Friday, 2017-03-17

*** catintheroof has joined #openstack-manila		00:03
openstackgerrit	Tom Barron proposed openstack/manila master: remove hacking rule that enforces log translation https://review.openstack.org/446789	00:09
*** catintheroof has quit IRC		00:16
*** ganso has quit IRC		00:25
*** gouthamr has joined #openstack-manila		00:39
*** catintheroof has joined #openstack-manila		01:02
*** catintheroof has quit IRC		01:02
*** catintheroof has joined #openstack-manila		01:02
openstackgerrit	TommyLike proposed openstack/manila-specs master: Retarget IPv6 to Pike https://review.openstack.org/446800	01:08
tommylikehu	ping tbarron, are you around?, this time could be late for you :)	01:11
*** wangqun has joined #openstack-manila		01:43
*** kaisers__ has quit IRC		02:09
*** catintheroof has quit IRC		02:36
*** gouthamr has quit IRC		03:01
openstackgerrit	qtlu proposed openstack/manila master: Use HostAddressOpt for opts that accept IP and hostnames https://review.openstack.org/446370	03:13
*** crushil has joined #openstack-manila		03:20
*** chlong has quit IRC		03:25
*** gnarld_ is now known as nug		03:26
*** nug is now known as Guest14557		03:27
*** zhugaoxiao has quit IRC		03:29
*** zhugaoxiao has joined #openstack-manila		03:30
*** rejy has joined #openstack-manila		03:40
*** tinwood has quit IRC		04:05
*** tinwood has joined #openstack-manila		04:06
*** kaisers_ has joined #openstack-manila		04:27
*** kaisers_ has quit IRC		04:28
*** arnewiebalck_ has joined #openstack-manila		05:06
*** markstur has quit IRC		05:12
*** crushil has quit IRC		05:12
*** kaisers_ has joined #openstack-manila		05:29
*** shausy has joined #openstack-manila		05:34
*** kaisers_ has quit IRC		05:34
*** erlon has quit IRC		05:35
*** gcb has joined #openstack-manila		05:54
*** arnewiebalck_ has quit IRC		06:07
*** tuanluong has joined #openstack-manila		06:11
*** lpetrut has joined #openstack-manila		06:19
*** belmoreira has joined #openstack-manila		06:38
*** gcb has quit IRC		06:54
*** markstur has joined #openstack-manila		06:58
*** nkrinner_afk is now known as nkrinner		07:00
*** markstur has quit IRC		07:03
*** gcb has joined #openstack-manila		07:10
*** lpetrut has quit IRC		07:18
*** kaisers_ has joined #openstack-manila		07:30
*** lpetrut has joined #openstack-manila		07:35
*** kaisers_ has quit IRC		07:36
*** kaisers_ has joined #openstack-manila		07:41
*** pcaruana has joined #openstack-manila		07:43
*** kaisers_ has quit IRC		07:45
*** arnewiebalck_ has joined #openstack-manila		07:46
*** lpetrut has quit IRC		08:04
*** lpetrut has joined #openstack-manila		08:04
*** shausy has quit IRC		08:33
*** shausy has joined #openstack-manila		08:34
*** kaisers_ has joined #openstack-manila		08:42
*** lpetrut has quit IRC		08:44
*** kaisers_ has quit IRC		08:46
openstackgerrit	Tom Barron proposed openstack/manila master: User Messages https://review.openstack.org/313549	08:50
tbarron	tommylikehu: pong	08:51
*** gcb has quit IRC		08:51
*** belmorei_ has joined #openstack-manila		08:58
*** belmoreira has quit IRC		08:59
*** lpetrut has joined #openstack-manila		08:59
*** gcb has joined #openstack-manila		09:09
*** rraja has joined #openstack-manila		09:21
*** belmorei_ has quit IRC		09:21
*** belmoreira has joined #openstack-manila		09:29
*** kaisers_ has joined #openstack-manila		09:38
*** belmoreira has quit IRC		09:39
*** kaisers_ has quit IRC		09:42
*** wangqun has quit IRC		09:43
*** belmoreira has joined #openstack-manila		09:50
*** lpetrut has quit IRC		09:52
tommylikehu	hey tbarron morning. I am wondering what's your plan on the IPv6 follow up :https://etherpad.openstack.org/p/manila-pike-ptg-wednesday	09:54
tommylikehu	tbarron, aslo for this patch, should I wait for new jenkins environment that don't depends on ubtuntu, so should I fix the bug by modify the exportfs file directly?	09:57
*** markstur has joined #openstack-manila		10:01
*** markstur has quit IRC		10:05
openstackgerrit	Tom Barron proposed openstack/manila master: Extend usage of user messages https://review.openstack.org/443101	10:14
openstackgerrit	Tom Barron proposed openstack/manila master: remove hacking rule that enforces log translation https://review.openstack.org/446789	10:16
openstackgerrit	Tom Barron proposed openstack/manila master: docs: fix build failure on html_last_updated_fmt https://review.openstack.org/446939	10:16
*** shausy has quit IRC		10:16
*** shausy has joined #openstack-manila		10:16
tbarron	tommylikehu: I think next step is to get your patch testable, which depends on https://review.openstack.org/#/c/444479/	10:31
tbarron	your patches, plural	10:33
tbarron	the new jenkins job is already there but needs this for us to make it run lvm with ipv6 rather than ipv4	10:35
tbarron	bbiab - running errands this morning	10:36
*** kaisers_ has joined #openstack-manila		10:38
*** kaisers_ has quit IRC		10:43
*** ganso has joined #openstack-manila		10:43
*** markstur has joined #openstack-manila		10:44
*** tuanluong has quit IRC		10:44
*** markstur has quit IRC		10:49
*** lpetrut has joined #openstack-manila		11:12
*** kaisers_ has joined #openstack-manila		11:39
*** kaisers_ has quit IRC		11:44
*** shausy has quit IRC		11:51
*** shausy has joined #openstack-manila		11:51
*** markstur has joined #openstack-manila		11:56
*** markstur has quit IRC		12:00
*** tommylikehu_ has joined #openstack-manila		12:02
*** tommylikehu_ has quit IRC		12:10
*** tommylikehu_ has joined #openstack-manila		12:11
*** zhugaoxiao has quit IRC		12:13
*** zhugaoxiao has joined #openstack-manila		12:14
*** erlon has joined #openstack-manila		12:33
*** kaisers_ has joined #openstack-manila		12:40
*** kaisers_ has quit IRC		12:44
*** shausy has quit IRC		12:48
*** tommylikehu_ has quit IRC		12:48
*** tommylikehu_ has joined #openstack-manila		12:49
*** dustins has joined #openstack-manila		12:51
*** tommylikehu_ has quit IRC		12:53
*** tommylikehu_ has joined #openstack-manila		12:55
*** tommylikehu_ has quit IRC		12:56
*** gcb has quit IRC		12:58
*** arnewiebalck__ has joined #openstack-manila		12:58
*** catintheroof has joined #openstack-manila		13:10
*** catintheroof has quit IRC		13:10
*** catintheroof has joined #openstack-manila		13:10
*** tommylik_ has joined #openstack-manila		13:18
*** arnewiebalck__ has quit IRC		13:20
*** ociuhandu has quit IRC		13:20
*** tommylik_ has quit IRC		13:22
*** xyang_ has joined #openstack-manila		13:22
*** gouthamr has joined #openstack-manila		13:24
*** chlong has joined #openstack-manila		13:33
*** cknight has joined #openstack-manila		13:34
*** arnewiebalck__ has joined #openstack-manila		13:35
*** zhugaoxiao has quit IRC		13:36
*** zhugaoxiao has joined #openstack-manila		13:37
*** eharney has joined #openstack-manila		13:38
*** kaisers_ has joined #openstack-manila		13:41
*** markstur has joined #openstack-manila		13:44
*** kaisers_ has quit IRC		13:45
*** markstur has quit IRC		13:48
*** arnewiebalck__ has quit IRC		13:49
*** ociuhandu has joined #openstack-manila		13:50
*** crushil has joined #openstack-manila		13:53
*** xyang_ has quit IRC		13:59
*** dustins has quit IRC		13:59
*** tommylikehu_ has joined #openstack-manila		14:01
*** tommylikehu_ has quit IRC		14:02
*** tommylikehu_ has joined #openstack-manila		14:02
*** xyang_ has joined #openstack-manila		14:14
*** chenying__ has quit IRC		14:17
*** arnewiebalck__ has joined #openstack-manila		14:17
*** chenying__ has joined #openstack-manila		14:18
*** chlong has quit IRC		14:23
*** rraja has quit IRC		14:26
*** xyang_ has quit IRC		14:31
*** markstur has joined #openstack-manila		14:34
*** kaisers_ has joined #openstack-manila		14:41
*** kaisers_ has quit IRC		14:47
*** rejy has quit IRC		14:49
openstackgerrit	Arne Wiebalck proposed openstack/manila-specs master: Add spec for per share type quotas https://review.openstack.org/447021	14:49
*** nkrinner is now known as nkrinner_afk		14:58
*** tommylikehu_ has quit IRC		15:05
*** arnewiebalck__ has quit IRC		15:11
openstackgerrit	Tom Barron proposed openstack/manila master: Provide filter name in user messages https://review.openstack.org/443102	15:27
*** dsariel has joined #openstack-manila		15:28
*** crushil has quit IRC		15:45
*** dsariel has quit IRC		15:57
openstackgerrit	Tom Barron proposed openstack/manila master: set basepython for pylint tox env https://review.openstack.org/447049	16:10
*** adrianofr_ has joined #openstack-manila		16:14
*** dustins has joined #openstack-manila		16:18
*** belmoreira has quit IRC		16:25
*** kaisers_ has joined #openstack-manila		16:28
*** kaisers_ has quit IRC		16:33
*** kaisers_ has joined #openstack-manila		16:34
*** kaisers_ has quit IRC		16:38
*** crushil has joined #openstack-manila		16:40
*** kaisers_ has joined #openstack-manila		16:42
*** xyang_ has joined #openstack-manila		16:46
*** xyang_ has quit IRC		16:47
bswartz	ganso xyang: I missed this patch but I would have -2 it: https://review.openstack.org/#/c/440364/	16:49
openstackgerrit	Ben Swartzlander proposed openstack/manila master: Revert "Handle ssl for VNX manila driver" https://review.openstack.org/447065	16:50
ganso	bswartz: :O why? what problem has it caused?	16:51
bswartz	ganso: I have multiple problems with it	16:52
bswartz	for one, not verifying SSL certs it a security vulnerability	16:52
bswartz	secondly, it changes the base driver.py which affects all drivers	16:52
*** dustins has quit IRC		16:53
ganso	bswartz: IIRC, the old behavior is maintained if the config options are not used	16:53
bswartz	It's only thing if EMC wants to modify their own driver to add insecure options, but it's not okay to do that in driver.py	16:53
ganso	bswartz: or at least should	16:53
bswartz	s/only/one/	16:54
ganso	bswartz: also, I understood that this is already a problem for any m-shr service running python older than 2.7.9	16:54
bswartz	ganso: yes, python used to be insecure by default and now it's not -- I call that progress	16:55
bswartz	it's not a bug	16:55
vponomaryov	bswartz: it does not describe the need to not allow it	16:56
ganso	bswartz: you are saying that https://review.openstack.org/#/c/440364/13/manila/share/driver.py@136 should be set Default to True, right?	16:56
ganso	bswartz: I'll be back later, going to a meeting now	16:56
bswartz	ganso: I'm saying these options shouldn't exist at all	16:56
bswartz	or if they need to exist, it should be in a per-driver config option	16:57
*** dustins has joined #openstack-manila		16:57
bswartz	I don't want a global "use SSL insecurely" option	16:57
vponomaryov	bswartz: it is not global, it is per-driver	16:57
vponomaryov	bswartz: for the moment, it is exactly EMC-only	16:58
openstackgerrit	Ben Swartzlander proposed openstack/manila master: Revert "Handle ssl for VNX manila driver" https://review.openstack.org/447065	16:58
bswartz	vponomaryov: why is manila/share/driver.py touched then?	16:58
vponomaryov	bswartz: as common place	16:58
vponomaryov	bswartz: while other driver do not start use new opt, it is used only by EMC	16:59
bswartz	s/driver_ssl_cert_/emc_ssl_cert_/	16:59
vponomaryov	bswartz: why?	16:59
bswartz	This is a bad precedent to set	16:59
vponomaryov	bswartz: it is free-to-use by others	16:59
bswartz	If EMC wants to be insecure I want their name on the insecure option	17:00
bswartz	I don't want anyone to get the idea this is a good option to have	17:00
vponomaryov	bswartz: I woudl agree for default "True" value - yes	17:01
bswartz	My preferences are (1) to not have the option at all or (2) to have it be called emc_ssl_cert_* and have it on the emc driver file	17:01
gouthamr	+1	17:01
gouthamr	a must read: https://www.python.org/dev/peps/pep-0466/#backwards-compatibility-considerations	17:01
openstackgerrit	Valeriy Ponomaryov proposed openstack/manila master: [Share Groups] Add availability zone support https://review.openstack.org/447070	17:02
openstackgerrit	Valeriy Ponomaryov proposed openstack/manila master: [Share Groups] Add availability zone support https://review.openstack.org/447070	17:10
*** arnewiebalck__ has joined #openstack-manila		17:18
*** pcaruana has quit IRC		17:18
openstackgerrit	Tom Barron proposed openstack/manila master: set basepython for pylint tox env https://review.openstack.org/447049	17:23
bswartz	tbarron: do you have an opinion here?	17:27
* tbarron looks back to understand the original motivation for VNX		17:30
bswartz	tbarron you should read the bug and the original patch for context	17:30
bswartz	https://launchpad.net/bugs/1669202	17:30
openstack	Launchpad bug 1669202 in Manila "EMC VNX manila driver: certificate verify failed" [Undecided,Fix released] - Assigned to Peter Wang (peter.wang)	17:30
bswartz	https://review.openstack.org/#/c/440364/	17:30
*** kaisers_ has quit IRC		17:39
tbarron	questions:	17:40
tbarron	1) so all drivers except vnx are since python 2.7.9 validating certs for ssl connections to their backends?	17:40
tbarron	successfully I think, right?	17:40
bswartz	tbarron: for netapp we do proper verification, it works	17:41
tbarron	2) the log supplied in the bug looks like it is from a test run rather than from a customer report.	17:41
bswartz	for others they could be, or alternatively they're only testing without SSL or they're using Python 2.7.9 or earlier	17:41
tbarron	though it could just be illustrative.	17:41
tbarron	We should get EMC to explain the actual use case.	17:42
bswartz	I know the actual use case	17:42
bswartz	it came up here at netapp too	17:42
tbarron	Is it a real customer need? Or for testing convenience.	17:43
bswartz	cknight proposed a bugfix just like this for the netapp driver and I pushed back on that too	17:43
cknight	tbarron: Dev/test convenience in my case. I still use that patch myself.	17:43
bswartz	there's a widely held perception that HTTPS without cert verification is better than plain HTTP, which is technically true	17:44
tbarron	If it's for convenience testing then I'd like to see 'insecure_for_test' or something like that in the option name.	17:44
tbarron	And scope it to each driver.	17:44
tbarron	And default it to OFF.	17:44
bswartz	however HTTPS without cert verification is way worse than HTTPS with cert verification and giving people an easy way out just breeds bad security practice	17:45
cknight	tbarron: Ben asked me not to push it up, so I don't plan to.	17:45
tbarron	That will make it a lot easier for support personal to see when it is not set securely, as well as its scope.	17:45
tbarron	cknight: ack	17:45
tbarron	I can see that it could be useful in test scenarios and handy not to maintain a private patch.	17:45
bswartz	tbarron: I'd prefer that people just use plain HTTP if they're not willing to setup HTTPS correctly	17:45
bswartz	HTTP works find for testing	17:46
bswartz	s/find/fine/	17:46
*** arnewiebalck__ has quit IRC		17:46
tbarron	bswartz: not sure I have an argument with that. But mebbe cknight or the EMC folks have a reason??	17:46
bswartz	seems like xyang is offline today	17:47
tbarron	bswartz: If there's a use case I just want the option scoped to that.	17:47
bswartz	so we can't ask her	17:47
cknight	bswartz: In the linked patch, which has merged, the default value for driver_ssl_cert_verify is False. I expect you take issue with that?	17:47
tbarron	I take issue with that :D	17:47
bswartz	cknight: my objection is to it being a common driver option	17:47
tbarron	And that it's globally scoped.	17:48
bswartz	I'd rather have it be vendor scoped	17:48
cknight	bswartz: What's wrong with a common option if the default is True?	17:48
tbarron	And that it looks like a reasonable thing to do in production, given the option name, help, etc.	17:48
bswartz	if emc wants an insecure option in their driver then it's less bothersome	17:48
bswartz	cknight: well for one thing while it's a common driver option, it doesn't actually affect any driver but EMC's	17:49
bswartz	cknight: but more importantly it sets a bad precedent	17:49
tbarron	cknight: it's harder to see what it's for. If it's just for testing netapp, then set a netapp option.	17:49
bswartz	For the same reason I didn't want a netapp-scoped option for turn off SSL verification I don't think other should do it	17:50
tbarron	cknight: I'm thinking about supporting a customer with multi-backends.	17:50
bswartz	however if there are solid technical reasons for turning it off, I'd like it to be vendor specific	17:50
tbarron	cknight: and getting a vague customer case about their backends getting hacked or somesuch.	17:50
bswartz	creating a common driver_ssl_cert_ option would make users believe it should apply to netapp too	17:51
bswartz	and I'm against implementing it in netapp	17:52
cknight	bswartz: OK, well, if I can't have it, I guess no one can :-P	17:52
bswartz	exactly!	17:52
* bswartz wonders if those EMC guys set their root passwords to "12345" too		17:53
tbarron	There's a backdoor password on many of the EMC systems: 'netappsux'	17:54
bswartz	where's my eyeroll gif?	17:54
*** crushil has quit IRC		17:55
tbarron	seriously, there was here-unamed switch vendor who had a backdoor with pw 'ciscosux' once.	17:55
* tbarron wanders down memory lane of 1990s hacks		17:56
vponomaryov	tbarron: LOL	18:01
bswartz	tbarron: google is not turning up that unnamed switch vendor	18:03
openstackgerrit	Valeriy Ponomaryov proposed openstack/manila master: [Share Groups] Add availability zone support https://review.openstack.org/447070	18:03
tbarron	bswartz: they were based in Pittsburgh, did ATM mostly, but this was a problem with an ethernet switch that iirc was an acquisition	18:04
tbarron	at UMN the wiring closets for the vertical risers up all the main buildings had these ethernet switches, spoked off an ATM backbone that ran at unbelievable OC3 speed	18:06
*** lpetrut has quit IRC		18:06
* tbarron wakes back up		18:07
* tbarron notices his beard is white and his hair is short to nonexistent		18:07
*** ociuhandu has quit IRC		18:14
*** kaisers_ has joined #openstack-manila		18:19
*** crushil has joined #openstack-manila		18:23
*** xyang_ has joined #openstack-manila		18:24
*** kaisers_ has quit IRC		18:25
*** xyang_ has quit IRC		18:26
*** xyang_ has joined #openstack-manila		18:29
*** xyang_ has quit IRC		18:51
*** kaisers has quit IRC		18:54
*** xyang_ has joined #openstack-manila		18:57
*** xyang_ has quit IRC		18:59
*** catintheroof has quit IRC		18:59
*** catintheroof has joined #openstack-manila		19:06
*** xyang_ has joined #openstack-manila		19:08
*** lpetrut has joined #openstack-manila		19:08
*** dustins has quit IRC		19:08
*** dustins has joined #openstack-manila		19:09
*** kaisers has joined #openstack-manila		19:11
*** dustins has quit IRC		19:14
*** lpetrut has quit IRC		19:17
*** xyang_ has quit IRC		19:21
*** xyang_ has joined #openstack-manila		19:22
*** kaisers_ has joined #openstack-manila		19:43
*** xyang_ has quit IRC		19:45
*** kaisers_ has quit IRC		19:48
*** xyang_ has joined #openstack-manila		19:51
*** xyang1 has joined #openstack-manila		19:52
ganso	tbarron, cknight, gouthamr, bswartz, vponomaryov, xyang1, toabctl: Hello folks. Could you please take a look at this patch that is sitting around for quite a while? Thanks in advance https://review.openstack.org/#/c/427663/	19:58
*** lpetrut has joined #openstack-manila		19:59
ganso	markstur: ^	20:00
markstur	:) just saw the Rip Van Barron comment tbarron	20:01
tbarron	markstur: it's a very strange world out there	20:01
markstur	tbarron: Just read the story too. Turns out it is mostly about a guy getting away from his wife	20:02
tbarron	markstur: lotta that going around, or vice versa	20:03
markstur	ganso: gouthamr says not trivial on ^	20:03
bswartz	xyang_ xyang1: ping	20:04
ganso	markstur: ya, I'll file a bug, add reno, etc... anything else?	20:04
gouthamr	markstur: :P nothing to hold that back.. i just noticed its not Trivial	20:04
gouthamr	ganso: mail me $500	20:04
bswartz	xyang: you missed a long discussion earlier today about https://bugs.launchpad.net/manila/+bug/1669202	20:04
openstack	Launchpad bug 1669202 in Manila "EMC VNX manila driver: certificate verify failed" [Undecided,Fix released] - Assigned to Peter Wang (peter.wang)	20:04
ganso	gouthamr: lol	20:05
xyang1	bswartz: hi	20:05
xyang1	bswartz: I read the IRC logs	20:05
bswartz	xyang1: so you may have been my patch to revert the bugfix	20:05
xyang1	bswartz: so if we submit a patch with those options in EMC driver, you are ok?	20:06
xyang1	bswartz: yes, I saw that	20:06
bswartz	xyang1: that's better than what we have now, but I'd like to understand why it's not possible to just leave the SSL cert validation enabled	20:06
xyang1	bswartz: some one reported a bug	20:06
bswartz	is the bug something a customer reported?	20:06
xyang1	bswartz: so they want to fix it	20:07
xyang1	bswartz: yes	20:07
bswartz	don't you think it would be better to educate the customer about how to use SSL properly instead of making your driver less secure?	20:07
xyang1	bswartz: I can certainly ask them to educate the customer	20:08
bswartz	this came up with a netapp customer and my response was to write a blog about how to setup SSL correctly	20:08
xyang1	bswartz: but this means we'll get more similar bug reports	20:08
xyang1	bswartz: did your customer take the advice	20:09
bswartz	it's unfortunate that so many people don't know how to use real SSL certs	20:09
bswartz	xyang1: that's a good question I'm not sure	20:09
bswartz	the 2 workarounds for those that don't want to use SSL correctly are to use plain HTTP or to use python 2.7.9 or older	20:10
xyang1	bswartz: I found it is difficult to persuade someone to do something unfamiliar	20:10
bswartz	well I'd present them with those 3 options	20:10
bswartz	1) plain HTTP	20:10
bswartz	2) python 2.7.9	20:10
bswartz	3) real SSL certs with validation	20:10
*** dustins has joined #openstack-manila		20:11
bswartz	option 4 which is to add a driver option is a bad technical choice, even if it is the easiest thing to do	20:11
xyang1	bswartz: when something that works before suddenly stops working, people will scream and open bugs	20:11
xyang1	bswartz: We'll try and see if they accept it	20:12
bswartz	xyang1: yeah I know that people regard it as a bug because it "used to work"	20:13
xyang1	bswartz: :)	20:13
bswartz	the fact is that it was only working because it wasn't secure and the insecure part was fixed	20:13
xyang1	bswartz: I agree	20:15
tbarron	bswartz: xyang1 nit, but I think choice #2 above s/b '2) less than python 2.7.9'	20:19
bswartz	tbarron: I thought it was less than or equal to 2.7.9	20:19
bswartz	is 2.7.9 the version where they turned on verficiation?	20:20
bswartz	if so, then I meant to say strictly less than	20:20
xyang1	bswartz: tbarron right, 2.7.9 enabled ssl by default	20:21
bswartz	okay so:	20:22
bswartz	2) python <2.7.9	20:22
bswartz	tbarron: good catch	20:22
tbarron	ganso: question about https://review.openstack.org/#/c/427663	20:26
ganso	tbarron: sure	20:26
tbarron	ganso: if someone is setting capability_revert_to_snapshot=True but not setting run_revert_to_snapshot_tests today, won't they have a new behavior after your patch merges?	20:29
openstackgerrit	Merged openstack/manila master: docs: fix build failure on html_last_updated_fmt https://review.openstack.org/446939	20:30
ganso	tbarron: I remember thinking about that about 1 month ago... but I believe the answer is no, since that supposed behavior has been fixed by me in another patch	20:30
ganso	tbarron: so, previously, the share type in some tests were created according to those capabilities	20:31
gouthamr	tbarron: technically we shouldn't have "run_revert_to_snapshot_tests" as an option... but that's another discussion	20:32
ganso	tbarron: I've submitted a patch to change it to always create according to the default share type	20:32
*** crushil has quit IRC		20:32
ganso	tbarron: the default share type is created according to the default extra specs, which is another option, for CIs, and in CI environment, a bit redundant with the one I am removing	20:33
ganso	tbarron: so, I believe there is no behavioral change right now	20:33
ganso	gouthamr: I am not aware of that discussion	20:33
ganso	gouthamr: but I am curious as to why	20:33
gouthamr	ganso: these capabilities are advertised by the backend we're testing.. so the tests can be smart, look for a pool that advertises the capability being tested... if no such pool exists, don't run the test/s.	20:35
gouthamr	ganso: that's being done in the revert tests..	20:35
gouthamr	ganso: but there's also this option..	20:35
ganso	gouthamr: yea but if you do that you remove the option of not running tests if the tester does not want to	20:36
gouthamr	ganso: regex :)	20:36
ganso	gouthamr: oh yea, forgot about that	20:37
tbarron	ganso: hmm, but default value for run_revert_to_snapshot_tests is False, so if they didn't set it at all and the value of 'capability_revert_to_snapshot' is now going to be ignored (but is set by the tester to True), then we have a behavioral difference:	20:37
tbarron	ganso: you would have run the revert to snapshot tests before and now you won't unless the tester changes his config	20:38
gouthamr	ganso: probably annoying for someone to have to toggle all these options... and its easy to get it wrong..	20:38
gouthamr	tbarron: would you rather we remove the option altogether?	20:38
tbarron	gouthamr: I would like us to have a consistent set of controls across the various capabilities and run_options, right now we have a mish-mash	20:39
tbarron	gouthamr: I tend to agree we could just have capability booleans and skip the run booleans.	20:39
*** xyang_ has quit IRC		20:40
ganso	tbarron: so, after my previous patch merged, it has already been ignored	20:40
ganso	tbarron: *no ^	20:40
tbarron	but inferring some of the run conditions from capabilities and allowing in other cases for the run switches to override the cpabilities is very confusing.	20:40
ganso	tbarron: so, the behavior today is the same as the option wouldnt exist	20:40
*** lpetrut has quit IRC		20:41
tbarron	ganso: not if I set the capbility and not the run: I then have capability=True and run=False in the options, but we run anwyays.	20:42
*** xyang1 has quit IRC		20:42
tbarron	ganso: that's today ^^^^ for this revert_to_snapshot, other capabilities/options behave differently (mish-mash)	20:42
*** crushil has joined #openstack-manila		20:42
tbarron	ganso: after your change, with the same tempest config, the result is that the revert-tests will not be run.	20:43
bswartz	didn't this topic come up at PTG?	20:43
tbarron	bswartz: yes, it came up, not sure there was crisp resolution.	20:43
bswartz	the differnce between not-run tests and auto-skipped tests?	20:43
ganso	tbarron: not really, if you set cap=True and run=false, you don't read and you don't run the test	20:43
ganso	bswartz: I don't remember this from the PTG	20:44
*** kaisers_ has joined #openstack-manila		20:44
bswartz	tbarron: IIRC the only opposition to autoskip tests was from redhat because you regard skips a failures during certifications	20:44
ganso	tbarron: if you set cap=False and run=True, it will run the tests, so one does not interfere with the other	20:44
bswartz	or am I misunderstanding?	20:45
tbarron	bswartz: I don't have a problem with autoskipping tests if there's a clear consistent way to map capabilities to skips and to see the capabilities that are being declared.	20:45
ganso	tbarron: it is already like this. This is why the patch states it is unusef	20:45
ganso	*unused	20:45
*** xyang1 has joined #openstack-manila		20:46
*** kaisers_ has quit IRC		20:49
*** cknight has quit IRC		20:51
gouthamr	tbarron: hmmm, the skips within the tests would come from the tests looking at the pools response.. so in the skip reason, we could use the capability-field necessary as-is	20:51
gouthamr	tbarron: then they can be parsed with any tool	20:51
tbarron	ganso: I think I was confused about which conf option was being used to set the other if one was missing.	20:53
*** lpetrut has joined #openstack-manila		20:54
tbarron	gouthamr: so there are two kinds of "capabilities" in this conversation: the capability flag options in tempest.conf and the capabilities advertised by backends ("pools response").	20:54
gouthamr	capability:'xyz' not 'value'	20:55
gouthamr	tbarron: we shouldn't have capability flag options in tempest.conf	20:55
tbarron	gouthamr: and if I understand your argument you'd say we can get rid of the 'run_*' flags too?	20:55
gouthamr	tbarron: yep	20:55
tbarron	gouthamr: just be smart, find out what the backends advertise to the scheduler, and run the right set of tests given that?	20:56
gouthamr	tbarron: exactly... i had this discussion with vponomaryov in the past... unless there's value in skipping some tests, we shouldn't create these toggles	20:56
tbarron	Intuitively that's what I think is correct too, but iirc people told me that's not sufficient.	20:57
tbarron	But I don't remember why.	20:57
tbarron	ganso: ^^^??	20:57
tbarron	bswartz: ^^^ vponomaryov ^^ ??	20:57
gouthamr	tbarron: for instance, we have "run_host_assisted_migration_tests": this isn't related to capabilities, so having this toggle would be useful if you don't want to run these tests that might take a longer time	20:57
tbarron	gouthamr: ok, so there would be a limited set of run flags still then, those that don't correspond to capabilities.	20:58
ganso	tbarron: looks sufficient to me	20:58
tbarron	or we could organize the tests (as reportedly other projects do) so that regexes to select tests would work for that instead of the flags	20:59
ganso	tbarron: no, you could avoid the test with regex	20:59
ganso	tbarron: yes, exactly	20:59
gouthamr	tbarron: +1... we went through this exercise recently and tagged tests... so we could separate "api-only" tests from those requiring a back end (manila-share service)	20:59
gouthamr	this would be similar imo..	21:00
tbarron	well I rather like this "use real capabilities & regexes & get rid of RUN_* and CAPABILITY_* flags in tempest conf" proposal	21:01
gouthamr	+1 we can work slowly towards that... i wonder if we can do so without a deprecation process for these tempest options :P	21:02
ganso	gouthamr, tbarron: ok so the conclusion is that we don't want my patch merged, right? should I abandon it?	21:02
*** eharney has quit IRC		21:03
*** crushil has quit IRC		21:03
gouthamr	ganso: ganso your patch solves a bug afaics... it stops injecting "revert_to_snapshot_support" in the default share type	21:03
ganso	gouthamr: no it doesn't	21:04
ganso	gouthamr: a previous patch of mine solved that	21:04
gouthamr	:) okay	21:04
*** a-pugachev has joined #openstack-manila		21:04
ganso	gouthamr: so is it trivial now? xD	21:04
gouthamr	ganso: no, i'm confused about the previous patch now... i see that you're removing the "capability" toggle now... https://review.openstack.org/#/c/427663/3/manila_tempest_tests/tests/api/base.py	21:06
ganso	gouthamr: trying to find it	21:07
*** dustins_ has joined #openstack-manila		21:11
*** dustins has quit IRC		21:12
ganso	gouthamr: actually, this is how I fixed it in CI https://github.com/openstack/manila/blob/master/contrib/ci/post_test_hook.sh#L290	21:14
gouthamr	ganso: i remember the bug we ran into, the run_revert_to_snapshot_tests option wasn't provided in tempest.conf and the default value was assumed (False) and every share type tempest created had this value, and random tests start failing	21:14
ganso	gouthamr: yes, I fixed it with the above approach ^	21:14
ganso	gouthamr: I suspect you are even more confused now	21:15
ganso	gouthamr: lol	21:15
gouthamr	ganso: because every pool in the back end supported revert, but we were looking for a pool that didn't support revert. annoying :P	21:16
*** catintheroof has quit IRC		21:16
gouthamr	ganso: ah.. yes i remember that fix	21:16
ganso	gouthamr: that's because the "create_share_type" tempest method looks for that config option, and if absent, reads the capabilities	21:17
ganso	gouthamr: so we got 2 branches of behaviors that are run according to non-obvious configurations	21:17
gouthamr	ganso: reads the capabilities from?	21:19
ganso	gouthamr: from the capabilities_revert_to_snapshot option, the one I am removing	21:20
gouthamr	ganso: yeah... so, die option die, now.	21:20
ganso	gouthamr: lol	21:20
gouthamr	ganso: my CI needs 1 hr 31 min apparently to test your change... i'll review when that's done.. only LVM, dummy and cDOT drivers should be affected by the change.	21:23
ganso	gouthamr: and HNAS, while it is still running	21:23
*** cknight has joined #openstack-manila		21:24
gouthamr	ganso: ah.. yep	21:24
*** gouthamr has quit IRC		21:33
*** cknight1 has joined #openstack-manila		21:33
*** cknight has quit IRC		21:35
*** dustins_ has quit IRC		21:36
*** xyang1 has quit IRC		21:48
*** kaisers_ has joined #openstack-manila		21:54
*** gouthamr has joined #openstack-manila		21:57
*** kaisers_ has quit IRC		21:59
*** lpetrut has quit IRC		22:15
*** cknight1 has quit IRC		22:33
*** a-pugachev has quit IRC		22:51
*** ociuhandu has joined #openstack-manila		22:54
*** cknight has joined #openstack-manila		22:55
*** ociuhandu has quit IRC		22:59
*** ociuhandu has joined #openstack-manila		23:05
*** kaisers_ has joined #openstack-manila		23:09
*** ociuhandu has quit IRC		23:09
*** kaisers_ has quit IRC		23:14
*** erlon has quit IRC		23:15
*** adrianofr_ has quit IRC		23:19
*** tommylikehu_ has joined #openstack-manila		23:48
*** crushil has joined #openstack-manila		23:52
bswartz	tbarron: there is one problem with relying on capabilities exclusively	23:58
bswartz	if a bug develops in the driver where it doesn't report a capability when it should...	23:58
bswartz	then the tests don't catch that bug	23:59

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!