Earlier  
Posted Nick Remark
#openstack-nova - 2019-04-01
14:11:38 efried sean-k-mooney: prometheanfire doesn't care which l-c fix as long as it passes. I'm going to take cdent's because a) older, b) more comprehensive commit message. Cool?
14:12:08 sean-k-mooney efried: yep that is fine with me
14:12:26 sean-k-mooney efried: can we land it in stien or no?
14:13:04 efried sean-k-mooney: That I don't know. Sounds hairy to me.
14:13:11 efried sean-k-mooney: What would be the motivation to do that?
14:13:15 mriedem we don't need an rc2 for lower-constraints fixes right?
14:13:16 efried Is it going to break distros or something?
14:13:37 mriedem also, how latent is this?
14:13:51 sean-k-mooney mriedem: it has always been broken
14:14:04 sean-k-mooney since we introduced lower-constarits
14:14:12 sean-k-mooney i think
14:14:13 mriedem then it's definitely not an rc2 issue
14:14:23 sean-k-mooney mriedem: correcct
14:14:36 sean-k-mooney i was wondering if we want to backport it after rc2
14:14:55 sean-k-mooney e.g. do we want to fix lower-constratins on stable branches or not in general
14:15:26 sean-k-mooney if the answer is no we proably shoudl disable the job on the stable branches
14:27:38 sean-k-mooney mriedem: oh i realised i have my own version of devstack-tempest because i cant import jobs from tempest without needing to pull in amost all of openstack into my zuul configruation. so ya i need to copy the same fix. thanks for confiming its fixed upstream
14:30:26 openstackgerrit Stephen Finucane proposed openstack/nova master: tests: Full stub out os_vif https://review.openstack.org/648748
14:56:58 mriedem efried: looks like https://review.openstack.org/#/c/649036/ fixes the problem, nova-live-migration job is past that issue now, but will need to recheck the change
14:57:22 efried ack
14:57:50 efried mriedem: grenade failure spurious?
14:58:41 efried ssh auth error
14:59:35 bauzas I just feel we have enough consensus with https://review.openstack.org/#/c/647512/4
14:59:39 bauzas efried: alex_xu: ^
15:00:07 mriedem efried: yes
15:00:29 efried bauzas: Yes. Let's wait for the gate fix before pushing this into the queue.
15:01:30 openstackgerrit Eric Fried proposed openstack/nova master: Do not persist RequestSpec.ignore_hosts https://review.openstack.org/647512
15:01:42 efried bauzas: I rebased on the gate fix and pushed ^
15:02:18 efried mriedem: any reason to wait to recheck?
15:03:08 mriedem efried: i'm not sure it will do anything while zuul is still running
15:03:11 bauzas cool, mriedem: planning to propose the backports or want me doing it ?
15:03:28 mriedem bauzas: for the RequestSpec.ignore_hosts thing? i'll handle it.
15:05:45 bauzas mriedem: ok :)
15:08:58 efried answer appears to be no, the recheck doesn't kick the running job out.
15:09:39 dansmith you have to change the patch to kick it out of any queue
15:09:51 dansmith no vote or comment will do it
15:16:35 openstackgerrit Eric Fried proposed openstack/nova-specs master: Add a script for counting blueprints https://review.openstack.org/581914
15:16:36 openstackgerrit Eric Fried proposed openstack/nova-specs master: Add a process to abandon a spec https://review.openstack.org/648800
15:21:14 openstackgerrit Merged openstack/nova stable/queens: [Stable Only] hardware: Handle races during pinning https://review.openstack.org/647831
15:23:25 openstackgerrit Chris Dent proposed openstack/nova master: Add placement as required project to functional py36 and 37 https://review.openstack.org/649068
15:31:45 bauzas efried: sorry, just saw your question, well, like dansmith said, you need to provide a new PS to put off the check or gate pipeline
15:32:12 bauzas just use the right words, I wasn't understanding your question
15:32:25 efried nod.
15:33:37 bauzas but let's ask jaypipes to provide a follow-up post from http://www.joinfu.com/2014/01/understanding-the-openstack-ci-system/ :p
15:34:01 bauzas or just digest https://zuul-ci.org/docs/zuul/user/gating.html :p
15:34:49 bauzas huh, rather https://zuul-ci.org/docs/zuul/user/concepts.html
15:57:04 jaypipes bauzas: erm...
15:57:14 jaypipes bauzas: yeah, "Just Use Zuul CI"
16:07:25 bauzas jaypipes: FWIW, I give you credits on helping some French folk who was working on a Stackforge project named "Climate" to know why Jenkins was telling him -1 sometimes
16:07:51 bauzas then, 5 months after, he was working on Nova
16:08:02 bauzas err, 4
16:08:08 openstackgerrit Eric Fried proposed openstack/nova-specs master: Tools & docs for backlog & abandoned spec process https://review.openstack.org/648800
16:10:45 openstackgerrit Merged openstack/nova master: tests: Stub out privsep modules https://review.openstack.org/648747
16:18:49 openstackgerrit Eric Fried proposed openstack/nova-specs master: Abandon flavor-classes backlog spec https://review.openstack.org/649095
16:26:29 mnaser hmm
16:30:51 openstackgerrit Eric Fried proposed openstack/nova-specs master: Abandon instance-tasks backlog spec https://review.openstack.org/649100
16:34:09 openstackgerrit Eric Fried proposed openstack/nova-specs master: Abandon parallel-scheduler backlog spec https://review.openstack.org/649101
16:36:13 openstackgerrit Eric Fried proposed openstack/nova-specs master: Abandon same-instances-scheduling backlog spec https://review.openstack.org/649102
16:48:16 openstackgerrit Stephen Finucane proposed openstack/nova master: Raise Exception instead of Exception method call https://review.openstack.org/482200
17:58:43 mnaser just to confirm
17:58:50 mnaser nova-consoleauth is no longer technically needed as of stein
17:59:03 mnaser assuming all the "cleanup" of remaining things was killed off in rocky?
18:12:08 melwitt mnaser: right, not technically needed. only if you needed already existing console auths to work during a rolling upgrade, or if you have long TTL and didn't want things invalidated immediately
18:12:23 melwitt what do you mean by "cleanup" of remaining things?
18:14:32 mnaser melwitt: yeah I meant that if you didn't want things to be smooth and consoles not be invalidated
18:14:46 mnaser now curiously I have this other issue where the calculated token hash doesn't seem to match the one in the db..
18:16:10 mnaser I get token id `dc574410-2c5c-4762-ae0d-f1689372337f` .. the sha256 is b7cc4998dea5dd0a3b663fcbe8df7c487246b3d3e52ec3361530b091477e5b28 which matches the db entry
18:16:28 mnaser but when I do a print(token_hash) in the novncproxy codebase.. I get e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
18:17:29 melwitt hm, that's strange. I'm not aware of anything that could have changed there
18:17:43 mnaser ok, looks like the function is being called with token == ''
18:19:20 melwitt hm... empty string should mean that the GET url didn't have the token in it
18:19:55 mnaser yeah url im hitting has a token, im following it up the stack, im up to _get_connect_info_database() and that gets a token == none
18:20:00 melwitt that's where the token comes from (GET request param or cookie) in the novncproxy
18:23:04 melwitt mnaser: https://github.com/openstack/nova/blob/master/nova/console/websocketproxy.py#L195
18:23:26 mnaser melwitt: that gets called when we call /websockify which doesn't seem to have a token
18:23:34 mnaser print('path', self.path) in here shows
18:23:41 mnaser ('path', '/websockify')
18:25:10 mnaser oh crap, I have a dr appointment in 5 minutes gotta run, ill dig into this after if you don't keep looking
18:25:19 mnaser but looks like unless its not sending cookies with a token.. we can't do anything
18:25:34 melwitt ok. I'll keep looking. I'm not familiar with the /websockify path so I need to find what that is
18:26:47 melwitt because usually the path should be like this http://ip:port/?token=xyz
18:33:36 mnaser melwitt: indeed and xyz is there but it looks like the token lookup seems to happen in the websockify part
18:34:49 mnaser Weird thing is that code has been there for 5 years so..
18:35:13 mnaser Unless the behaviour to forward token from cookie was removed with more recent novnc versions
18:35:29 melwitt yeah, I know. I'm puzzled as to what's going on here
18:35:55 mnaser We pull master novnc in OSA so mahbe its recent behaviour change
18:36:27 melwitt I'll take a look in novnc
18:37:03 mnaser Okay
18:37:11 melwitt I thought the cookie thing was a backup, if the token is not in the GET request params, but forwarding via cookie does sound really familiar
18:37:16 mnaser melwitt: we use vnc_lite.html in OSA. https://github.com/novnc/noVNC/commit/51f9f0098d306bbc67cc8e02ae547921b6f6585c
18:38:14 melwitt I had dug into this stuff back when I worked on the db backend for console auths, back when we were thinking we could pass the instance uuid in the GET request too (turns out bc of novnc limitations, more than one request param would not work)
18:38:50 melwitt (it only forwards the first request param)
18:39:05 mnaser So it always probably used a cookie but that seems to have been pulled out from vnc_lite.html which is for some historic reason what’s being used in OSA
18:40:14 melwitt huh, interesting
18:40:30 mnaser The worrying thing is I can’t find any token references in novnc
18:40:32 melwitt / If a token variable is passed in, set the parameter in a cookie.
18:40:33 melwitt / This is used by nova-novncproxy.
18:40:49 mnaser Where do you see this melwitt ?
18:40:51 melwitt seeing that all in red being removed. "used by nova-novncproxy" :P
18:41:03 melwitt mnaser: in the commit you linked https://github.com/novnc/noVNC/commit/51f9f0098d306bbc67cc8e02ae547921b6f6585c#diff-1d6838e3812778e95699b90d530543a1L173

Earlier   Later