Thursday, 2019-04-04

« Wednesday, 2019-04-03 Index Friday, 2019-04-05 »
*** iyamahat__ has joined #openstack-meeting00:01
*** dtrainor_ has quit IRC00:02
*** yamamoto has quit IRC00:04
*** iyamahat_ has quit IRC00:04
*** tetsuro has joined #openstack-meeting00:08
*** bbowen has joined #openstack-meeting00:32
*** bbowen__ has quit IRC00:33
*** jamesmcarthur has joined #openstack-meeting00:34
*** igordc has quit IRC00:36
*** Liang__ has joined #openstack-meeting00:49
*** Liang__ is now known as LiangFang00:50
*** iyamahat_ has joined #openstack-meeting00:53
*** iyamahat__ has quit IRC00:57
*** jamesmcarthur has quit IRC00:58
*** tetsuro has quit IRC01:01
*** tetsuro_ has joined #openstack-meeting01:01
*** mriedem has quit IRC01:09
*** enriquetaso has quit IRC01:23
*** enriquetaso has joined #openstack-meeting01:23
*** jamesmcarthur has joined #openstack-meeting01:23
*** dtrainor_ has joined #openstack-meeting01:27
*** dtrainor_ has quit IRC01:29
*** dtrainor_ has joined #openstack-meeting01:30
*** jamesmcarthur has quit IRC01:31
*** dtrainor_ has quit IRC01:34
*** yamamoto has joined #openstack-meeting01:45
*** mattia has quit IRC01:51
*** whoami-rajat has joined #openstack-meeting02:03
*** yamahata has quit IRC02:08
*** iyamahat_ has quit IRC02:08
*** tinwood has quit IRC02:10
*** tinwood has joined #openstack-meeting02:12
*** hongbin has joined #openstack-meeting02:12
*** mriedem has joined #openstack-meeting02:23
*** markvoelker has joined #openstack-meeting02:29
*** jamesmcarthur has joined #openstack-meeting02:29
*** mriedem has quit IRC02:29
*** zhubx has quit IRC02:36
*** psachin has joined #openstack-meeting02:43
*** jamesmcarthur has quit IRC02:57
*** markvoelker has quit IRC02:59
*** zhubx has joined #openstack-meeting03:16
*** samueldmq has quit IRC03:16
*** jamesmcarthur has joined #openstack-meeting03:17
*** jamesmcarthur has quit IRC03:22
*** enriquetaso has quit IRC03:32
*** tetsuro_ has quit IRC03:50
*** tetsuro has joined #openstack-meeting03:51
*** hongbin has quit IRC03:52
*** jamesmcarthur has joined #openstack-meeting03:54
*** markvoelker has joined #openstack-meeting03:57
*** zhubx has quit IRC03:57
*** imsurit has joined #openstack-meeting03:58
*** jamesmcarthur has quit IRC03:58
*** zhubx has joined #openstack-meeting04:03
*** ekcs has joined #openstack-meeting04:27
*** markvoelker has quit IRC04:29
*** jamesmcarthur has joined #openstack-meeting04:30
*** erlon has joined #openstack-meeting04:44
*** yamahata has joined #openstack-meeting04:56
*** ricolin has joined #openstack-meeting04:57
*** pcaruana has joined #openstack-meeting04:58
*** lbragstad has quit IRC05:06
*** tetsuro has quit IRC05:09
*** e0ne has joined #openstack-meeting05:12
*** tetsuro has joined #openstack-meeting05:14
*** e0ne has quit IRC05:18
*** markvoelker has joined #openstack-meeting05:27
*** tetsuro_ has joined #openstack-meeting05:38
*** tetsuro has quit IRC05:40
*** armax has quit IRC05:53
*** armax has joined #openstack-meeting06:00
*** markvoelker has quit IRC06:00
*** tetsuro_ has quit IRC06:03
*** zhubx has quit IRC06:09
*** zhubx has joined #openstack-meeting06:09
*** janki has joined #openstack-meeting06:13
*** kopecmartin|off is now known as kopecmartin06:14
*** sridharg has joined #openstack-meeting06:15
*** Luzi has joined #openstack-meeting06:18
*** slaweq has joined #openstack-meeting06:20
*** sidx64 has joined #openstack-meeting06:30
*** imsurit has quit IRC06:36
*** erlon has quit IRC06:36
*** manjeets has quit IRC06:36
*** imsurit has joined #openstack-meeting06:36
*** e0ne has joined #openstack-meeting06:47
*** jamesmcarthur has quit IRC06:52
*** markvoelker has joined #openstack-meeting06:57
*** jiaopengju has quit IRC07:18
*** jiaopengju has joined #openstack-meeting07:18
*** dims has quit IRC07:22
*** dims has joined #openstack-meeting07:24
*** sidx64 has quit IRC07:25
*** markvoelker has quit IRC07:30
*** dims has quit IRC07:31
*** helenafm has joined #openstack-meeting07:33
*** dims has joined #openstack-meeting07:34
*** ralonsoh has joined #openstack-meeting07:34
*** ralonsoh has quit IRC07:34
*** apetrich has joined #openstack-meeting07:37
*** ralonsoh has joined #openstack-meeting07:37
*** tssurya has joined #openstack-meeting07:56
*** walshh_ has quit IRC08:24
*** markvoelker has joined #openstack-meeting08:28
*** e0ne has quit IRC08:30
*** a-pugachev has joined #openstack-meeting08:31
*** imsurit has quit IRC08:36
*** e0ne has joined #openstack-meeting08:40
*** e0ne has quit IRC08:42
*** yamamoto has quit IRC08:43
*** jrbalderrama has joined #openstack-meeting08:46
*** jamesmcarthur has joined #openstack-meeting08:49
*** e0ne has joined #openstack-meeting08:50
*** yamamoto has joined #openstack-meeting08:52
*** yamamoto has quit IRC08:53
*** ricolin has quit IRC08:53
*** jamesmcarthur has quit IRC08:54
*** a-pugachev has quit IRC08:58
*** electrofelix has joined #openstack-meeting08:58
*** yamamoto has joined #openstack-meeting08:59
*** a-pugachev has joined #openstack-meeting08:59
*** markvoelker has quit IRC09:01
*** mattia_ has joined #openstack-meeting09:03
*** yamamoto has quit IRC09:18
*** iyamahat has joined #openstack-meeting09:24
*** a-pugachev has quit IRC09:27
*** a-pugachev has joined #openstack-meeting09:29
*** LiangFang has quit IRC09:30
*** a-pugachev has quit IRC09:43
*** e0ne has quit IRC09:44
*** a-pugachev has joined #openstack-meeting09:44
*** a-pugachev has quit IRC09:49
*** e0ne has joined #openstack-meeting09:54
*** markvoelker has joined #openstack-meeting09:58
*** sidx64 has joined #openstack-meeting09:59
*** jrbalderrama has quit IRC10:09
*** jrbalderrama has joined #openstack-meeting10:10
*** sidx64 has quit IRC10:15
*** bbowen has quit IRC10:21
*** sidx64 has joined #openstack-meeting10:22
*** jiaopengju has quit IRC10:23
*** jiaopengju has joined #openstack-meeting10:25
*** markvoelker has quit IRC10:31
*** sidx64 has quit IRC10:36
*** yamamoto has joined #openstack-meeting10:50
*** sidx64 has joined #openstack-meeting10:58
*** iyamahat has quit IRC11:07
*** erlon has joined #openstack-meeting11:14
*** zbr has quit IRC11:14
*** sidx64 has quit IRC11:14
*** sidx64 has joined #openstack-meeting11:15
*** sidx64 has quit IRC11:19
*** sidx64 has joined #openstack-meeting11:20
*** jrbalderrama has quit IRC11:20
*** jrbalderrama has joined #openstack-meeting11:21
*** helenafm has quit IRC11:22
*** markvoelker has joined #openstack-meeting11:28
*** jamesmcarthur has joined #openstack-meeting11:30
*** zbr has joined #openstack-meeting11:31
*** bbowen has joined #openstack-meeting11:31
*** jamesmcarthur has quit IRC11:34
*** samueldmq has joined #openstack-meeting11:40
*** sidx64 has quit IRC11:44
*** erlon_ has joined #openstack-meeting11:45
*** sidx64 has joined #openstack-meeting11:46
*** sidx64 has quit IRC11:47
*** sidx64 has joined #openstack-meeting11:48
*** e0ne has quit IRC11:50
*** ygbo has joined #openstack-meeting12:00
*** markvoelker has quit IRC12:02
*** jamesmcarthur has joined #openstack-meeting12:18
*** jamesmcarthur has quit IRC12:32
*** sidx64 has quit IRC12:38
*** sidx64 has joined #openstack-meeting12:39
*** rbudden has joined #openstack-meeting12:45
*** Luzi has quit IRC12:48
*** mriedem has joined #openstack-meeting12:54
*** lbragstad has joined #openstack-meeting12:59
*** lseki has joined #openstack-meeting13:00
*** dklyle has quit IRC13:02
*** enriquetaso has joined #openstack-meeting13:06
*** Luzi has joined #openstack-meeting13:07
*** e0ne has joined #openstack-meeting13:22
*** sridharg has quit IRC13:29
*** sidx64 has quit IRC13:30
*** raildo has joined #openstack-meeting13:31
*** gagehugo has joined #openstack-meeting13:32
*** takashin has joined #openstack-meeting13:33
*** Luzi has quit IRC13:34
*** sidx64 has joined #openstack-meeting13:35
*** Luzi has joined #openstack-meeting13:37
*** jangutter has joined #openstack-meeting13:44
*** sidx64 has quit IRC13:44
*** mdbooth has joined #openstack-meeting13:50
*** mjturek has joined #openstack-meeting13:53
*** altlogbot_1 has quit IRC13:54
*** efried has left #openstack-meeting13:55
*** efried has joined #openstack-meeting13:55
*** cdent has joined #openstack-meeting13:56
*** alex_xu has joined #openstack-meeting13:57
*** awaugama has joined #openstack-meeting13:58
*** cheng1__ has joined #openstack-meeting13:58
*** jrbalderrama has quit IRC13:58
*** e0ne has quit IRC13:59
*** cheng1__ has quit IRC14:00
efried#startmeeting nova14:00
openstackMeeting started Thu Apr  4 14:00:35 2019 UTC and is due to finish in 60 minutes.  The chair is efried. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: nova)"14:00
openstackThe meeting name has been set to 'nova'14:00
takashino/14:00
edleafe\o14:00
*** cheng1__ has joined #openstack-meeting14:00
gmanno/14:00
mdbootho/14:01
artomo/14:01
mriedem.14:01
cdento/14:01
bauzas\o14:01
tssuryao/14:01
artomActually, ~o~14:01
*** lyarwood has joined #openstack-meeting14:01
alex_xuo/14:01
* bauzas doing a double meeting at the same time, feeling a bit schizophrenic14:01
efriedartom: are you swimming?14:02
artomedleafe, waving :D14:02
artomErr, efried14:02
efriedoo, the robot, rad14:02
edleafeHeh, I thought it was a new hairstyle14:02
efriedwhoops, /me forgot to save the agenda, done, refresh if you had it open14:03
efried#link agenda https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting14:03
efried#link last week's minutes Minutes from last week: http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-03-28-21.02.html14:03
efriedno fups from that afaict, anyone?14:03
edleafeartom: https://goo.gl/images/NXekAP14:03
stephenfino/14:03
artomedleafe, *shudder*14:04
efried#topic Release News14:04
efried#link Stein release schedule: https://wiki.openstack.org/wiki/Nova/Stein_Release_Schedule14:04
efried#info Stein RC freeze is TODAY, Thursday, April 4th14:04
efried#link Stein RC potential changes tracking: https://etherpad.openstack.org/p/nova-stein-rc-potential14:04
*** openstack changes topic to "Release News (Meeting topic: nova)"14:04
efried#link RC2 proposed https://review.openstack.org/64965614:04
efried#link Fix non-NIC VFs bombing n-cpu (merging) https://review.openstack.org/#/c/649630/14:04
efried#link VGPU docs (merged) https://review.openstack.org/64945414:04
efriedThat last one wouldn't have been enough to prompt an RC2 by itself, but since we're doing one...14:04
efriedand last but not least...14:04
efried#link Keys to the (database) kingdom in versioned notifications https://review.openstack.org/#/c/649775/14:04
efriedThat *just* got a new PS, please review and merge asap.14:04
*** e0ne has joined #openstack-meeting14:05
mriedemin the future,14:05
mriedemi'd ask people be mindful about what we shove into versioned notification payloads,14:05
mriedemjust because we can send something doesn't mean we should14:05
*** munimeha1 has joined #openstack-meeting14:05
efriedis there a doc or (probably better) code comment we can throw somewhere obvious to that effect?14:05
mriedemdocs are here https://docs.openstack.org/nova/latest/reference/notifications.html14:06
mriedemi don't know if there is a warning for contributors14:06
mriedemcode comment would be hard since the payloads are in lots of places14:06
mriedemit's really on the core team14:06
efriedk14:06
efriedany other release topics?14:07
mriedemi can follow up with a docs patch to add a warning14:07
gmannguidelines of " donot/careful about exposing this "  can be great.14:07
efriedthanks mriedem14:07
artomThere's a What should be in the notification payload para14:07
Kevin_Zhengo/14:07
artomCould be followed with a What should NOT be in the notification payload14:07
mriedemartom: yeah that's where i'm going to put a warning14:07
efried++14:08
efried#topic Bugs (stuck/critical)14:08
efriedNo Critical bugs14:08
efried#link 69 new untriaged bugs (down 1 since the last meeting): https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New14:08
efried#link 7 untagged untriaged bugs (down 2 since the last meeting): https://bugs.launchpad.net/nova/+bugs?field.tag=-*&field.status%3Alist=NEW14:08
*** openstack changes topic to "Bugs (stuck/critical) (Meeting topic: nova)"14:08
efriedGate status14:08
efried#link check queue gate status http://status.openstack.org/elastic-recheck/index.html14:08
efriedlooks like mostly timeout-y things.14:08
efried3rd party CI14:08
efried#link 3rd party CI status http://ciwatch.mmedvede.net/project?project=nova&time=7+days14:08
mriedemgrenade py3 jobs will be still wonky until https://review.openstack.org/#/c/649096/ lands14:09
efrieda few disturbing hits in unit test jobs - look for the ones where one out of the three pyXX jobs fails. Some kind of odd database race.14:09
mriedemwe likely need a new e-r query for that14:10
efrieddon't know what it's about, but may try to get an e-r def in place, ...14:10
efriedyeah14:10
efriedcause I just learned about e-r this week. I know only enough to be dangerous14:10
* mdbooth loves weird database races if we have a couple of examples14:11
efriedmdbooth: oh, perfect - there's several examples.14:11
mdboothHow much of a problem is it?14:11
efriedMeh, kills one job in a dozen maybe?14:11
mdboothModerate14:11
efriedmdbooth: If you look in http://ciwatch.mmedvede.net/project?project=nova&time=7+days along the openstack-tox-pyXX rows, ignore all green or all red, look for the ones with just one X, click on it. The failures are always in the same small handful of tests, weird DB-ish things.14:12
*** armstrong has joined #openstack-meeting14:12
efriedthanks for the help14:13
efried#action efried to look into adding e-r query for ^14:14
efried#topic Reminders14:14
efried#link Spec review day proposed next Tuesday, April 9th http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004484.html14:14
*** openstack changes topic to "Reminders (Meeting topic: nova)"14:14
efriedSo far a small number of people have responded about ^14:14
efriedNow that I have a captive audience14:15
efriedis next Tuesday good for folks to block off for reviewing/discussing/updating specs?14:15
artom+114:15
cdentyes14:15
bauzasI'm good with it but I was about to write something14:15
bauzashaving a second review day in one week later is a bit impactful14:16
bauzasnot sure it's healthy14:16
bauzasso, I'm all sold on this review day, not the later14:16
bauzasif that's worth mentioning14:16
*** Sundar has joined #openstack-meeting14:16
mriedemunhealthy how? if you can't do a 2nd sprint, that's fine.14:16
mriedemi think the idea is flush as much as possible before the ptg14:17
efried^14:17
mriedembecause we're all going to be burned out by saturday14:17
*** janki has quit IRC14:17
gmann+114:17
gmannit can cut down the PTG topics also.14:17
bauzaswell, ok14:18
bauzasthat's not that I can't14:18
bauzasjust that I think I'll feel a bit exhausted after two review days in a week, but fair14:19
bauzasbut yeah, your point on the PTG is valid14:19
bauzasso cool with me14:19
mriedemjust remember to stretch14:19
bauzas:)14:19
artomAnd drink loads of water (or others)14:19
efriedokay, cool, Ima put up an etherpad where people wanting their specs to get attention that day can list them, make it easier for reviewers to discover rather than picking from the 60-odd open specs out there.14:20
efried#efried to fup with review day logistics14:20
efried#action efried to fup with review day logistics14:21
efriedrather14:21
efriedany other reminders?14:21
artomDo we have priorities for train? Should those spec get priority for spec review day?14:21
*** raildo has quit IRC14:21
efriedmm14:21
efriedwe usually set priorities at/after the ptg14:21
efriedbut that doesn't mean we can't do some pre-prioritizing14:22
mdboothIs it worth having a spec for privsep? It's more of a theme.14:22
efriedWe can have a specless bp to continue the rootwrap-to-privsep conversion for train14:22
efriedand I would like to have a backlog spec proposed at some point describing how we get from the current privsep to the golden age of security perfection that's been discussed recently in the ML.14:23
mriedemspecs are point in time for a release, privsep is a long-term commitment, so if we need docs, as suggested in that ML thread, then let's add docs14:23
dansmithagree14:23
efried#link privsep docs https://review.openstack.org/#/c/649997/14:23
mriedemalso, related to that,14:24
*** cheng1__ has quit IRC14:24
efriedhaving a specless bp could help us keep review focus on it for train so we can get more of that series merged.14:24
mriedemdo we have any nova-specific docs about configuring nova's rootwrap compute.filters for the privsep-helper?14:24
mriedembecause that is all black magic for the most part14:24
efriedIt's over a year old.14:24
mriedemand i don't think it's documented, deployment tools just had to deal with it back when it was required14:24
dansmithmriedem: asI understand it, we only need one rootwrap rule for privsep itself14:25
mriedemalso related, sighup'ing nova-compute kills nova-compute b/c the privsep-helper child processes are gone14:25
artom... that sounds quite bad...14:25
efriedwe decided that ^ was latent since at least rocky, right?14:25
mriedemdansmith: i'm just not sure if there is anything clear in our docs about configuring rootwrap for privsep14:25
mdboothIt's also explicitly by design14:25
dansmithit's an oslo.service regression14:25
mriedemefried: yeah i also recreated it in rocky14:26
dansmithmdbooth: what is explicitly by design?14:26
mdboothdansmith: privsep helper doesn't restart if it ends14:26
dansmithmdbooth: it's not supposed to end on HUP14:26
mdboothAh, ok. Is it supposed to reload its context?14:26
dansmithmdbooth: and also, it's definitely expected to be able to restart privsep if you're using a root helperto start14:26
mriedemthis is the only rootwrap mention in our docs https://docs.openstack.org/nova/stein/cli/nova-rootwrap.html - not even in the install guide14:26
dansmithmdbooth: the bug is unrelated to privsep, it's in oslo.service killing things it shouldn't14:27
mdboothdansmith: ack14:27
mriedemhttps://docs.openstack.org/nova/stein/search.html?q=privsep14:27
mriedempretty sad14:27
mriedemi'll report a docs bug14:27
* mriedem uses trump voice when he says sad14:27
*** raildo has joined #openstack-meeting14:28
efriedokay, moving on?14:28
efried#topic Stable branch status14:29
efried#link stable/stein: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/stein14:29
efried#link stable/rocky: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/rocky14:29
efried#link stable/queens: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/queens14:29
efried#link stable/pike: https://review.openstack.org/#/q/status:open+(project:openstack/os-vif+OR+project:openstack/python-novaclient+OR+project:openstack/nova)+branch:stable/pike14:29
*** openstack changes topic to "Stable branch status (Meeting topic: nova)"14:29
efriedhandful of stein-ish things we're going to wait on until after the release.14:29
efriedany other stable notes?14:30
efried#topic Sub/related team Highlights14:30
*** openstack changes topic to "Sub/related team Highlights (Meeting topic: nova)"14:30
efriedPlacement - no meeting this week14:30
efriedAPI (gmann)14:30
efried#link This week updates: http://lists.openstack.org/pipermail/openstack-discuss/2019-April/004538.html14:30
efried#link Asking about API office hour continuation on ML - http://lists.openstack.org/pipermail/openstack-discuss/2019-March/004336.html14:30
efriedgmann: anything to bring up here?14:30
gmannthat's all.14:31
efried#topic Stuck Reviews14:31
*** openstack changes topic to "Stuck Reviews (Meeting topic: nova)"14:31
efriedany?14:31
efried#topic Forum Planning14:33
*** openstack changes topic to "Forum Planning (Meeting topic: nova)"14:33
efriedAgenda has links to all the nova-ish sessions I found. If anyone knows of others, please add.14:33
*** jiaopengju has quit IRC14:33
*** Luzi has quit IRC14:34
artomAgenda being... https://etherpad.openstack.org/p/DEN-train-nova-brainstorming?14:34
efriedgibi_off volunteered to help with the onboarding session. We're thinking to do a live-ish demo of fixing a bug by posting a recreate patch followed by a fix patch.14:34
efriedartom: Sorry, the meeting agenda: https://wiki.openstack.org/wiki/Meetings/Nova#Agenda_for_next_meeting14:34
mriedemefried: i have some charts that could maybe be useful to link into onboarding session content - not to go over, but for further reading etc14:35
efried...and melwitt and I are going to co-chair the proj update session; she's started a google doc14:35
*** jiaopengju has joined #openstack-meeting14:35
mriedemvery targeted deep dive stuff14:35
efriedmriedem: cool, please do share.14:35
efriedany other forum topics?14:36
efried#topic PTG Planning14:36
efried#link PTG: Nova etherpad https://etherpad.openstack.org/p/nova-ptg-train14:36
*** openstack changes topic to "PTG Planning (Meeting topic: nova)"14:36
efriedput yer stuff in the etherpad14:36
efriedput yer name next ta yer stuff14:36
efriedIf you have conflicts / time constraints, include those somewhere in the appropriate pad(s)14:37
efriedAround middle of the week before I'll start trying to shape an agenda taking ^ into account.14:37
efriedmm, maybe I'll actually start that a little earlier to give people time to complain and readjust.14:38
efriedanything ptg-ish that needs to be discussed here?14:38
efried#topic Open discussion14:38
*** openstack changes topic to "Open discussion (Meeting topic: nova)"14:38
mriedemhere is that privsep docs bug for nova https://bugs.launchpad.net/nova/+bug/1823192 if someone wants to take a shot at it14:38
openstackLaunchpad bug 1823192 in OpenStack Compute (nova) "Lack of documentation for rootwrap and privsep in nova docs" [Undecided,New]14:38
efriedthanks mriedem14:39
efriedif there's nothing else...14:39
efriedThanks all.14:40
efriedo/14:40
efried#endmeeting14:40
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:40
openstackMeeting ended Thu Apr  4 14:40:00 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:40
openstackMinutes:        http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-04-04-14.00.html14:40
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-04-04-14.00.txt14:40
openstackLog:            http://eavesdrop.openstack.org/meetings/nova/2019/nova.2019-04-04-14.00.log.html14:40
cdentthanks efried14:40
*** cdent has left #openstack-meeting14:40
*** takashin has left #openstack-meeting14:40
gmannthanks efried14:40
mdbootho/14:40
*** e0ne has quit IRC14:46
*** e0ne has joined #openstack-meeting14:52
*** Sundar has quit IRC14:53
*** yamamoto has quit IRC14:54
*** yamamoto has joined #openstack-meeting14:55
*** e0ne has quit IRC14:57
*** hongbin has joined #openstack-meeting14:59
*** yamamoto has quit IRC15:00
*** jangutter has left #openstack-meeting15:00
gagehugo#startmeeting security15:03
openstackMeeting started Thu Apr  4 15:03:11 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:03
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:03
*** openstack changes topic to " (Meeting topic: security)"15:03
openstackThe meeting name has been set to 'security'15:03
gagehugo#link https://etherpad.openstack.org/p/security-agenda agenda15:03
gagehugoping fungi gagehugo lhinds nickthetait browne redrobot15:03
fungii stuck a few things on the agenda as i thought of them15:04
redrobotOnly 1/2 o/ ... got a work meeting right now as well.15:04
fungiyeah,i'm juggling this and tc office hour as usual15:04
gagehugoim on another call as well heh15:04
gagehugoapologies for the late start15:05
gagehugo#topic Privsep is not giving us any security15:05
*** openstack changes topic to "Privsep is not giving us any security (Meeting topic: security)"15:05
gagehugo#link http://lists.openstack.org/pipermail/openstack-discuss/2019-March/004362.html15:05
fungiyeah, just calling more attention to this since it came up after last week's meeting15:06
fungii flagged a reply for [security-sig] on the ml thread itself too15:07
fungibut basically, this is a great opportunity for security-minded folks to get involved with helping make openstack services measurably more secure15:07
*** enriquetaso has quit IRC15:08
gagehugofungi ok, I'll make sure to look it over today15:08
fungito summarize, oslo.privsep provides a framework for properly limiting privilege when performing certain sensitive system calls15:08
fungias a replacement for rootwrap which wasn't very flexible in this regard15:08
*** iyamahat has joined #openstack-meeting15:08
fungiand projects like nova have made a start at moving their rootwrap usage over to privsep, but they haven't really adjusted and refactored how those operations were being performed to take advantage of the improved security model there15:09
fungiso it's a place folks interested in such topics can get involved in more bite-sized chunks if they like15:10
fungiand ttx has taken a first stab at improving the privsep usage docs, which may help15:10
fungi#link     https://review.openstack.org/649997 (openstack/oslo.privsep) Add more usage documentation15:10
fungiit might also make for a good (multi-stage) community cycle goal15:11
fungianyway, that's all i had on this topic unless folks want to ask questions15:11
gagehugothanks fungi15:12
fungiseems like there are no questions15:13
fungialso feel free to ask them on that ml thread15:13
fungior in #openstack-oslo15:13
* gagehugo attaches a sticky note to read it over15:14
gagehugo#topic Security SIG most wanted15:14
*** openstack changes topic to "Security SIG most wanted (Meeting topic: security)"15:14
gagehugoI started an etherpad from last week's meeting about things ricolin was asking from the security sig15:14
gagehugo#link https://etherpad.openstack.org/p/security-sig-most-wanted15:15
gagehugofungi: I added things from last week's meeting, mostly the documentation stuff15:16
gagehugowas there anything else I missed that you recall?15:16
fungii'll skim quickly15:17
gagehugojust whenever you are available15:18
gagehugoI wanted to just bring it up here15:18
fungithe first bullet is probably redundant15:18
fungiyou cover security analyses and the security guide already15:18
gagehugook15:18
fungithough also having folks pitch in on public security bugs would be nice15:18
fungii'll add something15:18
*** awaugama has quit IRC15:19
gagehugoah yeah15:19
gagehugothat's a good one15:19
fungiif i think if anything else i'll toss it in there too15:21
gagehugosounds good!15:21
gagehugothanks fungi15:22
gagehugo#topic Unable to install new flows on compute nodes when having broken security group rules15:22
*** openstack changes topic to "Unable to install new flows on compute nodes when having broken security group rules (Meeting topic: security)"15:22
gagehugo#link https://bugs.launchpad.net/ubuntu/+source/neutron/+bug/181300715:22
openstackLaunchpad bug 1813007 in OpenStack Security Advisory "[SRU] Unable to install new flows on compute nodes when having broken security group rules" [Undecided,Incomplete]15:22
*** awaugama has joined #openstack-meeting15:23
gagehugolooks like fixes were backported15:23
*** cheng1__ has joined #openstack-meeting15:24
fungiyep, the neutron bug folks just failed to add bugtasks for those series so no comments for them ended up in the report15:26
*** awaugama has quit IRC15:26
gagehugoah15:26
fungibut anyway, it looks like we will probably issue an advisory for this based on how it's shaping up15:26
gagehugook15:26
*** awaugama has joined #openstack-meeting15:26
fungiand if anyone is interested in pitching in, perhaps by volunteering to write an impact description so i don't need to, that would be great15:27
fungiotherwise i'll probably get to it in the next day or two15:27
*** dklyle has joined #openstack-meeting15:27
fungi(this is a prime example for the item i added to the help wanted etherpad moments ago)15:27
gagehugofungi: I will articulate a good summary for that in the etherpad15:28
fungioh, thanks gagehugo!15:28
fungii get the impression some of it can be drawn from ossa-2019-001 but with slightly different details15:28
gagehugohmm ok15:29
fungilike ovs instead of iptables, and conflicting rules instead of ports coupled with non-port-relaetd protocols15:29
*** erlon has quit IRC15:29
gagehugook, yeah I'll ping you if I have any questions later15:31
gagehugo#topic open discussion15:31
*** openstack changes topic to "open discussion (Meeting topic: security)"15:31
gagehugoDoes anyone have anything they want to talk about?15:31
gagehugoI'm pretty sure we're getting a BoF room at the summit, and we have a floating session at the PTG it looks like15:32
fungithat'll be swell15:32
fungii'll be there all week, getting in the saturday prior and leaving the sunday after15:33
gagehugonice, I'm arriving early sunday and leaving sat afternoon15:33
gagehugothanks for coming everyone, have a good weekend!15:36
gagehugo#endmeeting15:36
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:36
openstackMeeting ended Thu Apr  4 15:36:22 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:36
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2019/security.2019-04-04-15.03.html15:36
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2019/security.2019-04-04-15.03.txt15:36
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2019/security.2019-04-04-15.03.log.html15:36
fungithanks gagehugo!15:39
*** kopecmartin is now known as kopecmartin|off15:41
*** gyee has joined #openstack-meeting15:43
*** e0ne has joined #openstack-meeting15:46
*** e0ne has quit IRC15:48
*** e0ne has joined #openstack-meeting15:48
*** e0ne has quit IRC15:48
*** cheng1__ has quit IRC15:51
*** tssurya has quit IRC15:52
*** efried is now known as efried_mtg15:54
*** hongbin has quit IRC15:57
*** hongbin has joined #openstack-meeting15:58
*** jamesmcarthur has joined #openstack-meeting15:58
*** hongbin has quit IRC16:00
*** e0ne has joined #openstack-meeting16:05
*** enriquetaso has joined #openstack-meeting16:07
*** diablo_rojo has joined #openstack-meeting16:10
*** hongbin has joined #openstack-meeting16:12
*** e0ne has quit IRC16:12
*** awaugama has quit IRC16:20
*** ygbo has quit IRC16:20
*** awaugama has joined #openstack-meeting16:32
*** awaugama is now known as awaugama_lunch16:32
*** igordc has joined #openstack-meeting16:33
*** iyamahat has quit IRC16:33
*** yamahata has quit IRC16:33
*** iyamahat has joined #openstack-meeting16:48
*** vishalmanchanda has quit IRC16:51
*** iyamahat_ has joined #openstack-meeting16:55
*** awaugama_lunch is now known as awaugama16:56
*** electrofelix has quit IRC16:58
*** iyamahat has quit IRC16:59
*** yamahata has joined #openstack-meeting17:06
*** ijw has joined #openstack-meeting17:07
*** jamesmcarthur has quit IRC17:19
*** diablo_rojo has quit IRC17:21
*** manjeets_ has joined #openstack-meeting17:27
*** gmann is now known as gmann_afk17:44
*** ralonsoh has quit IRC17:49
*** munimeha1 has quit IRC17:50
*** diablo_rojo has joined #openstack-meeting17:56
*** diablo_rojo_ has joined #openstack-meeting17:56
*** diablo_rojo_ has quit IRC17:56
*** diablo_rojo has quit IRC17:56
*** diablo_rojo has joined #openstack-meeting17:57
*** yamamoto has joined #openstack-meeting18:01
*** enriquetaso has quit IRC18:03
*** erlon_ has quit IRC18:07
*** ijw has quit IRC18:09
*** psachin has quit IRC18:28
*** mdbooth_ has joined #openstack-meeting18:44
*** mdbooth has quit IRC18:47
*** eharney has quit IRC18:55
*** enriquetaso has joined #openstack-meeting18:58
*** eharney has joined #openstack-meeting18:58
*** mmethot has joined #openstack-meeting19:03
*** enriquetaso has quit IRC19:05
*** enriquetaso has joined #openstack-meeting19:05
*** goldenfri has joined #openstack-meeting19:06
*** awaugama has quit IRC19:37
*** enriquetaso has quit IRC19:43
*** artom has quit IRC19:46
*** efried_mtg is now known as efried19:46
*** gmann_afk is now known as gmann19:49
*** enriquetaso has joined #openstack-meeting19:51
*** _erlon_ has joined #openstack-meeting19:56
*** ttsiouts has joined #openstack-meeting20:01
*** bbowen has quit IRC20:04
*** ttsiouts has quit IRC20:04
*** jamesmcarthur has joined #openstack-meeting20:21
*** artom has joined #openstack-meeting20:23
*** jamesmcarthur has quit IRC20:25
*** pcaruana has quit IRC20:29
*** pcaruana has joined #openstack-meeting20:30
*** hongbin has quit IRC20:34
*** armstrong has quit IRC20:42
*** ttsiouts has joined #openstack-meeting20:42
*** diablo_rojo has quit IRC20:43
*** ttsiouts has quit IRC20:47
*** hongbin has joined #openstack-meeting20:48
*** slaweq has quit IRC20:58
*** radez has quit IRC20:58
*** haleyb has quit IRC20:58
*** JangwonLee has quit IRC21:02
*** hyunsikyang has quit IRC21:03
*** JangwonLee has joined #openstack-meeting21:07
*** hyunsikyang has joined #openstack-meeting21:07
*** mjturek has quit IRC21:08
*** haleyb has joined #openstack-meeting21:08
*** ttsiouts has joined #openstack-meeting21:12
*** slaweq has joined #openstack-meeting21:25
*** bobh has joined #openstack-meeting21:26
*** rbudden has quit IRC21:27
*** bobh has quit IRC21:27
*** ttsiouts has quit IRC21:28
*** ttsiouts has joined #openstack-meeting21:28
*** slaweq has quit IRC21:30
*** ttsiouts has quit IRC21:33
*** enriquetaso has quit IRC21:35
*** manjeets_ has quit IRC21:37
*** enriquetaso has joined #openstack-meeting21:39
*** enriquetaso has quit IRC21:41
*** enriquetaso has joined #openstack-meeting21:42
*** slaweq has joined #openstack-meeting21:46
*** slaweq has quit IRC21:51
*** pcaruana has quit IRC21:51
*** slaweq has joined #openstack-meeting21:52
*** enriquetaso has quit IRC21:53
*** slaweq has quit IRC21:57
*** bnemec has quit IRC22:01
*** mattw4 has joined #openstack-meeting22:04
*** hongbin has quit IRC22:09
*** diablo_rojo has joined #openstack-meeting22:20
*** rcernin has joined #openstack-meeting22:23
*** rbudden has joined #openstack-meeting22:25
*** diablo_rojo has quit IRC22:28
*** diablo_rojo has joined #openstack-meeting22:28
*** diablo_rojo has quit IRC22:31
*** whoami-rajat has quit IRC22:32
*** igordc has quit IRC22:34
*** diablo_rojo has joined #openstack-meeting22:34
*** mrhillsman_bbiab is now known as mrhillsman22:40
*** ttsiouts has joined #openstack-meeting22:50
*** diablo_rojo has quit IRC22:51
*** diablo_rojo has joined #openstack-meeting22:53
*** slaweq has joined #openstack-meeting22:53
*** slaweq has quit IRC22:58
*** dmacpher_ has quit IRC23:17
*** dklyle has quit IRC23:19
*** enriquetaso has joined #openstack-meeting23:19
*** enriquetaso has quit IRC23:19
*** ttsiouts has quit IRC23:23
*** _erlon_ has quit IRC23:25
*** raildo has quit IRC23:28
*** Haunted330 has joined #openstack-meeting23:33
*** ChanServ sets mode: +b *!*@gateway/web/cgi-irc/kiwiirc.com/ip.98.223.207.3923:33
*** Haunted330 was kicked by ChanServ (Banned: spamming is off-topic in this channel)23:33
*** raildo has joined #openstack-meeting23:33
*** igordc has joined #openstack-meeting23:39
*** eharney has quit IRC23:40
*** raildo has quit IRC23:46
*** slaweq has joined #openstack-meeting23:54
*** dtrainor has joined #openstack-meeting23:56
*** gyee has quit IRC23:58
*** slaweq has quit IRC23:59
« Wednesday, 2019-04-03 Index Friday, 2019-04-05 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!