand new selfservice network and DHCP > doesn't work on that either. I've followed the instructions in the > minimal setup (excluding the controllers as they're already set up) > but the new node has no access to the DHCP agent in neutron it seems. > Is there a likely component that I've overlooked? > > _TORIN WOLTJER_ > > GRAND DIAL COMMUNICATIONS - A ZK TECH INC. COMPANY > > 616.776.1066 EXT. 2006 > _WWW.GRANDDIAL.COM [1]_ > > ------------------------- > > FROM: "Torin Woltjer" > SENT: 10/30/18 10:48 AM > TO: , "openstack at lists.openstack.org" > > SUBJECT: Re: [Openstack] DHCP not accessible on new compute node. > > I deleted both DHCP ports and they recreated as you said. However, > instances are still unable to get network addresses automatically. > > _TORIN WOLTJER_ > > GRAND DIAL COMMUNICATIONS - A ZK TECH INC. COMPANY > > 616.776.1066 EXT. 2006 > _ [1] [1]WWW.GRANDDIAL.COM [1]_ > > ------------------------- > > FROM: Marcio Prado > SENT: 10/29/18 6:23 PM > TO: torin.woltjer at granddial.com > SUBJECT: Re: [Openstack] DHCP not accessible on new compute node. > The door is recreated automatically. The problem like I said is not in > DHCP, but for some reason, erasing and waiting for OpenStack to > re-create the port often solves the problem. > > Please, if you can find out the problem in fact, let me know. I'm very > interested to know. > > You can delete the door without fear. OpenStack will recreate in a > short > time. > > Links: > ------ > [1] http://www.granddial.com -- Marcio Prado Analista de TI - Infraestrutura e Redes Fone: (35) 9.9821-3561 www.marcioprado.eti.br -------------- next part -------------- An HTML attachment was scrubbed... URL: From mriedemos at gmail.com Fri Nov 2 20:31:48 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Fri, 2 Nov 2018 15:31:48 -0500 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> Message-ID: On 11/2/2018 2:22 PM, Eric Fried wrote: > Based on a (long) discussion yesterday [1] I have put up a patch [2] > whereby you can set [compute]resource_provider_association_refresh to > zero and the resource tracker will never* refresh the report client's > provider cache. Philosophically, we're removing the "healing" aspect of > the resource tracker's periodic and trusting that placement won't > diverge from whatever's in our cache. (If it does, it's because the op > hit the CLI, in which case they should SIGHUP - see below.) > > *except: > - When we initially create the compute node record and bootstrap its > resource provider. > - When the virt driver's update_provider_tree makes a change, > update_from_provider_tree reflects them in the cache as well as pushing > them back to placement. > - If update_from_provider_tree fails, the cache is cleared and gets > rebuilt on the next periodic. > - If you send SIGHUP to the compute process, the cache is cleared. > > This should dramatically reduce the number of calls to placement from > the compute service. Like, to nearly zero, unless something is actually > changing. > > Can I get some initial feedback as to whether this is worth polishing up > into something real? (It will probably need a bp/spec if so.) > > [1] > http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 > [2]https://review.openstack.org/#/c/614886/ > > ========== > Background > ========== > In the Queens release, our friends at CERN noticed a serious spike in > the number of requests to placement from compute nodes, even in a > stable-state cloud. Given that we were in the process of adding a ton of > infrastructure to support sharing and nested providers, this was not > unexpected. Roughly, what was previously: > > @periodic_task: > GET/resource_providers/$compute_uuid > GET/resource_providers/$compute_uuid/inventories > > became more like: > > @periodic_task: > # In Queens/Rocky, this would still just return the compute RP > GET /resource_providers?in_tree=$compute_uuid > # In Queens/Rocky, this would return nothing > GET /resource_providers?member_of=...&required=MISC_SHARES... > for each provider returned above: # i.e. just one in Q/R > GET/resource_providers/$compute_uuid/inventories > GET/resource_providers/$compute_uuid/traits > GET/resource_providers/$compute_uuid/aggregates > > In a cloud the size of CERN's, the load wasn't acceptable. But at the > time, CERN worked around the problem by disabling refreshing entirely. > (The fact that this seems to have worked for them is an encouraging sign > for the proposed code change.) > > We're not actually making use of most of that information, but it sets > the stage for things that we're working on in Stein and beyond, like > multiple VGPU types, bandwidth resource providers, accelerators, NUMA, > etc., so removing/reducing the amount of information we look at isn't > really an option strategically. A few random points from the long discussion that should probably re-posed here for wider thought: * There was probably a lot of discussion about why we needed to do this caching and stuff in the compute in the first place. What has changed that we no longer need to aggressively refresh the cache on every periodic? I thought initially it came up because people really wanted the compute to be fully self-healing to any external changes, including hot plugging resources like disk on the host to automatically reflect those changes in inventory. Similarly, external user/service interactions with the placement API which would then be automatically picked up by the next periodic run - is that no longer a desire, and/or how was the decision made previously that simply requiring a SIGHUP in that case wasn't sufficient/desirable. * I believe I made the point yesterday that we should probably not refresh by default, and let operators opt-in to that behavior if they really need it, i.e. they are frequently making changes to the environment, potentially by some external service (I could think of vCenter doing this to reflect changes from vCenter back into nova/placement), but I don't think that should be the assumed behavior by most and our defaults should reflect the "normal" use case. * I think I've noted a few times now that we don't actually use the provider aggregates information (yet) in the compute service. Nova host aggregate membership is mirror to placement since Rocky [1] but that happens in the API, not the the compute. The only thing I can think of that relied on resource provider aggregate information in the compute is the shared storage providers concept, but that's not supported (yet) [2]. So do we need to keep retrieving aggregate information when nothing in compute uses it yet? * Similarly, why do we need to get traits on each periodic? The only in-tree virt driver I'm aware of that *reports* traits is the libvirt driver for CPU features [3]. Otherwise I think the idea behind getting the latest traits is so the virt driver doesn't overwrite any traits set externally on the compute node root resource provider. I think that still stands and is probably OK, even though we have generations now which should keep us from overwriting if we don't have the latest traits, but I wanted to bring it up since it's related to the "why do we need provider aggregates in the compute?" question. * Regardless of what we do, I think we should probably *at least* make that refresh associations config allow 0 to disable it so CERN (and others) can avoid the need to continually forward-porting code to disable it. [1] https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/placement-mirror-host-aggregates.html [2] https://bugs.launchpad.net/nova/+bug/1784020 [3] https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/report-cpu-features-as-traits.html -- Thanks, Matt From aj at suse.com Fri Nov 2 20:35:42 2018 From: aj at suse.com (Andreas Jaeger) Date: Fri, 2 Nov 2018 21:35:42 +0100 Subject: [openstack-dev] [all][release][infra] changing release template publish-to-pypi Message-ID: <351ec585-b16f-9c08-a18e-3358c1f7fb16@suse.com> Doug recently introduced the template publish-to-pypi-python3 and used it for all official projects. It only has a minimal python3 usage (calling setup.py sdist bdist_wheel) that should work with any repo. Thus, I pushed a a series of changes up - see https://review.openstack.org/#/q/topic:publish-pypi - to rename publish-to-pypi-python3 back to publish-to-pypi. Thus, everybody uses again the same template and testing. Note that the template publish-to-pypi-python3 contained a test to see whether the release jobs works, this new job is now run as well. It is only run if one of the packaging files is updated - and ensures that uploading to pypi will work fine. If this new job now fails, please fix the fallout so that you can safely release next time. The first changes in this series are merging now - if this causes problems and there is a strong need for an explicit python2 version, please tell me, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter: jaegerandi SUSE LINUX GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 From dtantsur at redhat.com Sat Nov 3 12:26:47 2018 From: dtantsur at redhat.com (Dmitry Tantsur) Date: Sat, 3 Nov 2018 13:26:47 +0100 Subject: [openstack-dev] [ironic] Team gathering at the Forum In-Reply-To: <627c8ab5-1918-8ca4-1dae-29cb78859d57@redhat.com> References: <627c8ab5-1918-8ca4-1dae-29cb78859d57@redhat.com> Message-ID: <3c422c26-46c9-37b1-9e8d-c720b80a42f6@redhat.com> Hi Ironicers! Good news: I have made the reservation for the gathering! :) It will happen on Wednesday, November 14, 2018 at 7 p.m. in restaurant Lindenbräu am Potsdamer Platz (https://goo.gl/maps/DYb5ikGGmdw). I will depart from the venue at around 6:15. Follow the hangouts chat (to be set up) for any last-minute changes. If you go along, you will need to get to Potsdamer Platz, there are S-Bahn, U-Bahn, train and bus stations there. Google suggests we take S3/S9 (direction Erkner/Airport) from Messe Süd first, then switch to S1/S2/S25/S26 on Friedrichstraße. Those going from Crowne Plaza Hotel can take bus 200 directly to Postdamer Platz. You'll need an A-B zone ticket for the travel. The restaurant is located in a court behind the tall DB building. If you want to come but did not sign up in the doodle, please let me know off-list. See you in Berlin, Dmitry On 10/29/18 3:58 PM, Dmitry Tantsur wrote: > Hi folks! > > This is your friendly reminder to vote on the day. Even if you're fine with all > days, please leave a vote, so that we know how many people are coming. We will > need to make a reservation, and we may not be able to accommodate more people > than voted! > > Dmitry > > On 10/22/18 6:06 PM, Dmitry Tantsur wrote: >> Hi ironicers! :) >> >> We are trying to plan an informal Ironic team gathering in Berlin. If you care >> about Ironic and would like to participate, please fill in >> https://doodle.com/poll/iw5992px765nthde. Note that the location is tentative, >> also depending on how many people sign up. >> >> Dmitry > From mnaser at vexxhost.com Sun Nov 4 10:11:59 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Sun, 4 Nov 2018 11:11:59 +0100 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> Message-ID: On Fri, Nov 2, 2018 at 9:32 PM Matt Riedemann wrote: > > On 11/2/2018 2:22 PM, Eric Fried wrote: > > Based on a (long) discussion yesterday [1] I have put up a patch [2] > > whereby you can set [compute]resource_provider_association_refresh to > > zero and the resource tracker will never* refresh the report client's > > provider cache. Philosophically, we're removing the "healing" aspect of > > the resource tracker's periodic and trusting that placement won't > > diverge from whatever's in our cache. (If it does, it's because the op > > hit the CLI, in which case they should SIGHUP - see below.) > > > > *except: > > - When we initially create the compute node record and bootstrap its > > resource provider. > > - When the virt driver's update_provider_tree makes a change, > > update_from_provider_tree reflects them in the cache as well as pushing > > them back to placement. > > - If update_from_provider_tree fails, the cache is cleared and gets > > rebuilt on the next periodic. > > - If you send SIGHUP to the compute process, the cache is cleared. > > > > This should dramatically reduce the number of calls to placement from > > the compute service. Like, to nearly zero, unless something is actually > > changing. > > > > Can I get some initial feedback as to whether this is worth polishing up > > into something real? (It will probably need a bp/spec if so.) > > > > [1] > > http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 > > [2]https://review.openstack.org/#/c/614886/ > > > > ========== > > Background > > ========== > > In the Queens release, our friends at CERN noticed a serious spike in > > the number of requests to placement from compute nodes, even in a > > stable-state cloud. Given that we were in the process of adding a ton of > > infrastructure to support sharing and nested providers, this was not > > unexpected. Roughly, what was previously: > > > > @periodic_task: > > GET/resource_providers/$compute_uuid > > GET/resource_providers/$compute_uuid/inventories > > > > became more like: > > > > @periodic_task: > > # In Queens/Rocky, this would still just return the compute RP > > GET /resource_providers?in_tree=$compute_uuid > > # In Queens/Rocky, this would return nothing > > GET /resource_providers?member_of=...&required=MISC_SHARES... > > for each provider returned above: # i.e. just one in Q/R > > GET/resource_providers/$compute_uuid/inventories > > GET/resource_providers/$compute_uuid/traits > > GET/resource_providers/$compute_uuid/aggregates > > > > In a cloud the size of CERN's, the load wasn't acceptable. But at the > > time, CERN worked around the problem by disabling refreshing entirely. > > (The fact that this seems to have worked for them is an encouraging sign > > for the proposed code change.) > > > > We're not actually making use of most of that information, but it sets > > the stage for things that we're working on in Stein and beyond, like > > multiple VGPU types, bandwidth resource providers, accelerators, NUMA, > > etc., so removing/reducing the amount of information we look at isn't > > really an option strategically. > > A few random points from the long discussion that should probably > re-posed here for wider thought: > > * There was probably a lot of discussion about why we needed to do this > caching and stuff in the compute in the first place. What has changed > that we no longer need to aggressively refresh the cache on every > periodic? I thought initially it came up because people really wanted > the compute to be fully self-healing to any external changes, including > hot plugging resources like disk on the host to automatically reflect > those changes in inventory. Similarly, external user/service > interactions with the placement API which would then be automatically > picked up by the next periodic run - is that no longer a desire, and/or > how was the decision made previously that simply requiring a SIGHUP in > that case wasn't sufficient/desirable. > > * I believe I made the point yesterday that we should probably not > refresh by default, and let operators opt-in to that behavior if they > really need it, i.e. they are frequently making changes to the > environment, potentially by some external service (I could think of > vCenter doing this to reflect changes from vCenter back into > nova/placement), but I don't think that should be the assumed behavior > by most and our defaults should reflect the "normal" use case. > > * I think I've noted a few times now that we don't actually use the > provider aggregates information (yet) in the compute service. Nova host > aggregate membership is mirror to placement since Rocky [1] but that > happens in the API, not the the compute. The only thing I can think of > that relied on resource provider aggregate information in the compute is > the shared storage providers concept, but that's not supported (yet) > [2]. So do we need to keep retrieving aggregate information when nothing > in compute uses it yet? > > * Similarly, why do we need to get traits on each periodic? The only > in-tree virt driver I'm aware of that *reports* traits is the libvirt > driver for CPU features [3]. Otherwise I think the idea behind getting > the latest traits is so the virt driver doesn't overwrite any traits set > externally on the compute node root resource provider. I think that > still stands and is probably OK, even though we have generations now > which should keep us from overwriting if we don't have the latest > traits, but I wanted to bring it up since it's related to the "why do we > need provider aggregates in the compute?" question. > > * Regardless of what we do, I think we should probably *at least* make > that refresh associations config allow 0 to disable it so CERN (and > others) can avoid the need to continually forward-porting code to > disable it. > > [1] > https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/placement-mirror-host-aggregates.html > [2] https://bugs.launchpad.net/nova/+bug/1784020 > [3] > https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/report-cpu-features-as-traits.html > > -- > > Thanks, > > Matt > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com From mnaser at vexxhost.com Sun Nov 4 10:22:46 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Sun, 4 Nov 2018 11:22:46 +0100 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> Message-ID: Ugh, hit send accidentally. Please take my comments lightly as I have not been as involved with the developments but just chiming in as an operator with some ideas. On Fri, Nov 2, 2018 at 9:32 PM Matt Riedemann wrote: > > On 11/2/2018 2:22 PM, Eric Fried wrote: > > Based on a (long) discussion yesterday [1] I have put up a patch [2] > > whereby you can set [compute]resource_provider_association_refresh to > > zero and the resource tracker will never* refresh the report client's > > provider cache. Philosophically, we're removing the "healing" aspect of > > the resource tracker's periodic and trusting that placement won't > > diverge from whatever's in our cache. (If it does, it's because the op > > hit the CLI, in which case they should SIGHUP - see below.) > > > > *except: > > - When we initially create the compute node record and bootstrap its > > resource provider. > > - When the virt driver's update_provider_tree makes a change, > > update_from_provider_tree reflects them in the cache as well as pushing > > them back to placement. > > - If update_from_provider_tree fails, the cache is cleared and gets > > rebuilt on the next periodic. > > - If you send SIGHUP to the compute process, the cache is cleared. > > > > This should dramatically reduce the number of calls to placement from > > the compute service. Like, to nearly zero, unless something is actually > > changing. > > > > Can I get some initial feedback as to whether this is worth polishing up > > into something real? (It will probably need a bp/spec if so.) > > > > [1] > > http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 > > [2]https://review.openstack.org/#/c/614886/ > > > > ========== > > Background > > ========== > > In the Queens release, our friends at CERN noticed a serious spike in > > the number of requests to placement from compute nodes, even in a > > stable-state cloud. Given that we were in the process of adding a ton of > > infrastructure to support sharing and nested providers, this was not > > unexpected. Roughly, what was previously: > > > > @periodic_task: > > GET/resource_providers/$compute_uuid > > GET/resource_providers/$compute_uuid/inventories > > > > became more like: > > > > @periodic_task: > > # In Queens/Rocky, this would still just return the compute RP > > GET /resource_providers?in_tree=$compute_uuid > > # In Queens/Rocky, this would return nothing > > GET /resource_providers?member_of=...&required=MISC_SHARES... > > for each provider returned above: # i.e. just one in Q/R > > GET/resource_providers/$compute_uuid/inventories > > GET/resource_providers/$compute_uuid/traits > > GET/resource_providers/$compute_uuid/aggregates > > > > In a cloud the size of CERN's, the load wasn't acceptable. But at the > > time, CERN worked around the problem by disabling refreshing entirely. > > (The fact that this seems to have worked for them is an encouraging sign > > for the proposed code change.) > > > > We're not actually making use of most of that information, but it sets > > the stage for things that we're working on in Stein and beyond, like > > multiple VGPU types, bandwidth resource providers, accelerators, NUMA, > > etc., so removing/reducing the amount of information we look at isn't > > really an option strategically. > > A few random points from the long discussion that should probably > re-posed here for wider thought: > > * There was probably a lot of discussion about why we needed to do this > caching and stuff in the compute in the first place. What has changed > that we no longer need to aggressively refresh the cache on every > periodic? I thought initially it came up because people really wanted > the compute to be fully self-healing to any external changes, including > hot plugging resources like disk on the host to automatically reflect > those changes in inventory. Similarly, external user/service > interactions with the placement API which would then be automatically > picked up by the next periodic run - is that no longer a desire, and/or > how was the decision made previously that simply requiring a SIGHUP in > that case wasn't sufficient/desirable. I think that would be nice to have however at the current moment, based from operators perspective, it looks like the placement service can really get out of sync pretty easily.. so I think it'd be good to commit to either really making it self-heal (delete stale allocations, create ones that should be there) or remove all self-healing stuff Also, for the self healing work, if we take that route and implement it fully, it might make placement split much easier, because we just switch over and wait for the computes to automagically populate everything, but that's the type of operation that happens once in the lifetime of a cloud. Just for information sake, a clean state cloud which had no reported issues over maybe a period of 2-3 months already has 4 allocations which are incorrect and 12 allocations pointing to the wrong resource provider, so I think this comes does to committing to either "self-healing" to fix those issues or not. > * I believe I made the point yesterday that we should probably not > refresh by default, and let operators opt-in to that behavior if they > really need it, i.e. they are frequently making changes to the > environment, potentially by some external service (I could think of > vCenter doing this to reflect changes from vCenter back into > nova/placement), but I don't think that should be the assumed behavior > by most and our defaults should reflect the "normal" use case. I agree. For 99% of the deployments out there, placement service will likely not be touched by anyone except the services and at this stage, probably just Nova talking to placement directly. I really do agree on the statement that the "normal" use case is of a user playing around with placement out-of-band is not common at all. > * I think I've noted a few times now that we don't actually use the > provider aggregates information (yet) in the compute service. Nova host > aggregate membership is mirror to placement since Rocky [1] but that > happens in the API, not the the compute. The only thing I can think of > that relied on resource provider aggregate information in the compute is > the shared storage providers concept, but that's not supported (yet) > [2]. So do we need to keep retrieving aggregate information when nothing > in compute uses it yet? Is there anything stopping us here from polling that information during the time when the VM is spawning? It doesn't seem like something that the compute node always needs to check.. > * Similarly, why do we need to get traits on each periodic? The only > in-tree virt driver I'm aware of that *reports* traits is the libvirt > driver for CPU features [3]. Otherwise I think the idea behind getting > the latest traits is so the virt driver doesn't overwrite any traits set > externally on the compute node root resource provider. I think that > still stands and is probably OK, even though we have generations now > which should keep us from overwriting if we don't have the latest > traits, but I wanted to bring it up since it's related to the "why do we > need provider aggregates in the compute?" question. Forgive my ignorance on this subject, but would traits really be only set when the service is first started (so that check can happens only once on startup) and then the compute nodes never really ever consume that information (but the scheduler does?). Also, AFAIK I doubt virt drivers actually report much change in traits (CPU flags changing in runtime?) > * Regardless of what we do, I think we should probably *at least* make > that refresh associations config allow 0 to disable it so CERN (and > others) can avoid the need to continually forward-porting code to > disable it. +1 > [1] > https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/placement-mirror-host-aggregates.html > [2] https://bugs.launchpad.net/nova/+bug/1784020 > [3] > https://specs.openstack.org/openstack/nova-specs/specs/rocky/implemented/report-cpu-features-as-traits.html > > -- > > Thanks, > > Matt > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com From mnaser at vexxhost.com Sun Nov 4 11:53:22 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Sun, 4 Nov 2018 12:53:22 +0100 Subject: [openstack-dev] [nova][cinder] Using externally stored keys for encryption Message-ID: Hi everyone: I've been digging around the documentation of Nova, Cinder and the encrypted disks feature and I've been a bit stumped on something which I think is a very relevant use case that might not be possible (or it is and I have totally missed it!) It seems that both Cinder and Nova assume that secrets are always stored within the Barbican deployment in the same cloud. This makes a lot of sense however in scenarios where the consumer of an OpenStack cloud wants to operate it without trusting the cloud, they won't be able to have encrypted volumes that make sense, an example: - Create encrypted volume, keys are stored in Barbican - Boot VM using said encrypted volume, Nova pulls keys from Barbican, starts VM.. However, this means that the deployer can at anytime pull down the keys and decrypt things locally to do $bad_things. However, if we had something like any of the following two ideas: - Allow for "run-time" providing secret on boot (maybe something added to the start/boot VM API?) - Allow for pointing towards an external instance of Barbican By using those 2, we allow OpenStack users to operate their VMs securely and allowing them to have control over their keys. If they want to revoke all access, they can shutdown all the VMs and cut access to their key storage management and not worry about someone just pulling them down from the internal Barbican. Hopefully I did a good job explaining this use case and I'm just wondering if this is a thing that's possible at the moment or if we perhaps need to look into it. Thanks, Mohammed -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com From jaypipes at gmail.com Sun Nov 4 12:01:25 2018 From: jaypipes at gmail.com (Jay Pipes) Date: Sun, 4 Nov 2018 07:01:25 -0500 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> Message-ID: <007518d4-daed-4065-7044-40443564f6cb@gmail.com> On 11/02/2018 03:22 PM, Eric Fried wrote: > All- > > Based on a (long) discussion yesterday [1] I have put up a patch [2] > whereby you can set [compute]resource_provider_association_refresh to > zero and the resource tracker will never* refresh the report client's > provider cache. Philosophically, we're removing the "healing" aspect of > the resource tracker's periodic and trusting that placement won't > diverge from whatever's in our cache. (If it does, it's because the op > hit the CLI, in which case they should SIGHUP - see below.) > > *except: > - When we initially create the compute node record and bootstrap its > resource provider. > - When the virt driver's update_provider_tree makes a change, > update_from_provider_tree reflects them in the cache as well as pushing > them back to placement. > - If update_from_provider_tree fails, the cache is cleared and gets > rebuilt on the next periodic. > - If you send SIGHUP to the compute process, the cache is cleared. > > This should dramatically reduce the number of calls to placement from > the compute service. Like, to nearly zero, unless something is actually > changing. > > Can I get some initial feedback as to whether this is worth polishing up > into something real? (It will probably need a bp/spec if so.) > > [1] > http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 > [2] https://review.openstack.org/#/c/614886/ > > ========== > Background > ========== > In the Queens release, our friends at CERN noticed a serious spike in > the number of requests to placement from compute nodes, even in a > stable-state cloud. Given that we were in the process of adding a ton of > infrastructure to support sharing and nested providers, this was not > unexpected. Roughly, what was previously: > > @periodic_task: > GET /resource_providers/$compute_uuid > GET /resource_providers/$compute_uuid/inventories > > became more like: > > @periodic_task: > # In Queens/Rocky, this would still just return the compute RP > GET /resource_providers?in_tree=$compute_uuid > # In Queens/Rocky, this would return nothing > GET /resource_providers?member_of=...&required=MISC_SHARES... > for each provider returned above: # i.e. just one in Q/R > GET /resource_providers/$compute_uuid/inventories > GET /resource_providers/$compute_uuid/traits > GET /resource_providers/$compute_uuid/aggregates > > In a cloud the size of CERN's, the load wasn't acceptable. But at the > time, CERN worked around the problem by disabling refreshing entirely. > (The fact that this seems to have worked for them is an encouraging sign > for the proposed code change.) > > We're not actually making use of most of that information, but it sets > the stage for things that we're working on in Stein and beyond, like > multiple VGPU types, bandwidth resource providers, accelerators, NUMA, > etc., so removing/reducing the amount of information we look at isn't > really an option strategically. I support your idea of getting rid of the periodic refresh of the cache in the scheduler report client. Much of that was added in order to emulate the original way the resource tracker worked. Most of the behaviour in the original resource tracker (and some of the code still in there for dealing with (surprise!) PCI passthrough devices and NUMA topology) was due to doing allocations on the compute node (the whole claims stuff). We needed to always be syncing the state of the compute_nodes and pci_devices table in the cell database with whatever usage information was being created/modified on the compute nodes [0]. All of the "healing" code that's in the resource tracker was basically to deal with "soft delete", migrations that didn't complete or work properly, and, again, to handle allocations becoming out-of-sync because the compute nodes were responsible for allocating (as opposed to the current situation we have where the placement service -- via the scheduler's call to claim_resources() -- is responsible for allocating resources [1]). Now that we have generation markers protecting both providers and consumers, we can rely on those generations to signal to the scheduler report client that it needs to pull fresh information about a provider or consumer. So, there's really no need to automatically and blindly refresh any more. Best, -jay [0] We always need to be syncing those tables because those tables, unlike the placement database's data modeling, couple both inventory AND usage in the same table structure... [1] again, except for PCI devices and NUMA topology, because of the tight coupling in place with the different resource trackers those types of resources use... From mordred at inaugust.com Sun Nov 4 15:12:13 2018 From: mordred at inaugust.com (Monty Taylor) Date: Sun, 4 Nov 2018 09:12:13 -0600 Subject: [openstack-dev] [publiccloud-wg] Serving vendor json from RFC 5785 well-known dir Message-ID: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> Heya, I've floated a half-baked version of this idea to a few people, but lemme try again with some new words. What if we added support for serving vendor data files from the root of a primary URL as-per RFC 5785. Specifically, support deployers adding a json file to .well-known/openstack/client that would contain what we currently store in the openstacksdk repo and were just discussing splitting out. Then, an end-user could put a url into the 'cloud' parameter. Using vexxhost as an example, if Mohammed served: { "name": "vexxhost", "profile": { "auth_type": "v3password", "auth": { "auth_url": "https://auth.vexxhost.net/v3" }, "regions": [ "ca-ymq-1", "sjc1" ], "identity_api_version": "3", "image_format": "raw", "requires_floating_ip": false } } from https://vexxhost.com/.well-known/openstack/client And then in my local config I did: import openstack conn = openstack.connect( cloud='https://vexxhost.com', username='my-awesome-user', ...) The client could know to go fetch https://vexxhost.com/.well-known/openstack/client to use as the profile information needed for that cloud. If I wanted to configure a clouds.yaml entry, it would look like: clouds: mordred-vexxhost: profile: https://vexxhost.com auth: username: my-awesome-user And I could just conn = openstack.connect(cloud='mordred-vexxhost') The most important part being that we define the well-known structure and interaction. Then we don't need the info in a git repo managed by the publiccloud-wg - each public cloud can manage it itself. But also - non-public clouds can take advantage of being able to define such information for their users too - and can hand a user a simple global entrypoint for discover. As they add regions - or if they decide to switch from global keystone to per-region keystone, they can just update their profile file and all will be good with the world. Of course, it's a convenience, so nothing forces anyone to deploy one. For backwards compat, as public clouds we have vendor profiles for start deploying a well-known profile, we can update the baked-in named profile in openstacksdk to simply reference the remote url and over time hopefully there will cease to be any information that's useful in the openstacksdk repo. What do people think? Monty From mnaser at vexxhost.com Sun Nov 4 17:32:23 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Sun, 4 Nov 2018 18:32:23 +0100 Subject: [openstack-dev] [publiccloud-wg] Serving vendor json from RFC 5785 well-known dir In-Reply-To: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> References: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> Message-ID: On Sun, Nov 4, 2018 at 4:12 PM Monty Taylor wrote: > > Heya, > > I've floated a half-baked version of this idea to a few people, but > lemme try again with some new words. > > What if we added support for serving vendor data files from the root of > a primary URL as-per RFC 5785. Specifically, support deployers adding a > json file to .well-known/openstack/client that would contain what we > currently store in the openstacksdk repo and were just discussing > splitting out. > > Then, an end-user could put a url into the 'cloud' parameter. > > Using vexxhost as an example, if Mohammed served: > > { > "name": "vexxhost", > "profile": { > "auth_type": "v3password", > "auth": { > "auth_url": "https://auth.vexxhost.net/v3" > }, > "regions": [ > "ca-ymq-1", > "sjc1" > ], > "identity_api_version": "3", > "image_format": "raw", > "requires_floating_ip": false > } > } > > from https://vexxhost.com/.well-known/openstack/client > > And then in my local config I did: > > import openstack > conn = openstack.connect( > cloud='https://vexxhost.com', > username='my-awesome-user', > ...) > > The client could know to go fetch > https://vexxhost.com/.well-known/openstack/client to use as the profile > information needed for that cloud. Mohammed likes this idea and would like to present this for you to hack on: https://vexxhost.com/.well-known/openstack/client > If I wanted to configure a clouds.yaml entry, it would look like: > > clouds: > mordred-vexxhost: > profile: https://vexxhost.com > auth: > username: my-awesome-user > > And I could just > > conn = openstack.connect(cloud='mordred-vexxhost') > > The most important part being that we define the well-known structure > and interaction. Then we don't need the info in a git repo managed by > the publiccloud-wg - each public cloud can manage it itself. But also - > non-public clouds can take advantage of being able to define such > information for their users too - and can hand a user a simple global > entrypoint for discover. As they add regions - or if they decide to > switch from global keystone to per-region keystone, they can just update > their profile file and all will be good with the world. > > Of course, it's a convenience, so nothing forces anyone to deploy one. > > For backwards compat, as public clouds we have vendor profiles for start > deploying a well-known profile, we can update the baked-in named profile > in openstacksdk to simply reference the remote url and over time > hopefully there will cease to be any information that's useful in the > openstacksdk repo. > > What do people think? I really like this idea, the only concern is fallbacks. I can imagine that in some arbitrary world, things might get restructured in a web structure and that URL magically disappears but shifting the responsibilities on the provider rather than maintainers of this project is a much cleaner alternative, IMHO. > Monty > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com From lijie at unitedstack.com Mon Nov 5 02:26:40 2018 From: lijie at unitedstack.com (=?utf-8?B?UmFtYm8=?=) Date: Mon, 5 Nov 2018 10:26:40 +0800 Subject: [openstack-dev] [cinder] about use nfs driver to backup the volume snapshot In-Reply-To: <501142a5-ff4d-9671-d3b9-34f5fd2da01a@redhat.com> References: <501142a5-ff4d-9671-d3b9-34f5fd2da01a@redhat.com> Message-ID: Sorry , I mean use the NFS driver as the cinder-backup_driver.I see the remotefs code achieve the create_volume_from snapshot[1],in this function the snapshot.status must be available. But before this in the api part, the snapshot.status was changed to the backing_up status[2].Is there something wrong?Can you tell me more about this?Thank you very much. [1]https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/remotefs.py#L1259 [2]https://github.com/openstack/cinder/blob/master/cinder/backup/api.py#L292 ------------------ Original ------------------ From: "Eric Harney"; Date: Fri, Nov 2, 2018 10:00 PM To: "jsbryant"; "OpenStack Developmen"; Subject: Re: [openstack-dev] [cinder] about use nfs driver to backup the volume snapshot On 11/1/18 4:44 PM, Jay Bryant wrote: > On Thu, Nov 1, 2018, 10:44 AM Rambo wrote: > >> Hi,all >> >> Recently, I use the nfs driver as the cinder-backup backend, when I >> use it to backup the volume snapshot, the result is return the >> NotImplementedError[1].And the nfs.py doesn't has the >> create_volume_from_snapshot function. Does the community plan to achieve >> it which is as nfs as the cinder-backup backend?Can you tell me about >> this?Thank you very much! >> >> Rambo, > > The NFS driver doesn't have full snapshot support. I am not sure if that > function missing was an oversight or not. I would reach out to Eric Harney > as he implemented that code. > > Jay > create_volume_from_snapshot is implemented in the NFS driver. It is in the remotefs code that the NFS driver inherits from. But, I'm not sure I understand what's being asked here -- how is this related to using NFS as the backup backend? >> >> >> [1] >> https://github.com/openstack/cinder/blob/master/cinder/volume/driver.py#L2142 >> >> >> >> >> >> >> >> >> Best Regards >> Rambo __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From lijie at unitedstack.com Mon Nov 5 02:27:51 2018 From: lijie at unitedstack.com (=?utf-8?B?UmFtYm8=?=) Date: Mon, 5 Nov 2018 10:27:51 +0800 Subject: [openstack-dev] [nova] about live-resize the instance Message-ID: Hi,all I find it is important that live-resize the instance in production environment. We have talked it many years and we agreed this in Rocky PTG, then the author remove the spec to Stein, but there is no information about this spec, is there anyone to push the spec and achieve it? Can you tell me more about this ?Thank you very much. [1]https://review.openstack.org/#/c/141219/ Best Regards Rambo -------------- next part -------------- An HTML attachment was scrubbed... URL: From jichenjc at cn.ibm.com Mon Nov 5 04:17:53 2018 From: jichenjc at cn.ibm.com (Chen CH Ji) Date: Mon, 5 Nov 2018 04:17:53 +0000 Subject: [openstack-dev] [nova] about live-resize the instance In-Reply-To: References: Message-ID: An HTML attachment was scrubbed... URL: From 270162781 at qq.com Mon Nov 5 08:01:58 2018 From: 270162781 at qq.com (=?ISO-8859-1?B?MjcwMTYyNzgx?=) Date: Mon, 5 Nov 2018 16:01:58 +0800 Subject: [openstack-dev] [neutron] Bug deputy report Message-ID: Hi all, I'm zhaobo, I was the bug deputy for the last week and I'm afraid that cannot attending the comming upstream meeting so I'm sending out this report: Last week there are some high priority bugs for neutron . What a quiet week. ;-) Also some bugs need to attention, I list them here: [High] Race conditions in neutron_tempest_plugin/scenario/test_security_groups.py https://bugs.launchpad.net/neutron/+bug/1801306 TEMPEST CI FAILURE, the result is caused by some tempest tests operate the default SG, that will affect other test cases. Migration causes downtime while doing bulk_pull https://bugs.launchpad.net/neutron/+bug/1801104 Seems refresh the local cache so frequently, also if the records we want from neutron-server are so large, could we improve the query filter for improve performance on agent rpc? [Need Attention] Network: concurrent issue for create network operation https://bugs.launchpad.net/neutron/+bug/1800417 This looks like an exist issue for master. I think this must be an issue, but the bug lacks some logs for deep into, so hope the reporter can provider more details about it at first. [RFE]Neutron API Server: unexpected behavior with multiple long live clients https://bugs.launchpad.net/neutron/+bug/1800599 I have changed this bug to a new RFE, as it introduces an new mechanism to make sure each request can be processed to the maximum extend if possible, without long time waiting on client side. Thanks, Best Regards, ZhaoBo -------------- next part -------------- An HTML attachment was scrubbed... URL: From cjeanner at redhat.com Mon Nov 5 09:05:03 2018 From: cjeanner at redhat.com (=?UTF-8?Q?C=c3=a9dric_Jeanneret?=) Date: Mon, 5 Nov 2018 10:05:03 +0100 Subject: [openstack-dev] [TripleO] PSA lets use deploy_steps_tasks In-Reply-To: References: Message-ID: <1632c103-0eff-ad35-6dc9-ac0c6f120d69@redhat.com> On 11/2/18 2:39 PM, Dan Prince wrote: > I pushed a patch[1] to update our containerized deployment > architecture docs yesterday. There are 2 new fairly useful sections we > can leverage with TripleO's stepwise deployment. They appear to be > used somewhat sparingly so I wanted to get the word out. Good thing, it's important to highlight this feature and explain how it works, big thumb up Dan! > > The first is 'deploy_steps_tasks' which gives you a means to run > Ansible snippets on each node/role in a stepwise fashion during > deployment. Previously it was only possible to execute puppet or > docker commands where as now that we have deploy_steps_tasks we can > execute ad-hoc ansible in the same manner. I'm wondering if such a thing could be used for the "inflight validations" - i.e. a step to validate a service/container is working as expected once it's deployed, in order to get early failure. For instance, we deploy a rabbitmq container, and right after it's deployed, we'd like to ensure it's actually running and works as expected before going forward in the deploy. Care to have a look at that spec[1] and see if, instead of adding a new "validation_tasks" entry, we could "just" use the "deploy_steps_tasks" with the right step number? That would be really, really cool, and will probably avoid a lot of code in the end :). Thank you! C. [1] https://review.openstack.org/#/c/602007/ > > The second is 'external_deploy_tasks' which allows you to use run > Ansible snippets on the Undercloud during stepwise deployment. This is > probably most useful for driving an external installer but might also > help with some complex tasks that need to originate from a single > Ansible client. > > The only downside I see to these approaches is that both appear to be > implemented with Ansible's default linear strategy. I saw shardy's > comment here [2] that the :free strategy does not yet apparently work > with the any_errors_fatal option. Perhaps we can reach out to someone > in the Ansible community in this regard to improve running these > things in parallel like TripleO used to work with Heat agents. > > This is also how host_prep_tasks is implemented which BTW we should > now get rid of as a duplicate architectural step since we have > deploy_steps_tasks anyway. > > [1] https://review.openstack.org/#/c/614822/ > [2] http://git.openstack.org/cgit/openstack/tripleo-heat-templates/tree/common/deploy-steps.j2#n554 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Cédric Jeanneret Software Engineer DFG:DF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From moreira.belmiro.email.lists at gmail.com Mon Nov 5 09:16:26 2018 From: moreira.belmiro.email.lists at gmail.com (Belmiro Moreira) Date: Mon, 5 Nov 2018 10:16:26 +0100 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: <007518d4-daed-4065-7044-40443564f6cb@gmail.com> References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> <007518d4-daed-4065-7044-40443564f6cb@gmail.com> Message-ID: Thanks Eric for the patch. This will help keeping placement calls under control. Belmiro On Sun, Nov 4, 2018 at 1:01 PM Jay Pipes wrote: > On 11/02/2018 03:22 PM, Eric Fried wrote: > > All- > > > > Based on a (long) discussion yesterday [1] I have put up a patch [2] > > whereby you can set [compute]resource_provider_association_refresh to > > zero and the resource tracker will never* refresh the report client's > > provider cache. Philosophically, we're removing the "healing" aspect of > > the resource tracker's periodic and trusting that placement won't > > diverge from whatever's in our cache. (If it does, it's because the op > > hit the CLI, in which case they should SIGHUP - see below.) > > > > *except: > > - When we initially create the compute node record and bootstrap its > > resource provider. > > - When the virt driver's update_provider_tree makes a change, > > update_from_provider_tree reflects them in the cache as well as pushing > > them back to placement. > > - If update_from_provider_tree fails, the cache is cleared and gets > > rebuilt on the next periodic. > > - If you send SIGHUP to the compute process, the cache is cleared. > > > > This should dramatically reduce the number of calls to placement from > > the compute service. Like, to nearly zero, unless something is actually > > changing. > > > > Can I get some initial feedback as to whether this is worth polishing up > > into something real? (It will probably need a bp/spec if so.) > > > > [1] > > > http://eavesdrop.openstack.org/irclogs/%23openstack-nova/%23openstack-nova.2018-11-01.log.html#t2018-11-01T17:32:03 > > [2] https://review.openstack.org/#/c/614886/ > > > > ========== > > Background > > ========== > > In the Queens release, our friends at CERN noticed a serious spike in > > the number of requests to placement from compute nodes, even in a > > stable-state cloud. Given that we were in the process of adding a ton of > > infrastructure to support sharing and nested providers, this was not > > unexpected. Roughly, what was previously: > > > > @periodic_task: > > GET /resource_providers/$compute_uuid > > GET /resource_providers/$compute_uuid/inventories > > > > became more like: > > > > @periodic_task: > > # In Queens/Rocky, this would still just return the compute RP > > GET /resource_providers?in_tree=$compute_uuid > > # In Queens/Rocky, this would return nothing > > GET /resource_providers?member_of=...&required=MISC_SHARES... > > for each provider returned above: # i.e. just one in Q/R > > GET /resource_providers/$compute_uuid/inventories > > GET /resource_providers/$compute_uuid/traits > > GET /resource_providers/$compute_uuid/aggregates > > > > In a cloud the size of CERN's, the load wasn't acceptable. But at the > > time, CERN worked around the problem by disabling refreshing entirely. > > (The fact that this seems to have worked for them is an encouraging sign > > for the proposed code change.) > > > > We're not actually making use of most of that information, but it sets > > the stage for things that we're working on in Stein and beyond, like > > multiple VGPU types, bandwidth resource providers, accelerators, NUMA, > > etc., so removing/reducing the amount of information we look at isn't > > really an option strategically. > > I support your idea of getting rid of the periodic refresh of the cache > in the scheduler report client. Much of that was added in order to > emulate the original way the resource tracker worked. > > Most of the behaviour in the original resource tracker (and some of the > code still in there for dealing with (surprise!) PCI passthrough devices > and NUMA topology) was due to doing allocations on the compute node (the > whole claims stuff). We needed to always be syncing the state of the > compute_nodes and pci_devices table in the cell database with whatever > usage information was being created/modified on the compute nodes [0]. > > All of the "healing" code that's in the resource tracker was basically > to deal with "soft delete", migrations that didn't complete or work > properly, and, again, to handle allocations becoming out-of-sync because > the compute nodes were responsible for allocating (as opposed to the > current situation we have where the placement service -- via the > scheduler's call to claim_resources() -- is responsible for allocating > resources [1]). > > Now that we have generation markers protecting both providers and > consumers, we can rely on those generations to signal to the scheduler > report client that it needs to pull fresh information about a provider > or consumer. So, there's really no need to automatically and blindly > refresh any more. > > Best, > -jay > > [0] We always need to be syncing those tables because those tables, > unlike the placement database's data modeling, couple both inventory AND > usage in the same table structure... > > [1] again, except for PCI devices and NUMA topology, because of the > tight coupling in place with the different resource trackers those types > of resources use... > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thierry at openstack.org Mon Nov 5 09:19:28 2018 From: thierry at openstack.org (Thierry Carrez) Date: Mon, 5 Nov 2018 10:19:28 +0100 Subject: [openstack-dev] [publiccloud-wg] Serving vendor json from RFC 5785 well-known dir In-Reply-To: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> References: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> Message-ID: Monty Taylor wrote: > [...] > What if we added support for serving vendor data files from the root of > a primary URL as-per RFC 5785. Specifically, support deployers adding a > json file to .well-known/openstack/client that would contain what we > currently store in the openstacksdk repo and were just discussing > splitting out. > [...] > What do people think? I love the idea of public clouds serving that file directly, and the user experience you get from it. The only two drawbacks on top of my head would be: - it's harder to discover available compliant openstack clouds from the client. - there is no vetting process, so there may be failures with weird clouds serving half-baked files that people may blame the client tooling for. I still think it's a good idea, as in theory it aligns the incentive of maintaining the file with the most interested stakeholder. It just might need some extra communication to work seamlessly. -- Thierry Carrez (ttx) From mnaser at vexxhost.com Mon Nov 5 09:21:10 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Mon, 5 Nov 2018 10:21:10 +0100 Subject: [openstack-dev] [publiccloud-wg] Serving vendor json from RFC 5785 well-known dir In-Reply-To: References: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> Message-ID: Sent from my iPhone > On Nov 5, 2018, at 10:19 AM, Thierry Carrez wrote: > > Monty Taylor wrote: >> [...] >> What if we added support for serving vendor data files from the root of a primary URL as-per RFC 5785. Specifically, support deployers adding a json file to .well-known/openstack/client that would contain what we currently store in the openstacksdk repo and were just discussing splitting out. >> [...] >> What do people think? > > I love the idea of public clouds serving that file directly, and the user experience you get from it. The only two drawbacks on top of my head would be: > > - it's harder to discover available compliant openstack clouds from the client. > > - there is no vetting process, so there may be failures with weird clouds serving half-baked files that people may blame the client tooling for. > > I still think it's a good idea, as in theory it aligns the incentive of maintaining the file with the most interested stakeholder. It just might need some extra communication to work seamlessly. I’m thinking out loud here but perhaps a simple linter that a cloud provider can run will help them make sure that everything is functional. > -- > Thierry Carrez (ttx) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From markus.hentsch at secustack.com Mon Nov 5 09:22:24 2018 From: markus.hentsch at secustack.com (Markus Hentsch) Date: Mon, 5 Nov 2018 10:22:24 +0100 Subject: [openstack-dev] [nova][cinder] Using externally stored keys for encryption In-Reply-To: References: Message-ID: Dear Mohammed, with SecuStack we've been integrating end-to-end (E2E) transfer of secrets into the OpenStack code. From your problem description, it sounds like our implementation would address some of your points. For below explanation, I will refer to those secrets as "keys". Our solution works as follows: - when the user creates an encrypted resource, they may specify to use E2E key transfer instead of Barbican - the resource will be allocated and enter a state where it is waiting for the transmission of the key - the user establishes an E2E relationship with the compute/volume host where the resource has been scheduled - the key is encrypted (asymmetrically) on the user side specifically for this host (using its public key) and transferred through the API to this host - the key reaches the compute/volume host, is decrypted by the host's private key and is then used temporarily for the duration of the resource creation and discarded afterwards Whenever such resource is to be used (instance booted or volume attached), a similar workflow is triggered on-demand that requires the key to be transferred via the E2E channel again. Our solution is complemented by an extension of the Barbican workflow which also allows users to specify secret IDs and manage them manually for encrypted resources instead of having OpenStack handle all of that automatically. This represents a solution that is kind of in-between the current OpenStack and our E2E approach. We have not looked into external Barbican integration yet, though. We do plan to contribute our E2E key transfer and user-centric key control to OpenStack, if we can obtain support for this idea. However, we are currently in the middle of trying to contribute image encryption to OpenStack, which is already proving to be a lengthy process as it involves a lot of different teams. The E2E stuff would be an even bigger change across the components. Unfortunately, we currently don't have the resources to tackle two huge contributions at the same time as it requires a lot of effort getting multiple teams to agree on a single solution. Best regards, Markus Hentsch Mohammed Naser wrote: > Hi everyone: > > I've been digging around the documentation of Nova, Cinder and the > encrypted disks feature and I've been a bit stumped on something which > I think is a very relevant use case that might not be possible (or it > is and I have totally missed it!) > > It seems that both Cinder and Nova assume that secrets are always > stored within the Barbican deployment in the same cloud. This makes a > lot of sense however in scenarios where the consumer of an OpenStack > cloud wants to operate it without trusting the cloud, they won't be > able to have encrypted volumes that make sense, an example: > > - Create encrypted volume, keys are stored in Barbican > - Boot VM using said encrypted volume, Nova pulls keys from Barbican, > starts VM.. > > However, this means that the deployer can at anytime pull down the > keys and decrypt things locally to do $bad_things. However, if we had > something like any of the following two ideas: > > - Allow for "run-time" providing secret on boot (maybe something added > to the start/boot VM API?) > - Allow for pointing towards an external instance of Barbican > > By using those 2, we allow OpenStack users to operate their VMs > securely and allowing them to have control over their keys. If they > want to revoke all access, they can shutdown all the VMs and cut > access to their key storage management and not worry about someone > just pulling them down from the internal Barbican. > > Hopefully I did a good job explaining this use case and I'm just > wondering if this is a thing that's possible at the moment or if we > perhaps need to look into it. > > Thanks, > Mohammed > From xiang.edison at gmail.com Mon Nov 5 09:43:48 2018 From: xiang.edison at gmail.com (Edison Xiang) Date: Mon, 5 Nov 2018 17:43:48 +0800 Subject: [openstack-dev] [api] Open API 3.0 for OpenStack API In-Reply-To: <5c1a3f98-2aad-bfe1-45e3-c4ddd8c52615@redhat.com> References: <413d67d8-e4de-51fe-e7cf-8fb6520aed34@redhat.com>

<20181009125850.4sj52i7c3mi6m6ay@yuggoth.org> <16397789-98b5-a011-0367-dd5023260870@redhat.com> <20181010131849.ey5yf3zxjtevtnae@yuggoth.org> <5c1a3f98-2aad-bfe1-45e3-c4ddd8c52615@redhat.com> Message-ID: Hi team, I submit a forum [1] named "Cross-project Open API 3.0 support". We can make more discussions about that in this forum in berlin. Feel free to add your ideas here [2]. Welcome to join us. Thanks very much. [1] https://www.openstack.org/summit/berlin-2018/summit-schedule/global-search?t=open+api [2] https://etherpad.openstack.org/p/api-berlin-forum-brainstorming Best Regards, Edison Xiang On Thu, Oct 11, 2018 at 7:48 PM Gilles Dubreuil wrote: > > > On 11/10/18 00:18, Jeremy Stanley wrote: > > On 2018-10-10 13:24:28 +1100 (+1100), Gilles Dubreuil wrote: > > On 09/10/18 23:58, Jeremy Stanley wrote: > > On 2018-10-09 08:52:52 -0400 (-0400), Jim Rollenhagen wrote: > [...] > > It seems to me that a major goal of openstacksdk is to hide > differences between clouds from the user. If the user is meant > to use a GraphQL library themselves, we lose this and the user > needs to figure it out themselves. Did I understand that > correctly? > > This is especially useful where the SDK implements business > logic for common operations like "if the user requested A and > the cloud supports features B+C+D then use those to fulfil the > request, otherwise fall back to using features E+F". > > > The features offered to the user don't have to change, it's just a > different architecture. > > The user doesn't have to deal with a GraphQL library, only the > client applications (consuming OpenStack APIs). And there are also > UI tools such as GraphiQL which allow to interact directly with > GraphQL servers. > > > My point was simply that SDKs provide more than a simple translation > of network API calls and feature discovery. There can also be rather > a lot of "business logic" orchestrating multiple primitive API calls > to reach some more complex outcome. The services don't want to embed > this orchestrated business logic themselves, and it makes little > sense to replicate the same algorithms in every single application > which wants to make use of such composite functionality. There are > common actions an application might wish to take which involve > speaking to multiple APIs for different services to make specific > calls in a particular order, perhaps feeding the results of one into > the next. > > Can you explain how GraphQL eliminates the above reasons for an SDK? > > > What I meant is the communication part of any SDK interfacing between > clients and API services can be handled by GraphQL client librairies. > So instead of having to rely on modules (imported or native) to carry the > REST communications, we're dealing with data provided by GraphQL libraries > (which are also modules but standardized as GraphQL is a specification). > So as you mentioned there is still need to provide the data wrap in > objects or any adequate struct to present to the consumers. > > Having a Schema helps both API and clients developers because the data is > clearly typed and graphed. Backend devs can focus on resolving the data for > each node/leaf while the clients can focus on what they need and not how to > get it. > > To relate to $subject, by building the data model (graph) we obtain a > schema and introspection. That's a big saver in term of resources. > > > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribehttp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bdobreli at redhat.com Mon Nov 5 10:47:04 2018 From: bdobreli at redhat.com (Bogdan Dobrelya) Date: Mon, 5 Nov 2018 11:47:04 +0100 Subject: [openstack-dev] [tripleo] Zuul Queue backlogs and resource usage In-Reply-To: References: <1540915417.449870.1559798696.1CFB3E75@webmail.messagingengine.com> <1077343a-b708-4fa2-0f44-2575363419e9@nemebean.com> <1540923927.492007.1559968608.2F968E3E@webmail.messagingengine.com>

Message-ID: Let's also think of removing puppet-tripleo from the base container. It really brings the world-in (and yum updates in CI!) each job and each container! So if we did so, we should then either install puppet-tripleo and co on the host and bind-mount it for the docker-puppet deployment task steps (bad idea IMO), OR use the magical --volumes-from option to mount volumes from some "puppet-config" sidecar container inside each of the containers being launched by docker-puppet tooling. On 10/31/18 6:35 PM, Alex Schultz wrote: > > So this is a single layer that is updated once and shared by all the > containers that inherit from it. I did notice the same thing and have > proposed a change in the layering of these packages last night. > > https://review.openstack.org/#/c/614371/ > > In general this does raise a point about dependencies of services and > what the actual impact of adding new ones to projects is. Especially > in the container world where this might be duplicated N times > depending on the number of services deployed. With the move to > containers, much of the sharedness that being on a single host > provided has been lost at a cost of increased bandwidth, memory, and > storage usage. > > Thanks, > -Alex > -- Best regards, Bogdan Dobrelya, Irc #bogdando From cjeanner at redhat.com Mon Nov 5 10:56:51 2018 From: cjeanner at redhat.com (=?UTF-8?Q?C=c3=a9dric_Jeanneret?=) Date: Mon, 5 Nov 2018 11:56:51 +0100 Subject: [openstack-dev] [tripleo] Zuul Queue backlogs and resource usage In-Reply-To: References: <1540915417.449870.1559798696.1CFB3E75@webmail.messagingengine.com> <1077343a-b708-4fa2-0f44-2575363419e9@nemebean.com> <1540923927.492007.1559968608.2F968E3E@webmail.messagingengine.com>

Message-ID: <41b48fc5-3378-10ba-0c46-e7a2a24d2166@redhat.com> On 11/5/18 11:47 AM, Bogdan Dobrelya wrote: > Let's also think of removing puppet-tripleo from the base container. > It really brings the world-in (and yum updates in CI!) each job and each > container! > So if we did so, we should then either install puppet-tripleo and co on > the host and bind-mount it for the docker-puppet deployment task steps > (bad idea IMO), OR use the magical --volumes-from > option to mount volumes from some "puppet-config" sidecar container > inside each of the containers being launched by docker-puppet tooling. And, in addition, I'd rather see the "podman" thingy as a bind-mount, especially since we MUST get the same version in all the calls. > > On 10/31/18 6:35 PM, Alex Schultz wrote: >> >> So this is a single layer that is updated once and shared by all the >> containers that inherit from it. I did notice the same thing and have >> proposed a change in the layering of these packages last night. >> >> https://review.openstack.org/#/c/614371/ >> >> In general this does raise a point about dependencies of services and >> what the actual impact of adding new ones to projects is. Especially >> in the container world where this might be duplicated N times >> depending on the number of services deployed. With the move to >> containers, much of the sharedness that being on a single host >> provided has been lost at a cost of increased bandwidth, memory, and >> storage usage. >> >> Thanks, >> -Alex >> > -- Cédric Jeanneret Software Engineer DFG:DF -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From cdent+os at anticdent.org Mon Nov 5 11:52:58 2018 From: cdent+os at anticdent.org (Chris Dent) Date: Mon, 5 Nov 2018 11:52:58 +0000 (GMT) Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: <007518d4-daed-4065-7044-40443564f6cb@gmail.com> References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> <007518d4-daed-4065-7044-40443564f6cb@gmail.com> Message-ID: On Sun, 4 Nov 2018, Jay Pipes wrote: > Now that we have generation markers protecting both providers and consumers, > we can rely on those generations to signal to the scheduler report client > that it needs to pull fresh information about a provider or consumer. So, > there's really no need to automatically and blindly refresh any more. I agree with this ^. I've been trying to tease out the issues in this thread and on the associated review [1] and I've decided that much of my confusion comes from the fact that we refer to a thing which is a "cache" in the resource tracker and either trusting it more or not having it at all, and I think that's misleading. To me a "cache" has multiple clients and there's some need for reconciliation and invalidation amongst them. The thing that's in the resource tracker is in one process, changes to it are synchronized; it's merely a data structure. Some words follow where I try to tease things out a bit more (mostly for my own sake, but if it helps other people, great). At the very end there's a bit of list of suggested todos for us to consider. What we have is a data structure which represents the resource tracker and virtdirver's current view on what providers and associates it is aware of. We maintain a boundary between the RT and the virtdriver that means there's "updating" going on that sometimes is a bit fussy to resolve (cf. recent adjustments to allocation ratio handling). In the old way, every now and again we get a bunch of info from placement to confirm that our view is right and try to reconcile things. What we're considering moving towards is only doing that "get a bunch of info from placement" when we fail to write to placement because of a generation conflict. Thus we should only read from placement: * at compute node startup * when a write fails And we should only write to placement: * at compute node startup * when the virt driver tells us something has changed Is that right? If it is not right, can we do that? If not, why not? Because generations change, often, they guard against us making changes in ignorance and allow us to write blindly and only GET when we fail. We've got this everywhere now, let's use it. So, for example, even if something else besides the compute is adding traits, it's cool. We'll fail when we (the compute) try to clobber. Elsewhere in the thread several other topics were raised. A lot of that boil back to "what are we actually trying to do in the periodics?". As is often the case (and appropriately so) what we're trying to do has evolved and accreted in an organic fashion and it is probably time for us to re-evaluate and make sure we're doing the right stuff. The first step is writing that down. That aspect has always been pretty obscure or tribal to me, I presume so for others. So doing a legit audit of that code and the goals is something we should do. Mohammed's comments about allocations getting out of sync are important. I agree with him that it would be excellent if we could go back to self-healing those, especially because of the "wait for the computes to automagically populate everything" part he mentions. However, that aspect, while related to this, is not quite the same thing. The management of allocations and the management of inventories (and "associates") is happening from different angles. And finally, even if we turn off these refreshes to lighten the load, placement still needs to be capable of dealing with frequent requests, so we have something to fix there. We need to do the analysis to find out where the cost is and implement some solutions. At the moment we don't know where it is. It could be: * In the database server * In the python code that marshals the data around those calls to the database * In the python code that handles the WSGI interactions * In the web server that is talking to the python code belmoreira's document [2] suggests some avenues of investigation (most CPU time is in user space and not waiting) but we'd need a bit more information to plan any concrete next steps: * what's the web server and which wsgi configuration? * where's the database, if it's different what's the load there? I suspect there's a lot we can do to make our code more correct and efficient. And beyond that there is a great deal of standard run-of- the mill server-side caching and etag handling that we could implement if necessary. That is: treat placement like a web app that needs to be optimized in the usual ways. As Eric suggested at the start of the thread, this kind of investigation is expected and normal. We've not done something wrong. Make it, make it correct, make it fast is the process. We're oscillating somewhere between 2 and 3. So in terms of actions: * I'm pretty well situated to do some deeper profiling and benchmarking of placement to find the elbows in that. * It seems like Eric and Jay are probably best situated to define and refine what should really be going on with the resource tracker and other actions on the compute-node. * We need to have further discussion and investigation on allocations getting out of sync. Volunteers? What else? [1] https://review.openstack.org/#/c/614886/ [2] https://docs.google.com/document/d/1d5k1hA3DbGmMyJbXdVcekR12gyrFTaj_tJdFwdQy-8E/edit -- Chris Dent ٩◔̯◔۶ https://anticdent.org/ freenode: cdent tw: @anticdent From cdent+os at anticdent.org Mon Nov 5 12:26:05 2018 From: cdent+os at anticdent.org (Chris Dent) Date: Mon, 5 Nov 2018 12:26:05 +0000 (GMT) Subject: [openstack-dev] [publiccloud-wg] Serving vendor json from RFC 5785 well-known dir In-Reply-To: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> References: <7fd557b7-b789-ab1b-8175-4b1b506c45b2@inaugust.com> Message-ID: On Sun, 4 Nov 2018, Monty Taylor wrote: > I've floated a half-baked version of this idea to a few people, but lemme try > again with some new words. > > What if we added support for serving vendor data files from the root of a > primary URL as-per RFC 5785. Specifically, support deployers adding a json > file to .well-known/openstack/client that would contain what we currently > store in the openstacksdk repo and were just discussing splitting out. Sounds like a good plan. I'm still a vexed that we need to know a cloud's primary host, then this URL, then get a url for auth and from there start gathering up information about the services and then their endpoints. All of that seems of one piece to me and there should be one way to do it. But in the absence of that, this is a good plan. > What do people think? I think cats are nice and so is this plan. -- Chris Dent ٩◔̯◔۶ https://anticdent.org/ freenode: cdent tw: @anticdent From bdobreli at redhat.com Mon Nov 5 14:06:34 2018 From: bdobreli at redhat.com (Bogdan Dobrelya) Date: Mon, 5 Nov 2018 15:06:34 +0100 Subject: [openstack-dev] [Edge-computing] [tripleo][FEMDC] IEEE Fog Computing: Call for Contributions - Deadline Approaching In-Reply-To: References: <53cf2d33-cee7-3f0d-7f28-74b29091a7ef@redhat.com> <8acb2f9e-9fbd-77be-a274-eb3d54ae2ab4@redhat.com>

Message-ID: <39eba4f7-7267-72db-548b-f88dbdcf18e7@redhat.com> Thank you for a reply, Flavia: > Hi Bogdan > sorry for the late reply - yesterday was a Holiday here in Brazil! > I am afraid I will not be able to engage in this collaboration with > such a short time...we had to have started this initiative a little > earlier... That's understandable. I hoped though a position paper is something we (all who reads that, not just you and me) could achieve in a couple of days, without a lot of research associated. That's a postion paper, which is not expected to contain formal prove or implementation details. The vision for tooling is the hardest part though, and indeed requires some time. So let me please [tl;dr] the outcome of that position paper: * position: given Always Available autonomy support as a starting point, define invariants for both operational and data storage consistency requirements of control/management plane (I've already drafted some in [0]) * vision: show that in the end that data synchronization and conflict resolving solution just boils down to having a causally consistent KVS (either causal+ or causal-RT, or lazy replication based, or anything like that), and cannot be achieved with *only* transactional distributed database, like Galera cluster. The way how to show that is an open question, we could refer to the existing papers (COPS, causal-RT, lazy replication et al) and claim they fit the defined invariants nicely, while transactional DB cannot fit it by design (it's consensus protocols require majority/quorums to operate and being always available for data put/write operations). We probably may omit proving that obvious thing formally? At least for the postion paper... * opportunity: that is basically designing and implementing of such a causally-consistent KVS solution (see COPS library as example) for OpenStack, and ideally, unifying it for PaaS operators (OpenShift/Kubernetes) and tenants willing to host their containerized workloads on PaaS distributed over a Fog Cloud of Edge clouds and leverage its data synchronization and conflict resolving solution as-a-service. Like Amazon dynamo DB, for example, except that fitting the edge cases of another cloud stack :) [0] https://github.com/bogdando/papers-ieee/blob/master/ICFC-2019/challenges.md > As for working collaboratively with latex, I would recommend using > overleaf - it is not that difficult and has lots of edition resources > as markdown and track changes, for instance. > Thanks and good luck! > Flavia On 11/2/18 5:32 PM, Bogdan Dobrelya wrote: > Hello folks. > Here is an update for today. I crated a draft [0], and spend some time > with building LaTeX with live-updating for the compiled PDF... The > latter is only informational, if someone wants to contribute, please > follow the instructions listed by the link (hint: you need no to have > any LaTeX experience, only basic markdown knowledge should be enough!) > > [0] > https://github.com/bogdando/papers-ieee/#in-the-current-development-looking-for-co-authors > > > On 10/31/18 6:54 PM, Ildiko Vancsa wrote: >> Hi, >> >> Thank you for sharing your proposal. >> >> I think this is a very interesting topic with a list of possible >> solutions some of which this group is also discussing. It would also >> be great to learn more about the IEEE activities and have experience >> about the process in this group on the way forward. >> >> I personally do not have experience with IEEE conferences, but I’m >> happy to help with the paper if I can. >> >> Thanks, >> Ildikó >> >> > > (added from the parallel thread) >>> On 2018. Oct 31., at 19:11, Mike Bayer >>> wrote: >>> >>> On Wed, Oct 31, 2018 at 10:57 AM Bogdan Dobrelya >> redhat.com> wrote: >>>> >>>> (cross-posting openstack-dev) >>>> >>>> Hello. >>>> [tl;dr] I'm looking for co-author(s) to come up with "Edge clouds data >>>> consistency requirements and challenges" a position paper [0] (papers >>>> submitting deadline is Nov 8). >>>> >>>> The problem scope is synchronizing control plane and/or >>>> deployments-specific data (not necessary limited to OpenStack) across >>>> remote Edges and central Edge and management site(s). Including the >>>> same >>>> aspects for overclouds and undercloud(s), in terms of TripleO; and >>>> other >>>> deployment tools of your choice. >>>> >>>> Another problem is to not go into different solutions for Edge >>>> deployments management and control planes of edges. And for tenants as >>>> well, if we think of tenants also doing Edge deployments based on Edge >>>> Data Replication as a Service, say for Kubernetes/OpenShift on top of >>>> OpenStack. >>>> >>>> So the paper should name the outstanding problems, define data >>>> consistency requirements and pose possible solutions for >>>> synchronization >>>> and conflicts resolving. Having maximum autonomy cases supported for >>>> isolated sites, with a capability to eventually catch up its >>>> distributed >>>> state. Like global database [1], or something different perhaps (see >>>> causal-real-time consistency model [2],[3]), or even using git. And >>>> probably more than that?.. (looking for ideas) >>> >>> >>> I can offer detail on whatever aspects of the "shared / global >>> database" idea. The way we're doing it with Galera for now is all >>> about something simple and modestly effective for the moment, but it >>> doesn't have any of the hallmarks of a long-term, canonical solution, >>> because Galera is not well suited towards being present on many >>> (dozens) of endpoints. The concept that the StarlingX folks were >>> talking about, that of independent databases that are synchronized >>> using some kind of middleware is potentially more scalable, however I >>> think the best approach would be API-level replication, that is, you >>> have a bunch of Keystone services and there is a process that is >>> regularly accessing the APIs of these keystone services and >>> cross-publishing state amongst all of them. Clearly the big >>> challenge with that is how to resolve conflicts, I think the answer >>> would lie in the fact that the data being replicated would be of >>> limited scope and potentially consist of mostly or fully >>> non-overlapping records. >>> >>> That is, I think "global database" is a cheap way to get what would be >>> more effective as asynchronous state synchronization between identity >>> services. >> >> Recently we’ve been also exploring federation with an IdP (Identity >> Provider) master: >> https://wiki.openstack.org/wiki/Keystone_edge_architectures#Identity_Provider_.28IdP.29_Master_with_shadow_users >> >> >> One of the pros is that it removes the need for synchronization and >> potentially increases scalability. >> >> Thanks, >> Ildikó > > > -- Best regards, Bogdan Dobrelya, Irc #bogdando From tnakamura.openstack at gmail.com Mon Nov 5 14:55:07 2018 From: tnakamura.openstack at gmail.com (Tetsuro Nakamura) Date: Mon, 5 Nov 2018 23:55:07 +0900 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> <007518d4-daed-4065-7044-40443564f6cb@gmail.com> Message-ID: Thus we should only read from placement: > * at compute node startup > * when a write fails > And we should only write to placement: > * at compute node startup > * when the virt driver tells us something has changed I agree with this. We could also prepare an interface for operators/other-projects to force nova to pull fresh information from placement and put it into its cache in order to avoid predictable conflicts. Is that right? If it is not right, can we do that? If not, why not? The same question from me. Refreshing periodically strategy might be now an optional optimization for smaller clouds? 2018年11月5日(月) 20:53 Chris Dent : > On Sun, 4 Nov 2018, Jay Pipes wrote: > > > Now that we have generation markers protecting both providers and > consumers, > > we can rely on those generations to signal to the scheduler report > client > > that it needs to pull fresh information about a provider or consumer. > So, > > there's really no need to automatically and blindly refresh any more. > > I agree with this ^. > > I've been trying to tease out the issues in this thread and on the > associated review [1] and I've decided that much of my confusion > comes from the fact that we refer to a thing which is a "cache" in > the resource tracker and either trusting it more or not having it at > all, and I think that's misleading. To me a "cache" has multiple > clients and there's some need for reconciliation and invalidation > amongst them. The thing that's in the resource tracker is in one > process, changes to it are synchronized; it's merely a data structure. > > Some words follow where I try to tease things out a bit more (mostly > for my own sake, but if it helps other people, great). At the very > end there's a bit of list of suggested todos for us to consider. > > What we have is a data structure which represents the resource > tracker and virtdirver's current view on what providers and > associates it is aware of. We maintain a boundary between the RT and > the virtdriver that means there's "updating" going on that sometimes > is a bit fussy to resolve (cf. recent adjustments to allocation > ratio handling). > > In the old way, every now and again we get a bunch of info from > placement to confirm that our view is right and try to reconcile > things. > > What we're considering moving towards is only doing that "get a > bunch of info from placement" when we fail to write to placement > because of a generation conflict. > > Thus we should only read from placement: > > * at compute node startup > * when a write fails > > And we should only write to placement: > > * at compute node startup > * when the virt driver tells us something has changed > > Is that right? If it is not right, can we do that? If not, why not? > > Because generations change, often, they guard against us making > changes in ignorance and allow us to write blindly and only GET when > we fail. We've got this everywhere now, let's use it. So, for > example, even if something else besides the compute is adding > traits, it's cool. We'll fail when we (the compute) try to clobber. > > Elsewhere in the thread several other topics were raised. A lot of > that boil back to "what are we actually trying to do in the > periodics?". As is often the case (and appropriately so) what we're > trying to do has evolved and accreted in an organic fashion and it > is probably time for us to re-evaluate and make sure we're doing the > right stuff. The first step is writing that down. That aspect has > always been pretty obscure or tribal to me, I presume so for others. > So doing a legit audit of that code and the goals is something we > should do. > > Mohammed's comments about allocations getting out of sync are > important. I agree with him that it would be excellent if we could > go back to self-healing those, especially because of the "wait for > the computes to automagically populate everything" part he mentions. > However, that aspect, while related to this, is not quite the same > thing. The management of allocations and the management of > inventories (and "associates") is happening from different angles. > > And finally, even if we turn off these refreshes to lighten the > load, placement still needs to be capable of dealing with frequent > requests, so we have something to fix there. We need to do the > analysis to find out where the cost is and implement some solutions. > At the moment we don't know where it is. It could be: > > * In the database server > * In the python code that marshals the data around those calls to > the database > * In the python code that handles the WSGI interactions > * In the web server that is talking to the python code > > belmoreira's document [2] suggests some avenues of investigation > (most CPU time is in user space and not waiting) but we'd need a bit > more information to plan any concrete next steps: > > * what's the web server and which wsgi configuration? > * where's the database, if it's different what's the load there? > > I suspect there's a lot we can do to make our code more correct and > efficient. And beyond that there is a great deal of standard run-of- > the mill server-side caching and etag handling that we could > implement if necessary. That is: treat placement like a web app that > needs to be optimized in the usual ways. > > As Eric suggested at the start of the thread, this kind of > investigation is expected and normal. We've not done something > wrong. Make it, make it correct, make it fast is the process. > We're oscillating somewhere between 2 and 3. > > So in terms of actions: > > * I'm pretty well situated to do some deeper profiling and > benchmarking of placement to find the elbows in that. > > * It seems like Eric and Jay are probably best situated to define > and refine what should really be going on with the resource > tracker and other actions on the compute-node. > > * We need to have further discussion and investigation on > allocations getting out of sync. Volunteers? > > What else? > > [1] https://review.openstack.org/#/c/614886/ > [2] > https://docs.google.com/document/d/1d5k1hA3DbGmMyJbXdVcekR12gyrFTaj_tJdFwdQy-8E/edit > > -- > Chris Dent ٩◔̯◔۶ https://anticdent.org/ > freenode: cdent tw: > @anticdent__________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aschultz at redhat.com Mon Nov 5 15:04:04 2018 From: aschultz at redhat.com (Alex Schultz) Date: Mon, 5 Nov 2018 08:04:04 -0700 Subject: [openstack-dev] [tripleo] Zuul Queue backlogs and resource usage In-Reply-To: References: <1540915417.449870.1559798696.1CFB3E75@webmail.messagingengine.com> <1077343a-b708-4fa2-0f44-2575363419e9@nemebean.com> <1540923927.492007.1559968608.2F968E3E@webmail.messagingengine.com>

Message-ID: On Mon, Nov 5, 2018 at 3:47 AM Bogdan Dobrelya wrote: > > Let's also think of removing puppet-tripleo from the base container. > It really brings the world-in (and yum updates in CI!) each job and each > container! > So if we did so, we should then either install puppet-tripleo and co on > the host and bind-mount it for the docker-puppet deployment task steps > (bad idea IMO), OR use the magical --volumes-from > option to mount volumes from some "puppet-config" sidecar container > inside each of the containers being launched by docker-puppet tooling. > This does bring an interesting point as we also include this in overcloud-full. I know Dan had a patch to stop using the puppet-tripleo from the host[0] which is the opposite of this. While these yum updates happen a bunch in CI, they aren't super large updates. But yes I think we need to figure out the correct way forward with these packages. Thanks, -Alex [0] https://review.openstack.org/#/c/550848/ > On 10/31/18 6:35 PM, Alex Schultz wrote: > > > > So this is a single layer that is updated once and shared by all the > > containers that inherit from it. I did notice the same thing and have > > proposed a change in the layering of these packages last night. > > > > https://review.openstack.org/#/c/614371/ > > > > In general this does raise a point about dependencies of services and > > what the actual impact of adding new ones to projects is. Especially > > in the container world where this might be duplicated N times > > depending on the number of services deployed. With the move to > > containers, much of the sharedness that being on a single host > > provided has been lost at a cost of increased bandwidth, memory, and > > storage usage. > > > > Thanks, > > -Alex > > > > -- > Best regards, > Bogdan Dobrelya, > Irc #bogdando From mriedemos at gmail.com Mon Nov 5 15:17:05 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 09:17:05 -0600 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> Message-ID: On 11/4/2018 4:22 AM, Mohammed Naser wrote: > Just for information sake, a clean state cloud which had no reported issues > over maybe a period of 2-3 months already has 4 allocations which are > incorrect and 12 allocations pointing to the wrong resource provider, so I > think this comes does to committing to either "self-healing" to fix those > issues or not. Is this running Rocky or an older release? Have you dug into any of the operations around these instances to determine what might have gone wrong? For example, was a live migration performed recently on these instances and if so, did it fail? How about evacuations (rebuild from a down host). By "4 allocations which are incorrect" I assume that means they are pointing at the correct compute node resource provider but the values for allocated VCPU, MEMORY_MB and DISK_GB is wrong? If so, how do the allocations align with old/new flavors used to resize the instance? Did the resize fail? Are there mixed compute versions at all, i.e. are you moving instances around during a rolling upgrade? -- Thanks, Matt From mriedemos at gmail.com Mon Nov 5 15:18:07 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 09:18:07 -0600 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc> <007518d4-daed-4065-7044-40443564f6cb@gmail.com> Message-ID: On 11/5/2018 5:52 AM, Chris Dent wrote: > * We need to have further discussion and investigation on > allocations getting out of sync. Volunteers? This is something I've already spent a lot of time on with the heal_allocations CLI, and have already started asking mnaser questions about this elsewhere in the thread. -- Thanks, Matt From mriedemos at gmail.com Mon Nov 5 16:05:53 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 10:05:53 -0600 Subject: [openstack-dev] [goals][upgrade-checkers] Week R-23 Update Message-ID: <1ac2c057-7760-51a3-8143-58ec1780d51e@gmail.com> There is not much news this week. There are several open changes which add the base command framework to projects [1]. Those need reviews from the related core teams. gmann and I have been trying to go through them first to make sure they are ready for core review. There is one neutron change to note [2] which adds an extension point for neutron stadium projects (and ML2 plugins?) to hook in their own upgrade checks. Given the neutron architecture, this makes sense. My only worry is about making sure the interface is clearly defined, but I suspect this isn't the first time the neutron team has had to deal with something like this. [1] https://review.openstack.org/#/q/topic:upgrade-checkers+status:open [2] https://review.openstack.org/#/c/615196/ -- Thanks, Matt From dtantsur at redhat.com Mon Nov 5 16:18:40 2018 From: dtantsur at redhat.com (Dmitry Tantsur) Date: Mon, 5 Nov 2018 17:18:40 +0100 Subject: [openstack-dev] [all] 2019 summit during May holidays? Message-ID: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> Hi all, Not sure how official the information about the next summit is, but it's on the web site [1], so I guess worth asking.. Are we planning for the summit to overlap with the May holidays? The 1st of May is a holiday in big part of the world. We ask people to skip it in addition to 3+ weekend days they'll have to spend working and traveling. To make it worse, 1-3 May are holidays in Russia this time. To make it even worse than worse, the week of 29th is the Golden Week in Japan [2]. Was it considered? Is it possible to move the days to less conflicting time (mid-May maybe)? Dmitry [1] https://www.openstack.org/summit/denver-2019/ [2] https://en.wikipedia.org/wiki/Golden_Week_(Japan) From fm577c at att.com Mon Nov 5 16:37:27 2018 From: fm577c at att.com (MONTEIRO, FELIPE C) Date: Mon, 5 Nov 2018 16:37:27 +0000 Subject: [openstack-dev] [qa] patrole] Nominating Sergey Vilgelm and Mykola Yakovliev for Patrole core In-Reply-To: References: <7D5E803080EF7047850D309B333CB94E22EBA021@GAALPA1MSGUSRBI.ITServices.sbc.com> <1669e0a173d.c3a7d12643083.6400498436645570362@ghanshyammann.com> <7D5E803080EF7047850D309B333CB94E22EC70F3@GAALPA1MSGUSRBI.ITServices.sbc.com> Message-ID: <7D5E803080EF7047850D309B333CB94E22ECBAD3@GAALPA1MSGUSRBI.ITServices.sbc.com> Since there have only been approvals for Sergey and Mykola for Patrole core, welcome to the team! Felipe > -----Original Message----- > From: BARTRA, RICK > Sent: Monday, October 29, 2018 2:56 PM > To: openstack-dev at lists.openstack.org > Subject: Re: [openstack-dev] [qa] patrole] Nominating Sergey Vilgelm and > Mykola Yakovliev for Patrole core > > *** Security Advisory: This Message Originated Outside of AT&T ***. > Reference http://cso.att.com/EmailSecurity/IDSP.html for more > information. > > +1 for both of them as well. > > > > On 10/29/18, 2:54 PM, "MONTEIRO, FELIPE C" wrote: > > > > > > > > -----Original Message----- > > From: Ghanshyam Mann [mailto:gmann at ghanshyammann.com] > > Sent: Monday, October 22, 2018 7:09 PM > > To: OpenStack Development Mailing List \ dev at lists.openstack.org> > > Subject: Re: [openstack-dev] [qa] patrole] Nominating Sergey Vilgelm and > Mykola Yakovliev for Patrole core > > > > +1 for both of them. They have been doing great work in Patrole and will > be good addition in team. > > > > -gmann > > > > > > ---- On Tue, 23 Oct 2018 03:34:51 +0900 MONTEIRO, FELIPE C > wrote ---- > > > > > > Hi, > > > > > > I would like to nominate Sergey Vilgelm and Mykola Yakovliev for > Patrole core as they have both done excellent work the past cycle in > improving the Patrole framework as well as increasing Neutron Patrole test > coverage, which includes various Neutron plugins/extensions as well like > fwaas. I believe they will both make an excellent addition to the Patrole core > team. > > > > > > Please vote with a +1/-1 for the nomination, which will stay open for > one week. > > > > > > Felipe > > > > ______________________________________________________________ > ____________ > > > OpenStack Development Mailing List (not for usage questions) > > > Unsubscribe: OpenStack-dev- > request at lists.openstack.org?subject:unsubscribe > > > https://urldefense.proofpoint.com/v2/url?u=http- > 3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack- > 2Ddev&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=X4GwEru-SJ9DRnCxhze- > aw&m=Hr9uSwCAFUivOWpV_I3WfWWX2j2FaDOJgydFtf1xADs&s=tM- > 1KJHy12lSqbDfRmZNuc_dgRsAjBqLMZchmEVHGEo&e= > > > > > > > > > > > > ______________________________________________________________ > ____________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: OpenStack-dev- > request at lists.openstack.org?subject:unsubscribe > > https://urldefense.proofpoint.com/v2/url?u=http- > 3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack- > 2Ddev&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=X4GwEru-SJ9DRnCxhze- > aw&m=Hr9uSwCAFUivOWpV_I3WfWWX2j2FaDOJgydFtf1xADs&s=tM- > 1KJHy12lSqbDfRmZNuc_dgRsAjBqLMZchmEVHGEo&e= > > > > > > ______________________________________________________________ > ____________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev- > request at lists.openstack.org?subject:unsubscribe > https://urldefense.proofpoint.com/v2/url?u=http- > 3A__lists.openstack.org_cgi-2Dbin_mailman_listinfo_openstack- > 2Ddev&d=DwIGaQ&c=LFYZ-o9_HUMeMTSQicvjIg&r=X4GwEru-SJ9DRnCxhze- > aw&m=VUGWFp3_1Kffqqftl0BNEQGU0tY7YI6cAPQCOO6l4OA&s=- > vCce7mua2bf0wEyUxPbuGJLmhhaV8Geu3ImAgP4MHA&e= From kgiusti at gmail.com Mon Nov 5 16:42:08 2018 From: kgiusti at gmail.com (Ken Giusti) Date: Mon, 5 Nov 2018 11:42:08 -0500 Subject: [openstack-dev] [oslo] No complains about rabbitmq SSL problems: could we have this in the logs? In-Reply-To: <08C09D03-132D-406E-AFDE-7845B2D55B5F@vexxhost.com> References: <08C09D03-132D-406E-AFDE-7845B2D55B5F@vexxhost.com> Message-ID: Hi Mohammed, What release of openstack are you using? (ocata, pike, etc) Also just to confirm my understanding: you do see the SSL connections come up, but after some time they 'hang' - what do you mean by 'hang'? Do the connections drop? Or do the connections remain up but you start seeing messages (RPC calls) time out? thanks, On Wed, Oct 31, 2018 at 9:40 AM Mohammed Naser wrote: > For what it’s worth: I ran into the same issue. I think the problem lies > a bit deeper because it’s a problem with kombu as when debugging I saw that > Oslo messaging tried to connect and hung after. > > Sent from my iPhone > > > On Oct 31, 2018, at 2:29 PM, Thomas Goirand wrote: > > > > Hi, > > > > It took me a long long time to figure out that my SSL setup was wrong > > when trying to connect Heat to rabbitmq over SSL. Unfortunately, Oslo > > (or heat itself) never warn me that something was wrong, I just got > > nothing working, and no log at all. > > > > I'm sure I wouldn't be the only one happy about having this type of > > problems being yelled out loud in the logs. Right now, it does work if I > > turn off SSL, though I'm still not sure what's wrong in my setup, and > > I'm given no clue if the issue is on rabbitmq-server or on the client > > side (ie: heat, in my current case). > > > > Just a wishlist... :) > > Cheers, > > > > Thomas Goirand (zigo) > > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -- Ken Giusti (kgiusti at gmail.com) -------------- next part -------------- An HTML attachment was scrubbed... URL: From mriedemos at gmail.com Mon Nov 5 16:43:25 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 10:43:25 -0600 Subject: [openstack-dev] [goals][upgrade-checkers] FYI on "TypeError: Message objects do not support addition." errors Message-ID: <231d6a67-e114-a097-7524-57e264d8884e@gmail.com> If you are seeing this error when implementing and running the upgrade check command in your project: Traceback (most recent call last): File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/oslo_upgradecheck/upgradecheck.py", line 184, in main return conf.command.action_fn() File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/oslo_upgradecheck/upgradecheck.py", line 134, in check print(t) File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/prettytable.py", line 237, in __str__ return self.__unicode__() File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/prettytable.py", line 243, in __unicode__ return self.get_string() File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/prettytable.py", line 995, in get_string lines.append(self._stringify_header(options)) File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/prettytable.py", line 1066, in _stringify_header bits.append(" " * lpad + self._justify(fieldname, width, self._align[field]) + " " * rpad) File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/prettytable.py", line 187, in _justify return text + excess * " " File "/home/osboxes/git/searchlight/.tox/venv/lib/python3.5/site-packages/oslo_i18n/_message.py", line 230, in __add__ raise TypeError(msg) TypeError: Message objects do not support addition. It is due to calling oslo_i18n.enable_lazy() somewhere in the command import path. That should be removed from the project since lazy translation is not supported in openstack and as an effort was abandoned several years ago. It is probably still called in a lot of "big tent/stackforge" projects because of initially copying it from the more core projects. Anyway, just remove it. I'm talking with the oslo team about deprecating that interface so projects don't mistakenly use it and expect great things to happen. -- Thanks, Matt From mriedemos at gmail.com Mon Nov 5 17:28:02 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 11:28:02 -0600 Subject: [openstack-dev] [nova] about live-resize the instance In-Reply-To: References:

Message-ID: <267b0eff-15ea-23bd-7bf8-f319cda79790@gmail.com> On 11/4/2018 10:17 PM, Chen CH Ji wrote: > Yes, this has been discussed for long time and If I remember this > correctly seems S PTG also had some discussion on it (maybe public Cloud > WG ? ), Claudiu has been pushing this for several cycles and he actually > had some code at [1] but no additional progress there... > [1] > https://review.openstack.org/#/q/status:abandoned+topic:bp/instance-live-resize It's a question of priorities. It's a complicated change and low priority, in my opinion. We've said several times before that we'd do it, but there are a lot of other higher priority efforts taking the attention of the core team. Getting agreement on the spec is the first step and then the runways process should be used to deal with actual code reviews, but I think the spec review has stalled (I know I am guilty of not looking at the latest updates to the spec). -- Thanks, Matt From mriedemos at gmail.com Mon Nov 5 17:30:38 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 11:30:38 -0600 Subject: [openstack-dev] [nova] Announcing new Focal Point for s390x libvirt/kvm Nova In-Reply-To: References: Message-ID: <16a44253-620d-9f22-e1b1-b36683f0f15d@gmail.com> On 11/2/2018 3:47 AM, Andreas Scheuring wrote: > Dear Nova Community, > I want to announce the new focal point for Nova s390x libvirt/kvm. > > Please welcome "Cathy Zhang” to the Nova team. She and her team will be responsible for maintaining the s390x libvirt/kvm Thirdparty CI [1] and any s390x specific code in nova and os-brick. > I personally took a new opportunity already a few month ago but kept maintaining the CI as good as possible. With new manpower we can hopefully contribute more to the community again. > > You can reach her via > * email:bjzhjing at linux.vnet.ibm.com > * IRC: Cathyz > > Cathy, I wish you and your team all the best for this exciting role! I also want to say thank you for the last years. It was a great time, I learned a lot from you all, will miss it! > > Cheers, > > Andreas (irc: scheuran) > > > [1]https://wiki.openstack.org/wiki/ThirdPartySystems/IBM_zKVM_CI Welcome Cathy. Andreas - thanks for the update and good luck on the new position. -- Thanks, Matt From bdobreli at redhat.com Mon Nov 5 17:50:32 2018 From: bdobreli at redhat.com (Bogdan Dobrelya) Date: Mon, 5 Nov 2018 18:50:32 +0100 Subject: [openstack-dev] [Edge-computing] [tripleo][FEMDC] IEEE Fog Computing: Call for Contributions - Deadline Approaching In-Reply-To: <39eba4f7-7267-72db-548b-f88dbdcf18e7@redhat.com> References: <53cf2d33-cee7-3f0d-7f28-74b29091a7ef@redhat.com> <8acb2f9e-9fbd-77be-a274-eb3d54ae2ab4@redhat.com>

<39eba4f7-7267-72db-548b-f88dbdcf18e7@redhat.com> Message-ID: <7e97e280-78e4-fe72-7068-49c981d84048@redhat.com> Update: I have yet found co-authors, I'll keep drafting that position paper [0],[1]. Just did some baby steps so far. I'm open for feedback and contributions! PS. Deadline is Nov 9 03:00 UTC, but *may be* it will be extended, if the event chairs decide to do so. Fingers crossed. [0] https://github.com/bogdando/papers-ieee#in-the-current-development-looking-for-co-authors [1] https://github.com/bogdando/papers-ieee/blob/master/ICFC-2019/LaTeX/position_paper_1570506394.pdf On 11/5/18 3:06 PM, Bogdan Dobrelya wrote: > Thank you for a reply, Flavia: > >> Hi Bogdan >> sorry for the late reply - yesterday was a Holiday here in Brazil! >> I am afraid I will not be able to engage in this collaboration with >> such a short time...we had to have started this initiative a little >> earlier... > > That's understandable. > > I hoped though a position paper is something we (all who reads that, not > just you and me) could achieve in a couple of days, without a lot of > research associated. That's a postion paper, which is not expected to > contain formal prove or implementation details. The vision for tooling > is the hardest part though, and indeed requires some time. > > So let me please [tl;dr] the outcome of that position paper: > > * position: given Always Available autonomy support as a starting point, > define invariants for both operational and data storage consistency > requirements of control/management plane (I've already drafted some in > [0]) > > * vision: show that in the end that data synchronization and conflict > resolving solution just boils down to having a causally > consistent KVS (either causal+ or causal-RT, or lazy replication > based, or anything like that), and cannot be achieved with *only* > transactional distributed database, like Galera cluster. The way how > to show that is an open question, we could refer to the existing > papers (COPS, causal-RT, lazy replication et al) and claim they fit > the defined invariants nicely, while transactional DB cannot fit it > by design (it's consensus protocols require majority/quorums to > operate and being always available for data put/write operations). > We probably may omit proving that obvious thing formally? At least for > the postion paper... > > * opportunity: that is basically designing and implementing of such a > causally-consistent KVS solution (see COPS library as example) for > OpenStack, and ideally, unifying it for PaaS operators > (OpenShift/Kubernetes) and tenants willing to host their containerized > workloads on PaaS distributed over a Fog Cloud of Edge clouds and > leverage its data synchronization and conflict resolving solution > as-a-service. Like Amazon dynamo DB, for example, except that fitting > the edge cases of another cloud stack :) > > [0] > https://github.com/bogdando/papers-ieee/blob/master/ICFC-2019/challenges.md > >> As for working collaboratively with latex, I would recommend using >> overleaf - it is not that difficult and has lots of edition resources >> as markdown and track changes, for instance. >> Thanks and good luck! >> Flavia > > > > On 11/2/18 5:32 PM, Bogdan Dobrelya wrote: >> Hello folks. >> Here is an update for today. I crated a draft [0], and spend some time >> with building LaTeX with live-updating for the compiled PDF... The >> latter is only informational, if someone wants to contribute, please >> follow the instructions listed by the link (hint: you need no to have >> any LaTeX experience, only basic markdown knowledge should be enough!) >> >> [0] >> https://github.com/bogdando/papers-ieee/#in-the-current-development-looking-for-co-authors >> >> >> On 10/31/18 6:54 PM, Ildiko Vancsa wrote: >>> Hi, >>> >>> Thank you for sharing your proposal. >>> >>> I think this is a very interesting topic with a list of possible >>> solutions some of which this group is also discussing. It would also >>> be great to learn more about the IEEE activities and have experience >>> about the process in this group on the way forward. >>> >>> I personally do not have experience with IEEE conferences, but I’m >>> happy to help with the paper if I can. >>> >>> Thanks, >>> Ildikó >>> >>> >> >> (added from the parallel thread) >>>> On 2018. Oct 31., at 19:11, Mike Bayer >>>> wrote: >>>> >>>> On Wed, Oct 31, 2018 at 10:57 AM Bogdan Dobrelya >>> redhat.com> wrote: >>>>> >>>>> (cross-posting openstack-dev) >>>>> >>>>> Hello. >>>>> [tl;dr] I'm looking for co-author(s) to come up with "Edge clouds data >>>>> consistency requirements and challenges" a position paper [0] (papers >>>>> submitting deadline is Nov 8). >>>>> >>>>> The problem scope is synchronizing control plane and/or >>>>> deployments-specific data (not necessary limited to OpenStack) across >>>>> remote Edges and central Edge and management site(s). Including the >>>>> same >>>>> aspects for overclouds and undercloud(s), in terms of TripleO; and >>>>> other >>>>> deployment tools of your choice. >>>>> >>>>> Another problem is to not go into different solutions for Edge >>>>> deployments management and control planes of edges. And for tenants as >>>>> well, if we think of tenants also doing Edge deployments based on Edge >>>>> Data Replication as a Service, say for Kubernetes/OpenShift on top of >>>>> OpenStack. >>>>> >>>>> So the paper should name the outstanding problems, define data >>>>> consistency requirements and pose possible solutions for >>>>> synchronization >>>>> and conflicts resolving. Having maximum autonomy cases supported for >>>>> isolated sites, with a capability to eventually catch up its >>>>> distributed >>>>> state. Like global database [1], or something different perhaps (see >>>>> causal-real-time consistency model [2],[3]), or even using git. And >>>>> probably more than that?.. (looking for ideas) >>>> >>>> >>>> I can offer detail on whatever aspects of the "shared / global >>>> database" idea. The way we're doing it with Galera for now is all >>>> about something simple and modestly effective for the moment, but it >>>> doesn't have any of the hallmarks of a long-term, canonical solution, >>>> because Galera is not well suited towards being present on many >>>> (dozens) of endpoints. The concept that the StarlingX folks were >>>> talking about, that of independent databases that are synchronized >>>> using some kind of middleware is potentially more scalable, however I >>>> think the best approach would be API-level replication, that is, you >>>> have a bunch of Keystone services and there is a process that is >>>> regularly accessing the APIs of these keystone services and >>>> cross-publishing state amongst all of them. Clearly the big >>>> challenge with that is how to resolve conflicts, I think the answer >>>> would lie in the fact that the data being replicated would be of >>>> limited scope and potentially consist of mostly or fully >>>> non-overlapping records. >>>> >>>> That is, I think "global database" is a cheap way to get what would be >>>> more effective as asynchronous state synchronization between identity >>>> services. >>> >>> Recently we’ve been also exploring federation with an IdP (Identity >>> Provider) master: >>> https://wiki.openstack.org/wiki/Keystone_edge_architectures#Identity_Provider_.28IdP.29_Master_with_shadow_users >>> >>> >>> One of the pros is that it removes the need for synchronization and >>> potentially increases scalability. >>> >>> Thanks, >>> Ildikó >> >> >> > > -- Best regards, Bogdan Dobrelya, Irc #bogdando From mriedemos at gmail.com Mon Nov 5 17:51:57 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 11:51:57 -0600 Subject: [openstack-dev] Dropping lazy translation support Message-ID: This is a follow up to a dev ML email [1] where I noticed that some implementations of the upgrade-checkers goal were failing because some projects still use the oslo_i18n.enable_lazy() hook for lazy log message translation (and maybe API responses?). The very old blueprints related to this can be found here [2][3][4]. If memory serves me correctly from my time working at IBM on this, this was needed to: 1. Generate logs translated in other languages. 2. Return REST API responses if the "Accept-Language" header was used and a suitable translation existed for that language. #1 is a dead horse since I think at least the Ocata summit when we agreed to no longer translate logs since no one used them. #2 is probably something no one knows about. I can't find end-user documentation about it anywhere. It's not tested and therefore I have no idea if it actually works anymore. I would like to (1) deprecate the oslo_i18n.enable_lazy() function so new projects don't use it and (2) start removing the enable_lazy() usage from existing projects like keystone, glance and cinder. Are there any users, deployments or vendor distributions that still rely on this feature? If so, please speak up now. [1] http://lists.openstack.org/pipermail/openstack-dev/2018-November/136285.html [2] https://blueprints.launchpad.net/oslo-incubator/+spec/i18n-messages [3] https://blueprints.launchpad.net/nova/+spec/i18n-messages [4] https://blueprints.launchpad.net/nova/+spec/user-locale-api -- Thanks, Matt From dprince at redhat.com Mon Nov 5 18:26:00 2018 From: dprince at redhat.com (Dan Prince) Date: Mon, 5 Nov 2018 13:26:00 -0500 Subject: [openstack-dev] [TripleO] PSA lets use deploy_steps_tasks In-Reply-To: <1632c103-0eff-ad35-6dc9-ac0c6f120d69@redhat.com> References: <1632c103-0eff-ad35-6dc9-ac0c6f120d69@redhat.com> Message-ID: On Mon, Nov 5, 2018 at 4:06 AM Cédric Jeanneret wrote: > > On 11/2/18 2:39 PM, Dan Prince wrote: > > I pushed a patch[1] to update our containerized deployment > > architecture docs yesterday. There are 2 new fairly useful sections we > > can leverage with TripleO's stepwise deployment. They appear to be > > used somewhat sparingly so I wanted to get the word out. > > Good thing, it's important to highlight this feature and explain how it > works, big thumb up Dan! > > > > > The first is 'deploy_steps_tasks' which gives you a means to run > > Ansible snippets on each node/role in a stepwise fashion during > > deployment. Previously it was only possible to execute puppet or > > docker commands where as now that we have deploy_steps_tasks we can > > execute ad-hoc ansible in the same manner. > > I'm wondering if such a thing could be used for the "inflight > validations" - i.e. a step to validate a service/container is working as > expected once it's deployed, in order to get early failure. > For instance, we deploy a rabbitmq container, and right after it's > deployed, we'd like to ensure it's actually running and works as > expected before going forward in the deploy. > > Care to have a look at that spec[1] and see if, instead of adding a new > "validation_tasks" entry, we could "just" use the "deploy_steps_tasks" > with the right step number? That would be really, really cool, and will > probably avoid a lot of code in the end :). It could work fine I think. As deploy-steps-tasks runs before the "common container/baremetal" actions special care would need to be taken so that validations for a containers startup occur at the beginning of the next step. So a container started at step 2 would be validated early in step 3. This may also require us to have a "post" deploy_steps_tasks" iteration so that we can validate late starting containers. If if we use the more generic deploy_steps_tasks section we'd probably rely on conventions to always add Ansible tags onto the validation tasks. These could be useful for those wanting to selectively execute them externally (not sure if that was part of your spec but I could see someone wanting this). Dan > > Thank you! > > C. > > [1] https://review.openstack.org/#/c/602007/ > > > > > The second is 'external_deploy_tasks' which allows you to use run > > Ansible snippets on the Undercloud during stepwise deployment. This is > > probably most useful for driving an external installer but might also > > help with some complex tasks that need to originate from a single > > Ansible client. > > > > The only downside I see to these approaches is that both appear to be > > implemented with Ansible's default linear strategy. I saw shardy's > > comment here [2] that the :free strategy does not yet apparently work > > with the any_errors_fatal option. Perhaps we can reach out to someone > > in the Ansible community in this regard to improve running these > > things in parallel like TripleO used to work with Heat agents. > > > > This is also how host_prep_tasks is implemented which BTW we should > > now get rid of as a duplicate architectural step since we have > > deploy_steps_tasks anyway. > > > > [1] https://review.openstack.org/#/c/614822/ > > [2] http://git.openstack.org/cgit/openstack/tripleo-heat-templates/tree/common/deploy-steps.j2#n554 > > > > __________________________________________________________________________ > > OpenStack Development Mailing List (not for usage questions) > > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > -- > Cédric Jeanneret > Software Engineer > DFG:DF > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From mnaser at vexxhost.com Mon Nov 5 18:28:01 2018 From: mnaser at vexxhost.com (Mohammed Naser) Date: Mon, 5 Nov 2018 19:28:01 +0100 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc>

Message-ID: On Mon, Nov 5, 2018 at 4:17 PM Matt Riedemann wrote: > > On 11/4/2018 4:22 AM, Mohammed Naser wrote: > > Just for information sake, a clean state cloud which had no reported issues > > over maybe a period of 2-3 months already has 4 allocations which are > > incorrect and 12 allocations pointing to the wrong resource provider, so I > > think this comes does to committing to either "self-healing" to fix those > > issues or not. > > Is this running Rocky or an older release? In this case, this is inside a Queens cloud, I can run the same script on a Rocky cloud too. > Have you dug into any of the operations around these instances to > determine what might have gone wrong? For example, was a live migration > performed recently on these instances and if so, did it fail? How about > evacuations (rebuild from a down host). To be honest, I have not, however, I suspect a lot of those happen from the fact that it is possible that the service which makes the claim is not the same one that deletes it I'm not sure if this is something that's possible but say the compute2 makes a claim for migrating to compute1 but something fails there, the revert happens in compute1 but compute1 is already borked so it doesn't work This isn't necessarily the exact case that's happening but it's a summary of what I believe happens. > By "4 allocations which are incorrect" I assume that means they are > pointing at the correct compute node resource provider but the values > for allocated VCPU, MEMORY_MB and DISK_GB is wrong? If so, how do the > allocations align with old/new flavors used to resize the instance? Did > the resize fail? The allocated flavours usually are not wrong, they are simply associated to the wrong resource provider (so it feels like failed migration or resize). > Are there mixed compute versions at all, i.e. are you moving instances > around during a rolling upgrade? Nope > -- > > Thanks, > > Matt > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -- Mohammed Naser — vexxhost ----------------------------------------------------- D. 514-316-8872 D. 800-910-1726 ext. 200 E. mnaser at vexxhost.com W. http://vexxhost.com From cboylan at sapwetik.org Mon Nov 5 18:36:27 2018 From: cboylan at sapwetik.org (Clark Boylan) Date: Mon, 05 Nov 2018 10:36:27 -0800 Subject: [openstack-dev] Community Infrastructure Berlin Summit Onboarding Session Message-ID: <1541442987.3761150.1566423440.2A7B1A3E@webmail.messagingengine.com> Hello everyone, My apologies for cross posting but wanted to make sure the various developer groups saw this. Rather than use the Infrastructure Onboarding session in Berlin [0] for infrastructure sysadmin/developer onboarding, I thought we could use the time for user onboarding. We've got quite a few new groups interacting with us recently, and it would probably be useful to have a session on what we do, how people can take advantage of this, and so on. I've been brainstorming ideas on this etherpad [1]. If you think you'll attend the session and find any of these subjects to be useful please +1 them. Also feel free to add additional topics. I expect this will be an informal session that directly targets the interests of those attending. Please do drop by if you have any interest in using this infrastructure at all. This is your chance to better understand Zuul job configuration, the test environments themselves, the metrics and data we collect, and basically anything else related to the community developer infrastructure. [0] https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22950/infrastructure-project-onboarding [1] https://etherpad.openstack.org/p/openstack-infra-berlin-onboarding Hope to see you there, Clark From melwittt at gmail.com Mon Nov 5 18:52:49 2018 From: melwittt at gmail.com (melanie witt) Date: Mon, 5 Nov 2018 10:52:49 -0800 Subject: [openstack-dev] [nova] Announcing new Focal Point for s390x libvirt/kvm Nova In-Reply-To: References: Message-ID: <258401ee-5367-1053-2556-edb51320dbae@gmail.com> On Fri, 2 Nov 2018 09:47:42 +0100, Andreas Scheuring wrote: > Dear Nova Community, > I want to announce the new focal point for Nova s390x libvirt/kvm. > > Please welcome "Cathy Zhang” to the Nova team. She and her team will be responsible for maintaining the s390x libvirt/kvm Thirdparty CI [1] and any s390x specific code in nova and os-brick. > I personally took a new opportunity already a few month ago but kept maintaining the CI as good as possible. With new manpower we can hopefully contribute more to the community again. > > You can reach her via > * email: bjzhjing at linux.vnet.ibm.com > * IRC: Cathyz > > Cathy, I wish you and your team all the best for this exciting role! I also want to say thank you for the last years. It was a great time, I learned a lot from you all, will miss it! > > Cheers, > > Andreas (irc: scheuran) > > > [1] https://wiki.openstack.org/wiki/ThirdPartySystems/IBM_zKVM_CI Thanks Andreas, for sending this note. It has been a pleasure working with you over these years. We wish you the best of luck in your new opportunity! Welcome to the Nova community, Cathy! We look forward to working with you. Please feel free to reach out to us on IRC in the #openstack-nova channel and on this mailing list with the [nova] tag to ask questions and share info. Best, -melanie From juliaashleykreger at gmail.com Mon Nov 5 19:06:14 2018 From: juliaashleykreger at gmail.com (Julia Kreger) Date: Mon, 5 Nov 2018 11:06:14 -0800 Subject: [openstack-dev] [all] 2019 summit during May holidays? In-Reply-To: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> References: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> Message-ID: *removes all of the hats* *removes years of dust from unrelated event planning hat, and puts it on for a moment* In my experience, events of any nature where convention venue space is involved, are essentially set in stone before being publicly advertised as contracts are put in place for hotel room booking blocks as well as the convention venue space. These spaces are also typically in a relatively high demand limiting the access and available times to schedule. Often venues also give preference (and sometimes even better group discounts) to repeat events as they are typically a known entity and will have somewhat known needs so the venue and hotel(s) can staff appropriately. tl;dr, I personally wouldn't expect any changes to be possible at this point. *removes event planning hat of past life, puts personal scheduling hat on* I imagine that as a community, it is near impossible to schedule something avoiding holidays for everyone in the community. I personally have lost count of the number of holidays and special days that I've spent on business trips over the past four years. While I may be an out-lier in my feelings on this subject, I'm not upset, annoyed, or even bitter about lost times. This community is part of my family. -Julia On Mon, Nov 5, 2018 at 8:19 AM Dmitry Tantsur wrote: > Hi all, > > Not sure how official the information about the next summit is, but it's > on the > web site [1], so I guess worth asking.. > > Are we planning for the summit to overlap with the May holidays? The 1st > of May > is a holiday in big part of the world. We ask people to skip it in > addition to > 3+ weekend days they'll have to spend working and traveling. > > To make it worse, 1-3 May are holidays in Russia this time. To make it > even > worse than worse, the week of 29th is the Golden Week in Japan [2]. Was it > considered? Is it possible to move the days to less conflicting time > (mid-May > maybe)? > > Dmitry > > [1] https://www.openstack.org/summit/denver-2019/ > [2] https://en.wikipedia.org/wiki/Golden_Week_(Japan) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mriedemos at gmail.com Mon Nov 5 19:17:13 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 13:17:13 -0600 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc>

Message-ID: On 11/5/2018 12:28 PM, Mohammed Naser wrote: >> Have you dug into any of the operations around these instances to >> determine what might have gone wrong? For example, was a live migration >> performed recently on these instances and if so, did it fail? How about >> evacuations (rebuild from a down host). > To be honest, I have not, however, I suspect a lot of those happen from the > fact that it is possible that the service which makes the claim is not the > same one that deletes it > > I'm not sure if this is something that's possible but say the compute2 makes > a claim for migrating to compute1 but something fails there, the revert happens > in compute1 but compute1 is already borked so it doesn't work > > This isn't necessarily the exact case that's happening but it's a summary > of what I believe happens. > The computes don't create the resource allocations in placement though, the scheduler does, unless this deployment still has at least one compute that is References: Message-ID: Matt Riedemann writes: > This is a follow up to a dev ML email [1] where I noticed that some > implementations of the upgrade-checkers goal were failing because some > projects still use the oslo_i18n.enable_lazy() hook for lazy log message > translation (and maybe API responses?). > > The very old blueprints related to this can be found here [2][3][4]. > > If memory serves me correctly from my time working at IBM on this, this > was needed to: > > 1. Generate logs translated in other languages. > > 2. Return REST API responses if the "Accept-Language" header was used > and a suitable translation existed for that language. > > #1 is a dead horse since I think at least the Ocata summit when we > agreed to no longer translate logs since no one used them. > > #2 is probably something no one knows about. I can't find end-user > documentation about it anywhere. It's not tested and therefore I have no > idea if it actually works anymore. > > I would like to (1) deprecate the oslo_i18n.enable_lazy() function so > new projects don't use it and (2) start removing the enable_lazy() usage > from existing projects like keystone, glance and cinder. > > Are there any users, deployments or vendor distributions that still rely > on this feature? If so, please speak up now. > > [1] > http://lists.openstack.org/pipermail/openstack-dev/2018-November/136285.html > [2] https://blueprints.launchpad.net/oslo-incubator/+spec/i18n-messages > [3] https://blueprints.launchpad.net/nova/+spec/i18n-messages > [4] https://blueprints.launchpad.net/nova/+spec/user-locale-api > > -- > > Thanks, > > Matt > > _______________________________________________ > openstack-sigs mailing list > openstack-sigs at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-sigs I think the lazy stuff was all about the API responses. The log translations worked a completely different way. Doug From fungi at yuggoth.org Mon Nov 5 19:59:17 2018 From: fungi at yuggoth.org (Jeremy Stanley) Date: Mon, 5 Nov 2018 19:59:17 +0000 Subject: [openstack-dev] [all] 2019 summit during May holidays? In-Reply-To: References: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> Message-ID: <20181105195916.xhy7jfmztbzn7ccv@yuggoth.org> On 2018-11-05 11:06:14 -0800 (-0800), Julia Kreger wrote: [...] > I imagine that as a community, it is near impossible to schedule > something avoiding holidays for everyone in the community. [...] Scheduling events that time of year is particularly challenging anyway because of the proximity of Ramadan, Passover and Easter/Lent. (We've already conflicted with Passover at least once in the past, if memory serves.) So yes, any random week you pick is already likely to hit a major public or religious holiday for some part of the World, and then you also have to factor in availability of venues and other logistics. -- Jeremy Stanley -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 963 bytes Desc: not available URL: From jungleboyj at gmail.com Mon Nov 5 19:59:22 2018 From: jungleboyj at gmail.com (Jay S Bryant) Date: Mon, 5 Nov 2018 13:59:22 -0600 Subject: [openstack-dev] [all] 2019 summit during May holidays? In-Reply-To: References: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> Message-ID: <3c0d91b0-2340-fd37-9466-01f54fbfa43f@gmail.com> On 11/5/2018 1:06 PM, Julia Kreger wrote: > *removes all of the hats* > > *removes years of dust from unrelated event planning hat, and puts it > on for a moment* > > In my experience, events of any nature where convention venue space is > involved, are essentially set in stone before being publicly > advertised as contracts are put in place for hotel room booking blocks > as well as the convention venue space. These spaces are also typically > in a relatively high demand limiting the access and available times to > schedule. Often venues also give preference (and sometimes even better > group discounts) to repeat events as they are typically a known entity > and will have somewhat known needs so the venue and hotel(s) can staff > appropriately. > > tl;dr, I personally wouldn't expect any changes to be possible at this > point. > > *removes event planning hat of past life, puts personal scheduling hat on* > > I imagine that as a community, it is near impossible to schedule > something avoiding holidays for everyone in the community. > > I personally have lost count of the number of holidays and special > days that I've spent on business trips over the past four years. While > I may be an out-lier in my feelings on this subject, I'm not upset, > annoyed, or even bitter about lost times. This community is part of my > family. > Agreed. > -Julia > > On Mon, Nov 5, 2018 at 8:19 AM Dmitry Tantsur > wrote: > > Hi all, > > Not sure how official the information about the next summit is, > but it's on the > web site [1], so I guess worth asking.. > > Are we planning for the summit to overlap with the May holidays? > The 1st of May > is a holiday in big part of the world. We ask people to skip it in > addition to > 3+ weekend days they'll have to spend working and traveling. > > To make it worse, 1-3 May are holidays in Russia this time. To > make it even > worse than worse, the week of 29th is the Golden Week in Japan > [2]. Was it > considered? Is it possible to move the days to less conflicting > time (mid-May > maybe)? > Someone else had raised the fact that this also appears to overlap with Pycon and wondered if the date could be changed. I told them the same thing. Once these things are announced they are, more or less, an immovable object. > > Dmitry > > [1] https://www.openstack.org/summit/denver-2019/ > [2] https://en.wikipedia.org/wiki/Golden_Week_(Japan) > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: > OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > > > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: From doug at doughellmann.com Mon Nov 5 20:40:23 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Mon, 05 Nov 2018 15:40:23 -0500 Subject: [openstack-dev] [tc] liaison assignments Message-ID: TC members, I have updated the liaison assignments to fill in all of the gaps. Please take a moment to review the list [1] so you know your assignments. Next week will be a good opportunity to touch bases with your teams. Doug [1] https://wiki.openstack.org/wiki/OpenStack_health_tracker#Project_Teams From dtantsur at redhat.com Mon Nov 5 20:50:03 2018 From: dtantsur at redhat.com (Dmitry Tantsur) Date: Mon, 5 Nov 2018 21:50:03 +0100 Subject: [openstack-dev] [all] 2019 summit during May holidays? In-Reply-To: References: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com> Message-ID: On Mon, Nov 5, 2018, 20:07 Julia Kreger *removes all of the hats* > > *removes years of dust from unrelated event planning hat, and puts it on > for a moment* > > In my experience, events of any nature where convention venue space is > involved, are essentially set in stone before being publicly advertised as > contracts are put in place for hotel room booking blocks as well as the > convention venue space. These spaces are also typically in a relatively > high demand limiting the access and available times to schedule. Often > venues also give preference (and sometimes even better group discounts) to > repeat events as they are typically a known entity and will have somewhat > known needs so the venue and hotel(s) can staff appropriately. > > tl;dr, I personally wouldn't expect any changes to be possible at this > point. > > *removes event planning hat of past life, puts personal scheduling hat on* > > I imagine that as a community, it is near impossible to schedule something > avoiding holidays for everyone in the community. > I'm not taking about everyone. And I'm mostly fine with my holiday, but the conflicts with Russia and Japan seem huge. This certainly does not help our effort to engage people outside of NA/EU. Quick googling suggests that the week of May 13th would have much fewer conflicts. > I personally have lost count of the number of holidays and special days > that I've spent on business trips over the past four years. While I may be > an out-lier in my feelings on this subject, I'm not upset, annoyed, or even > bitter about lost times. This community is part of my family. > Sure :) But outside of our small nice circle there is a huge world of people who may not share our feeling and the level of commitment to openstack. These occasional contributors we talked about when discussing the cycle length. I don't think asking them to abandon 3-5 days of holidays is a productive way to engage them. And again, as much as I love meeting you all, I think we're outgrowing the format of these meetings.. Dmitry > -Julia > > On Mon, Nov 5, 2018 at 8:19 AM Dmitry Tantsur wrote: > >> Hi all, >> >> Not sure how official the information about the next summit is, but it's >> on the >> web site [1], so I guess worth asking.. >> >> Are we planning for the summit to overlap with the May holidays? The 1st >> of May >> is a holiday in big part of the world. We ask people to skip it in >> addition to >> 3+ weekend days they'll have to spend working and traveling. >> >> To make it worse, 1-3 May are holidays in Russia this time. To make it >> even >> worse than worse, the week of 29th is the Golden Week in Japan [2]. Was >> it >> considered? Is it possible to move the days to less conflicting time >> (mid-May >> maybe)? >> >> Dmitry >> >> [1] https://www.openstack.org/summit/denver-2019/ >> [2] https://en.wikipedia.org/wiki/Golden_Week_(Japan) >> >> __________________________________________________________________________ >> OpenStack Development Mailing List (not for usage questions) >> Unsubscribe: >> OpenStack-dev-request at lists.openstack.org?subject:unsubscribe >> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >> > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mriedemos at gmail.com Mon Nov 5 21:02:45 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 15:02:45 -0600 Subject: [openstack-dev] [nova][placement] Placement requests and caching in the resource tracker In-Reply-To: References: <8a461cc3-50cc-4ea9-d4c8-460c61ce7efc@fried.cc>

Message-ID: <52e35017-4f94-0e68-80b9-5588138790b5@gmail.com> On 11/5/2018 1:17 PM, Matt Riedemann wrote: > I'm thinking of a case like, resize and instance but rather than > confirm/revert it, the user deletes the instance. That would cleanup the > allocations from the target node but potentially not from the source node. Well this case is at least not an issue: https://review.openstack.org/#/c/615644/ It took me a bit to sort out how that worked but it does and I've added a test to confirm it. -- Thanks, Matt From doug at doughellmann.com Mon Nov 5 21:11:59 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Mon, 05 Nov 2018 16:11:59 -0500 Subject: [openstack-dev] [tc] Technical Committee status update for 5 November Message-ID: This is the weekly summary of work being done by the Technical Committee members. The full list of active items is managed in the wiki: https://wiki.openstack.org/wiki/Technical_Committee_Tracker We also track TC objectives for the cycle using StoryBoard at: https://storyboard.openstack.org/#!/project/923 == Recent Activity == It has been three weeks since the last update email, in part due to my absence. We have lots of updates this time around. Project updates: * Add os_manila to openstack-ansible: https://review.openstack.org/#/c/608403/ * Add cells charms and interfaces: https://review.openstack.org/#/c/608866/ * Add octavia charm: https://review.openstack.org/#/c/608283/ * Add puppet-crane: https://review.openstack.org/#/c/610015/ * Add openstack-helm images repository: https://review.openstack.org/#/c/611895/ * Add blazar-specs repository: https://review.openstack.org/#/c/612431/ * Add openstack-helm docs repository: https://review.openstack.org/#/c/611896/ * Retire anchor: https://review.openstack.org/#/c/611187/ * Remove Dragonflow from governance: https://review.openstack.org/#/c/613856/ Other updates: * Reword "open source" definition in 4 Opens document to remove language that does not come through clearly when translated: https://review.openstack.org/#/c/613894/ * Support "Train" as a candidate name for the T series: https://review.openstack.org/#/c/611511/ * Update the charter section on TC meetings: https://review.openstack.org/#/c/608751/ == TC Meetings == In order to fulfill our obligations under the OpenStack Foundation bylaws, the TC needs to hold meetings at least once each quarter. We agreed to meet monthly, and to emphasize agenda items that help us move initiatives forward while leaving most of the discussion of those topics to the mailing list. Our first meeting was held on 1 Nov. The agendas for all of our meetings will be sent to the openstack-dev mailing list in advance, and links to the logs and summary will be sent as a follow up after the meeting. * http://lists.openstack.org/pipermail/openstack-dev/2018-November/136220.html The next meeting will be 6 December 1400 UTC in #openstack-tc == Team Liaisons == The TC liaisons to each project team for the Stein series are now assigned. Please contact your liaison if you have any issues the TC can help with, and watch for email from them to check in with your team before the end of this development cycle. * https://wiki.openstack.org/wiki/OpenStack_health_tracker#Project_Teams == Sessions at the Forum == Many of us will be meeting in Berlin next week for the OpenStack Summit and Forum. There are several sessions related to project governance or community that may be of interest. * Getting OpenStack Users Involved in the Project: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22813/getting-openstack-users-involved-in-the-project * Community outreach when culture, time zones, and language differ: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22820/community-outreach-when-culture-time-zones-and-language-differ * Wednesday Keynote segment, Community Contributor Recognition & How to Get Started: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22959/community-contributor-recognition-and-how-to-get-started * Expose SIGs and WGs: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22750/expose-sigs-and-wgs * Cross-technical leadership session (OpenStack, Kata, StarlingX, Airship, Zuul): https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22815/cross-technical-leadership-session-openstack-kata-starlingx-airship-zuul * "Vision for OpenStack clouds" discussion: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22818/vision-for-openstack-clouds-discussion * Technical Committee Vision Retrospective: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22825/technical-committee-vision-retrospective * T series community goal discussion: https://www.openstack.org/summit/berlin-2018/summit-schedule/events/22814/t-series-community-goal-discussion == Ongoing Discussions == We have several governance changes up for review related to deciding how we will manage future Python 3 upgrades (including adding 3.7 and possibly dropping 3.5 during Stein). * Make python 3 testing requirement less specific: https://review.openstack.org/#/c/611010/ * Explicitly declare stein supported runtimes: https://review.openstack.org/#/c/611080/ * Resolution on keeping up with Python 3 releases: https://review.openstack.org/#/c/613145/ == TC member actions/focus/discussions for the coming week(s) == The TC, UC, and leadership of other foundation projects will join the foundation Board for a joint leadership meeting on 12 November. See the wiki for details. * https://wiki.openstack.org/wiki/Governance/Foundation/12Nov2018BoardMeeting == Contacting the TC == The Technical Committee uses a series of weekly "office hour" time slots for synchronous communication. We hope that by having several such times scheduled, we will have more opportunities to engage with members of the community from different timezones. Office hour times in #openstack-tc: - 09:00 UTC on Tuesdays - 01:00 UTC on Wednesdays - 15:00 UTC on Thursdays If you have something you would like the TC to discuss, you can add it to our office hour conversation starter etherpad at: https://etherpad.openstack.org/p/tc-office-hour-conversation-starters Many of us also run IRC bouncers which stay in #openstack-tc most of the time, so please do not feel that you need to wait for an office hour time to pose a question or offer a suggestion. You can use the string "tc-members" to alert the members to your question. You will find channel logs with past conversations at http://eavesdrop.openstack.org/irclogs/%23openstack-tc/ If you expect your topic to require significant discussion or to need input from members of the community other than the TC, please start a mailing list discussion on openstack-dev at lists.openstack.org and use the subject tag "[tc]" to bring it to the attention of TC members. From mriedemos at gmail.com Mon Nov 5 21:13:56 2018 From: mriedemos at gmail.com (Matt Riedemann) Date: Mon, 5 Nov 2018 15:13:56 -0600 Subject: [openstack-dev] [Openstack-sigs] Dropping lazy translation support In-Reply-To: References: Message-ID: <2ae55c40-297d-3590-84de-665eae797522@gmail.com> On 11/5/2018 1:36 PM, Doug Hellmann wrote: > I think the lazy stuff was all about the API responses. The log > translations worked a completely different way. Yeah maybe. And if so, I came across this in one of the blueprints: https://etherpad.openstack.org/p/disable-lazy-translation Which says that because of a critical bug, the lazy translation was disabled in Havana to be fixed in Icehouse but I don't think that ever happened before IBM developers dropped it upstream, which is further justification for nuking this code from the various projects. -- Thanks, Matt From doug at doughellmann.com Mon Nov 5 21:36:40 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Mon, 05 Nov 2018 16:36:40 -0500 Subject: [openstack-dev] [Openstack-sigs] Dropping lazy translation support In-Reply-To: <2ae55c40-297d-3590-84de-665eae797522@gmail.com> References: <2ae55c40-297d-3590-84de-665eae797522@gmail.com> Message-ID: Matt Riedemann writes: > On 11/5/2018 1:36 PM, Doug Hellmann wrote: >> I think the lazy stuff was all about the API responses. The log >> translations worked a completely different way. > > Yeah maybe. And if so, I came across this in one of the blueprints: > > https://etherpad.openstack.org/p/disable-lazy-translation > > Which says that because of a critical bug, the lazy translation was > disabled in Havana to be fixed in Icehouse but I don't think that ever > happened before IBM developers dropped it upstream, which is further > justification for nuking this code from the various projects. I agree. Doug From openstack at nemebean.com Mon Nov 5 21:39:58 2018 From: openstack at nemebean.com (Ben Nemec) Date: Mon, 5 Nov 2018 15:39:58 -0600 Subject: [openstack-dev] [Openstack-operators] [Openstack-sigs] Dropping lazy translation support In-Reply-To: <2ae55c40-297d-3590-84de-665eae797522@gmail.com> References: <2ae55c40-297d-3590-84de-665eae797522@gmail.com> Message-ID: <8febca8b-d3d9-0f17-44dd-1a1fe8eddff0@nemebean.com> On 11/5/18 3:13 PM, Matt Riedemann wrote: > On 11/5/2018 1:36 PM, Doug Hellmann wrote: >> I think the lazy stuff was all about the API responses. The log >> translations worked a completely different way. > > Yeah maybe. And if so, I came across this in one of the blueprints: > > https://etherpad.openstack.org/p/disable-lazy-translation > > Which says that because of a critical bug, the lazy translation was > disabled in Havana to be fixed in Icehouse but I don't think that ever > happened before IBM developers dropped it upstream, which is further > justification for nuking this code from the various projects. > It was disabled last-minute, but I'm pretty sure it was turned back on (hence why we're hitting issues today). I still see coercion code in oslo.log that was added to fix the problem[1] (I think). I could be wrong about that since this code has undergone significant changes over the years, but it looks to me like we're still forcing things to be unicode.[2] 1: https://review.openstack.org/#/c/49230/3/openstack/common/log.py 2: https://github.com/openstack/oslo.log/blob/a9ba6c544cbbd4bd804dcd5e38d72106ea0b8b8f/oslo_log/formatters.py#L414 From whayutin at redhat.com Mon Nov 5 22:23:44 2018 From: whayutin at redhat.com (Wesley Hayutin) Date: Mon, 5 Nov 2018 15:23:44 -0700 Subject: [openstack-dev] [tripleo] Ansible getting bumped up from 2.4 -> 2.6.6 Message-ID: Greetings, Please be aware of the following patch [1]. This updates ansible in queens, rocky, and stein. This was just pointed out to me, and I didn't see it coming so I thought I'd email the group. That is all, thanks [1] https://review.rdoproject.org/r/#/c/14960 -- Wes Hayutin Associate MANAGER Red Hat whayutin at redhat.com T: +1919 <+19197544114>4232509 IRC: weshay View my calendar and check my availability for meetings HERE -------------- next part -------------- An HTML attachment was scrubbed... URL: From manuel.sb at garvan.org.au Mon Nov 5 23:01:32 2018 From: manuel.sb at garvan.org.au (Manuel Sopena Ballesteros) Date: Mon, 5 Nov 2018 23:01:32 +0000 Subject: [openstack-dev] [NOVA] pci alias device_type and numa_policy and device_type meanings Message-ID: <9D8A2486E35F0941A60430473E29F15B017BADDF3D@MXDB2.ad.garvan.unsw.edu.au> Dear Openstack community. I am setting up pci passthrough for GPUs using aliases. I was wondering the meaning of the fields device_type and numa_policy and how should I use them as I could not find much details in the official documentation. https://docs.openstack.org/nova/rocky/admin/pci-passthrough.html#configure-nova-api-controller https://docs.openstack.org/nova/rocky/configuration/config.html#pci thank you very much Manuel NOTICE Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ATT00001.txt URL: From sean.mcginnis at gmx.com Tue Nov 6 01:54:52 2018 From: sean.mcginnis at gmx.com (Sean McGinnis) Date: Mon, 5 Nov 2018 19:54:52 -0600 Subject: [openstack-dev] FIPS Compliance Message-ID: <20181106015452.GA14203@sm-workstation> I'm interested in some feedback from the community, particularly those running OpenStack deployments, as to whether FIPS compliance [0][1] is something folks are looking for. I've been seeing small changes starting to be proposed here and there for things like MD5 usage related to its incompatibility to FIPS mode. But looking across a wider stripe of our repos, it appears like it would be a wider effort to be able to get all OpenStack services compatible with FIPS mode. This should be a fairly easy thing to test, but before we put in much effort into updating code and figuring out testing, I'd like to see some input on whether something like this is needed. Thanks for any input on this. Sean [0] https://en.wikipedia.org/wiki/FIPS_140-2 [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf From tony at bakeyournoodle.com Tue Nov 6 02:19:20 2018 From: tony at bakeyournoodle.com (Tony Breeds) Date: Tue, 6 Nov 2018 13:19:20 +1100 Subject: [openstack-dev] [all]Naming the T release of OpenStack -- Poll open In-Reply-To: <20181030054024.GC2343@thor.bakeyournoodle.com> References: <20181030054024.GC2343@thor.bakeyournoodle.com> Message-ID: <20181106021919.GB20576@thor.bakeyournoodle.com> Hi all, Time is running out for you to have your say in the T release name poll. We have just under 3 days left. If you haven't voted please do! On Tue, Oct 30, 2018 at 04:40:25PM +1100, Tony Breeds wrote: > Hi folks, > > It is time again to cast your vote for the naming of the T Release. > As with last time we'll use a public polling option over per user private URLs > for voting. This means, everybody should proceed to use the following URL to > cast their vote: > > https://civs.cs.cornell.edu/cgi-bin/vote.pl?id=E_aac97f1cbb6c61df&akey=b9e448b340787f0e > > We've selected a public poll to ensure that the whole community, not just gerrit > change owners get a vote. Also the size of our community has grown such that we > can overwhelm CIVS if using private urls. A public can mean that users > behind NAT, proxy servers or firewalls may receive an message saying > that your vote has already been lodged, if this happens please try > another IP. > > Because this is a public poll, results will currently be only viewable by myself > until the poll closes. Once closed, I'll post the URL making the results > viewable to everybody. This was done to avoid everybody seeing the results while > the public poll is running. > > The poll will officially end on 2018-11-08 00:00:00+00:00[1], and results will be > posted shortly after. > > [1] https://governance.openstack.org/tc/reference/release-naming.html > --- > > According to the Release Naming Process, this poll is to determine the > community preferences for the name of the T release of OpenStack. It is > possible that the top choice is not viable for legal reasons, so the second or > later community preference could wind up being the name. > > Release Name Criteria > --------------------- > > Each release name must start with the letter of the ISO basic Latin alphabet > following the initial letter of the previous release, starting with the > initial release of "Austin". After "Z", the next name should start with > "A" again. > > The name must be composed only of the 26 characters of the ISO basic Latin > alphabet. Names which can be transliterated into this character set are also > acceptable. > > The name must refer to the physical or human geography of the region > encompassing the location of the OpenStack design summit for the > corresponding release. The exact boundaries of the geographic region under > consideration must be declared before the opening of nominations, as part of > the initiation of the selection process. > > The name must be a single word with a maximum of 10 characters. Words that > describe the feature should not be included, so "Foo City" or "Foo Peak" > would both be eligible as "Foo". > > Names which do not meet these criteria but otherwise sound really cool > should be added to a separate section of the wiki page and the TC may make > an exception for one or more of them to be considered in the Condorcet poll. > The naming official is responsible for presenting the list of exceptional > names for consideration to the TC before the poll opens. > > Exact Geographic Region > ----------------------- > > The Geographic Region from where names for the S release will come is Colorado > > Proposed Names > -------------- > > * Tarryall > * Teakettle > * Teller > * Telluride > * Thomas : the Tank Engine > * Thornton > * Tiger > * Tincup > * Timnath > * Timber > * Tiny Town > * Torreys > * Trail > * Trinidad > * Treasure > * Troublesome > * Trussville > * Turret > * Tyrone > > Proposed Names that do not meet the criteria (accepted by the TC) > ----------------------------------------------------------------- > > * Train🚂 : Many Attendees of the first Denver PTG have a story to tell about the trains near the PTG hotel. We could celebrate those stories with this name > > Yours Tony. > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev Yours Tony. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: not available URL: From jcornutt at gmail.com Tue Nov 6 03:02:35 2018 From: jcornutt at gmail.com (Joshua Cornutt) Date: Mon, 5 Nov 2018 22:02:35 -0500 Subject: [openstack-dev] FIPS Compliance Message-ID: Sean, I'm, too, am very interested in this particular discussion and working towards getting OpenStack working out-of-the-box on FIPS systems. I've submitted a few patches (https://review.openstack.org/#/q/owner:%22Joshua+Cornutt%22) recently and plan on going down my laundry list of patches I've made while deploying Red Hat OpenStack 10 (Newton), 13 (Queens), and community master on "FIPS mode" RHEL 7 servers. I've seen a lot of debate in other communities on how to approach the subject ranging from full MD5-to-SHAx transitions to putting in FIPS-aware logic to decide hashes based on the system to just deciding that the hashes aren't used for real security and thus are "mostly OK" by FIPS 140-2 standards (resulting in awkward distro-specific versions of popular crypto libraries with built-in FIPS awareness). Personally, I've been more in favor of a sweeping MD5-to-SHAx transition due to popular crypto libraries (OpenSSL, hashlib, NSS) indiscriminately disabling MD5 hash methods on FIPS mode systems. With SHA-1 collisions already happening, I imagine it will meet the FIPS banhammer in the not-so-distant future which is why I have generally been recommending SHA-256 as an MD5 replacement, despite the larger output size (mostly an issue for fixed-sized database columns). There is definite pressure being put on some entities (commercial as well as government / DoD) to move core systems to FIPS mode and auditors are looking more and more closely at this particular subject and requiring strong justification for not meeting FIPS compliance on systems both at the hardware and software levels. From gmann at ghanshyammann.com Tue Nov 6 04:43:28 2018 From: gmann at ghanshyammann.com (Ghanshyam Mann) Date: Tue, 06 Nov 2018 13:43:28 +0900 Subject: [openstack-dev] [all] 2019 summit during May holidays? In-Reply-To: References: <4f557d46-6598-90b6-ecc5-541f4d2c4d73@redhat.com>

Message-ID: <166e7552243.bc71185f40518.7827515374845880692@ghanshyammann.com> ---- On Tue, 06 Nov 2018 05:50:03 +0900 Dmitry Tantsur wrote ---- > > > On Mon, Nov 5, 2018, 20:07 Julia Kreger *removes all of the hats* > *removes years of dust from unrelated event planning hat, and puts it on for a moment* > > In my experience, events of any nature where convention venue space is involved, are essentially set in stone before being publicly advertised as contracts are put in place for hotel room booking blocks as well as the convention venue space. These spaces are also typically in a relatively high demand limiting the access and available times to schedule. Often venues also give preference (and sometimes even better group discounts) to repeat events as they are typically a known entity and will have somewhat known needs so the venue and hotel(s) can staff appropriately. > > tl;dr, I personally wouldn't expect any changes to be possible at this point. > > *removes event planning hat of past life, puts personal scheduling hat on* > I imagine that as a community, it is near impossible to schedule something avoiding holidays for everyone in the community. > > I'm not taking about everyone. And I'm mostly fine with my holiday, but the conflicts with Russia and Japan seem huge. This certainly does not help our effort to engage people outside of NA/EU. > Quick googling suggests that the week of May 13th would have much fewer conflicts. > > I personally have lost count of the number of holidays and special days that I've spent on business trips over the past four years. While I may be an out-lier in my feelings on this subject, I'm not upset, annoyed, or even bitter about lost times. This community is part of my family. > > Sure :) > But outside of our small nice circle there is a huge world of people who may not share our feeling and the level of commitment to openstack. These occasional contributors we talked about when discussing the cycle length. I don't think asking them to abandon 3-5 days of holidays is a productive way to engage them. > And again, as much as I love meeting you all, I think we're outgrowing the format of these meetings.. > Dmitry Yeah, in case of Japan it is full week holiday starting from April 29th. I remember most of the May summits did not conflict with Golden week but this is. I am not sure if any solution to this now but we should consider such things in future. -gmann > > -Julia > > On Mon, Nov 5, 2018 at 8:19 AM Dmitry Tantsur wrote: > Hi all, > > Not sure how official the information about the next summit is, but it's on the > web site [1], so I guess worth asking.. > > Are we planning for the summit to overlap with the May holidays? The 1st of May > is a holiday in big part of the world. We ask people to skip it in addition to > 3+ weekend days they'll have to spend working and traveling. > > To make it worse, 1-3 May are holidays in Russia this time. To make it even > worse than worse, the week of 29th is the Golden Week in Japan [2]. Was it > considered? Is it possible to move the days to less conflicting time (mid-May > maybe)? > > Dmitry > > [1] https://www.openstack.org/summit/denver-2019/ > [2] https://en.wikipedia.org/wiki/Golden_Week_(Japan) > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev > From dangtrinhnt at gmail.com Tue Nov 6 05:06:08 2018 From: dangtrinhnt at gmail.com (Trinh Nguyen) Date: Tue, 6 Nov 2018 14:06:08 +0900 Subject: [openstack-dev] [Searchlight] Weekly report for Stein R-23 Message-ID: Hi team, *TL;DR,* we now focus on developing the use cases for Searchlight to attract more users as well as contributors. Here is the report for last week, Stein R-23 [1]. Let me know if you have any questions. [1] https://www.dangtrinh.com/2018/11/searchlight-weekly-report-stein-r-23.html Bests, -- *Trinh Nguyen* *www.edlab.xyz * -------------- next part -------------- An HTML attachment was scrubbed... URL: From gmann at ghanshyammann.com Tue Nov 6 09:04:01 2018 From: gmann at ghanshyammann.com (Ghanshyam Mann) Date: Tue, 06 Nov 2018 18:04:01 +0900 Subject: [openstack-dev] [tc][all] TC office hours is started now on #openstack-tc Message-ID: <166e843aceb.b98ff10848537.6521669998561147381@ghanshyammann.com> Hi All, TC office hour is started on #openstack-tc channel. Feel free to reach to us for anything you want discuss/input/feedback/help from TC. -gmann From eyalb1 at gmail.com Tue Nov 6 09:25:13 2018 From: eyalb1 at gmail.com (Eyal B) Date: Tue, 6 Nov 2018 11:25:13 +0200 Subject: [openstack-dev] [ceilometer][oslo.cache] ceilometer fails to publish to gnocchi Message-ID: Hi, Because of this fix https://review.openstack.org/#/c/611369/ ceilometer which uses oslo.cache for redis fails to publish to gnocchi see this log: http://logs.openstack.org/15/615415/1/check/vitrage-dsvm-datasources-py27/8d9e39e/logs/screen-ceilometer-anotification.txt.gz#_Nov_04_13_12_28_656863 BR Eyal -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfidente at redhat.com Tue Nov 6 09:27:17 2018 From: gfidente at redhat.com (Giulio Fidente) Date: Tue, 6 Nov 2018 10:27:17 +0100 Subject: [openstack-dev] [tripleo] Ansible getting bumped up from 2.4 -> 2.6.6 In-Reply-To: References: Message-ID: <5f35e47c-e2ec-14ec-b0dd-a192a6370180@redhat.com> On 11/5/18 11:23 PM, Wesley Hayutin wrote: > Greetings, > > Please be aware of the following patch [1]. This updates ansible in > queens, rocky, and stein. > This was just pointed out to me, and I didn't see it coming so I > thought I'd email the group. > > That is all, thanks > > [1] https://review.rdoproject.org/r/#/c/14960 thanks Wes for bringing this up note that we're trying to update ansible to 2.6 because 2.4 is unsupported and 2.5 is only receiving security fixes already with the upcoming updates for ceph-ansible in ceph luminous, support for older ansible releases will be dropped -- Giulio Fidente GPG KEY: 08D733BA From j.harbott at x-ion.de Tue Nov 6 12:12:55 2018 From: j.harbott at x-ion.de (Dr. Jens Harbott (frickler)) Date: Tue, 6 Nov 2018 13:12:55 +0100 Subject: [openstack-dev] [all][qa] Migrating devstack jobs to Bionic (Ubuntu LTS 18.04) Message-ID: Dear OpenStackers, earlier this year Ubuntu released their current LTS version 18.04 codenamed "Bionic Beaver" and we are now facing the task to migrate our devstack-based jobs to run on Bionic instead of the previous LTS version 16.04 "Xenial Xerus". The last time this has happened two years ago (migration from 14.04 to 16.04) and at that time it seems the migration was mostly driven by the Infra team (see [1]), mostly because all of the job configuration was still centrally hosted in a single repository (openstack-infra/project-config). In the meantime, however, our CI setup has been updated to use Zuul v3 and one of the new features that come with this development is the introduction of per-project job definitions. So this new flexibility requires us to make a choice between the two possible options we have for migrating jobs now: 1) Change the "devstack" base job to run on Bionic instances instead of Xenial instances 2) Create new "devstack-bionic" and "tempest-full-bionic" base jobs and migrate projects piecewise Choosing option 1) would cause all projects that base their own jobs on this job (possibly indirectly by e.g. being based on the "tempest-full" job) switch automatically. So there would be the possibility that some jobs would break and require to be fixed before patches could be merged again in the affected project(s). To accomodate those risks, QA team can give some time to projects to test their jobs on Bionic with WIP patches (QA can provide Bionic base job as WIP patch). This option does not require any pre/post migration changes on project's jobs. Choosing option 2) would avoid this by letting projects switch at their own pace, but create the risk that some projects would never migrate. It would also make further migrations, like the one expected to happen when 20.04 is released, either having to follow the same scheme or re-introduce the unversioned base job. Other point to note down with this option is, - project job definitions need to change their parent job from "devstack" -> "devstack-bionic" or "tempest-full" -> "tempest-full-bionic" - QA needs to maintain existing jobs ("devstack", "tempest-full") and bionic version jobs ("devstack-bionic", "tempest-full-bionic") In order to prepare the decision, we have created a set of patches that test the Bionic jobs, you can find them under the common topic "devstack-bionic" [2]. There is also an etherpad to give a summarized view of the results of these tests [3]. Please respond to this mail if you want to promote either of the above options or maybe want to propose an even better solution. You can also find us for discussion in the #openstack-qa IRC channel on freenode. Infra team has tried both approaches during precise->trusty & trusty->xenial migration[4]. Note that this mailing-list itself will soon be migrated, too, so if you haven't subscribed to the new list yet, this is a good time to act and avoid missing the best parts [5]. Yours, Jens (frickler at IRC) [1] http://lists.openstack.org/pipermail/openstack-dev/2016-November/106906.html [2] https://review.openstack.org/#/q/topic:devstack-bionic [3] https://etherpad.openstack.org/p/devstack-bionic [4] http://eavesdrop.openstack.org/irclogs/%23openstack-qa/%23openstack-qa.2018-11-01.log.html#t2018-11-01T12:40:22 [5] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134911.html From smooney at redhat.com Tue Nov 6 12:52:58 2018 From: smooney at redhat.com (Sean Mooney) Date: Tue, 6 Nov 2018 12:52:58 +0000 Subject: [openstack-dev] [NOVA] pci alias device_type and numa_policy and device_type meanings In-Reply-To: <9D8A2486E35F0941A60430473E29F15B017BADDF3D@MXDB2.ad.garvan.unsw.edu.au> References: <9D8A2486E35F0941A60430473E29F15B017BADDF3D@MXDB2.ad.garvan.unsw.edu.au> Message-ID: On Mon, Nov 5, 2018 at 11:02 PM Manuel Sopena Ballesteros wrote: > > Dear Openstack community. > > > > I am setting up pci passthrough for GPUs using aliases. > > > > I was wondering the meaning of the fields device_type and numa_policy and how should I use them as I could not find much details in the official documentation. numa policy is used to configure the affinity policy for the passthrough device. it was introduced by https://specs.openstack.org/openstack/nova-specs/specs/queens/implemented/share-pci-between-numa-nodes.html#proposed-change not that the flavor extra specs and image metadata also descibed by that spec are stil outstanding and may be added in the future. the device type is a legacy hack that was added when nova's pci passthough support was extended to enable neutron sriov. when using flavor based pci passthough using aliases the type should always be set to Type-PCI Type-PF and Type-VF in general should only be used for nics that will be used with neutron sriov port types. you technically can us the other device types in the alias but nova will only record a device as Type-PF or Type-VF if physical_network is set in the pci whitelist which is used to indicate the neutron physnet the device is attached too. in the case of GPUs you can ignore Type-PF and Type-VF. you should also know that Type-PCI can refer to either the full pci device or a virtual function allocated form a device. an example alias is available in the code here https://github.com/openstack/nova/blob/master/nova/pci/request.py#L18 | [pci] | alias = '{ | "name": "QuickAssist", | "product_id": "0443", | "vendor_id": "8086", | "device_type": "type-PCI", | "numa_policy": "legacy" | }' in this case the alias consumes an entire QuickAssist (QAT) device with the legacy numa policy. if the QAT device was subdivided using sriov VFs you could request the VF instead of the PF by simply changing the product_id to that corresponding to the VF. > > > > https://docs.openstack.org/nova/rocky/admin/pci-passthrough.html#configure-nova-api-controller > > https://docs.openstack.org/nova/rocky/configuration/config.html#pci > > > > thank you very much > > > > Manuel > > > > NOTICE > Please consider the environment before printing this email. This message and any attachments are intended for the addressee named and may contain legally privileged/confidential/copyright information. If you are not the intended recipient, you should not read, use, disclose, copy or distribute this communication. If you have received this message in error please notify us at once by return email and then delete both messages. We accept no liability for the distribution of viruses or similar in electronic communications. This notice should not be removed. > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev From mdulko at redhat.com Tue Nov 6 13:06:47 2018 From: mdulko at redhat.com (=?UTF-8?Q?Micha=C5=82?= Dulko) Date: Tue, 06 Nov 2018 14:06:47 +0100 Subject: [openstack-dev] [kuryr] Kuryr-Kubernetes gates broken Message-ID: Hi, Kuryr-Kubernetes LBaaSv2 gates are currently broken due to bug [1] in python-neutronclient. Until commit [2] is merged and a new version of the client is released I'm proposing to make those gates non-voting [3]. [1] https://bugs.launchpad.net/python-neutronclient/+bug/1801360 [2] https://review.openstack.org/#/c/615184 [3] https://review.openstack.org/#/c/615861 From doug at doughellmann.com Tue Nov 6 13:06:58 2018 From: doug at doughellmann.com (Doug Hellmann) Date: Tue, 06 Nov 2018 08:06:58 -0500 Subject: [openstack-dev] [Openstack-operators] FIPS Compliance In-Reply-To: <20181106015452.GA14203@sm-workstation> References: <20181106015452.GA14203@sm-workstation> Message-ID: Sean McGinnis writes: > I'm interested in some feedback from the community, particularly those running > OpenStack deployments, as to whether FIPS compliance [0][1] is something folks > are looking for. > > I've been seeing small changes starting to be proposed here and there for > things like MD5 usage related to its incompatibility to FIPS mode. But looking > across a wider stripe of our repos, it appears like it would be a wider effort > to be able to get all OpenStack services compatible with FIPS mode. > > This should be a fairly easy thing to test, but before we put in much effort > into updating code and figuring out testing, I'd like to see some input on > whether something like this is needed. > > Thanks for any input on this. > > Sean > > [0] https://en.wikipedia.org/wiki/FIPS_140-2 > [1] https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-2.pdf > > _______________________________________________ > OpenStack-operators mailing list > OpenStack-operators at lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators I know we've had some interest in it at different times. I think some of the changes will end up being backwards-incompatible, so we may need a "FIPS-mode" configuration flag for those, but in other places we could just switch hashing algorithms and be fine. I'm not sure if anyone has put together the details of what would be needed to update each project, but this feels like it could be a candidate for a goal for a future cycle once we have that information and can assess the level of effort. Doug From dangtrinhnt at gmail.com Tue Nov 6 13:35:51 2018 From: dangtrinhnt at gmail.com (Trinh Nguyen) Date: Tue, 6 Nov 2018 22:35:51 +0900 Subject: [openstack-dev] Asking for suggestion of video conference tool for team and webinar Message-ID: Hi, I tried several free tools for team meetings, vPTG, and webinars but there are always drawbacks ( because it's free, of course). For example: - Google Hangout: only allow a maximum of 10 people to do the video calls - Zoom: limits about 45m per meeting. So for a webinar or conference call takes more than 45m we have to splits into 2 sessions or so. If anyone in the community can suggest some better video conferencing tools, that would be great. So we can organize better communication for our team and the community's webinars. Many thanks, -- *Trinh Nguyen* *www.edlab.xyz * -------------- next part -------------- An HTML attachment was scrubbed... URL: From sshnaidm at redhat.com Tue Nov 6 13:46:46 2018 From: sshnaidm at redhat.com (Sagi Shnaidman) Date: Tue, 6 Nov 2018 15:46:46 +0200 Subject: [openstack-dev] [tripleo] shutting down 3rd party TripleO CI for measurements In-Reply-To: References: Message-ID: We measured results and would like to shut down check jobs in RDO cloud CI today. Please let us know if you have objections. Thanks On Thu, Nov 1, 2018 at 12:14 AM Wesley Hayutin wrote: > Greetings, > > The TripleO-CI team would like to consider shutting down all the third > party check jobs running against TripleO projects in order to measure > results with and without load on the cloud for some amount of time. I > suspect we would want to shut things down for roughly 24-48 hours. > > If there are any strong objects please let us know. > Thank you > -- > > Wes Hayutin > > Associate MANAGER > > Red Hat > > > > whayutin at redhat.com T: +1919 <+19197544114>4232509 IRC: weshay > > > View my calendar and check my availability for meetings HERE > > -- Best regards Sagi Shnaidman -------------- next part -------------- An HTML attachment was scrubbed... URL: From juliaashleykreger at gmail.com Tue Nov 6 14:03:05 2018 From: juliaashleykreger at gmail.com (Julia Kreger) Date: Tue, 6 Nov 2018 06:03:05 -0800 Subject: [openstack-dev] [Openstack-operators] FIPS Compliance In-Reply-To: