)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":14200,"name":"Maksim Malchuk","email":"maksim.malchuk@gmail.com","username":"mmalchuk"},"change_message_id":"b5b8afe6fb64256a3408fa8eee6b5527a4c3b373","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"0321e26c_fa123ba9","updated":"2023-05-10 20:13:42.000000000","message":"I3629b84d3255a8fe9d8a7cea8c6131d7c40899e8 not merged yet","commit_id":"dc15283e2e4cee13c4463105deb5d6039e7053eb"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"37bfe20f3e037eda08d9f128d42e16f92b1f5332","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"a9868e01_af1034aa","updated":"2023-05-11 07:26:51.000000000","message":"recheck (depends merged now)","commit_id":"dc15283e2e4cee13c4463105deb5d6039e7053eb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"4d1e37b5295e62ec3a3c7eb4fa3f1113b46883fa","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":1,"id":"82df2666_d75a0d34","in_reply_to":"0321e26c_fa123ba9","updated":"2023-05-11 09:07:13.000000000","message":"it\u0027s partially merged in master and 2023.1.\n\ndo we wait until it\u0027s merged in every branch or what is the process here?\nshouldn\u0027t master be sufficient, for now?","commit_id":"dc15283e2e4cee13c4463105deb5d6039e7053eb"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"1bbafe8211c549dae687b97811225a1c8f806d45","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"5ceef487_60ecb1d2","in_reply_to":"82df2666_d75a0d34","updated":"2023-05-11 09:09:11.000000000","message":"Yes, I was not properly awake and thought it depends on the patch in Nova, but it doesn\u0027t - once it goes through check queue with success - we should merge it.","commit_id":"dc15283e2e4cee13c4463105deb5d6039e7053eb"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"27e98c1fc92a2f8039f77c5bcf16b209b579d545","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"02f5d768_989dfa8c","updated":"2023-05-11 09:45:42.000000000","message":"as I\u0027m not finding it in our codebase I have to ask:\n\n\u003e When service_token_roles_required is enabled you must make sure that any service user who will be contacting that receiving service (and for whom you want to enable “service token” usage) has one of the roles specified in the receiving services’s service_token_roles setting. (This is a matter of creating and assigning roles using the Identity Service API, it’s not a configuration file issue.)\n\nHow do we make sure the nova service user has access to the cinder service?\n\nIs this enabled by default for nova?\n\nSource: https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html#troubleshooting\n\n\nTo quote more:\n\nTo summarize, you need to be aware of:\n\n    Keystone: must allow a decent sized allow_expired_window (default is 2 days)\n\n    Each source service: must be configured to be able to create and send service tokens (default is OFF)\n\n    Each receiving service: has to be configured to accept service tokens (default is ON) and require role verification (default is OFF)\n\n\nI don\u0027t see this handled in this patchset? Am I missing something?","commit_id":"a5d6bf814e6608bbeeb3510747468fa38d9dabfa"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"7429456a84d1c3f985c02932d1af1ff7fd494e5e","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"feb1f822_5cee31b0","in_reply_to":"02f5d768_989dfa8c","updated":"2023-05-11 09:52:25.000000000","message":"sorry, to quote only the relevant part:\n\n\u003e Each receiving service: has to be configured to accept service tokens (default is ON) and require role verification (default is OFF)\n\nhow do we enable the role verification in cinder? I did not find the documentation for this just yet.","commit_id":"a5d6bf814e6608bbeeb3510747468fa38d9dabfa"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"40aeca975fefb5c58a08abefe6dfa2aa84db14fa","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"7c8ef130_12e12a19","in_reply_to":"feb1f822_5cee31b0","updated":"2023-05-11 13:49:21.000000000","message":"fixed in the last patch iteration.","commit_id":"a5d6bf814e6608bbeeb3510747468fa38d9dabfa"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"54454a9f38cabde8e2c3f05eb1bb7cbc811af945","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"5486ef29_9d1d664e","updated":"2023-05-12 12:23:51.000000000","message":"I extracted the last 150 lines from the nova-api log (secondary2/logs/kolla/nova/nova-api.txt) which seem to indicate some error with nova and shared this with the nova IRC.\n\nthe paste is: https://paste.opendev.org/show/819994/\n\nthe relevant uuid is: \"2177019c-a915-4bda-a898-4fa806901144\"","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"10c1b6d47f9b4d0e14c69084bc4a17d2a27fbba5","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"d298a935_8753b6f1","updated":"2023-05-12 07:38:14.000000000","message":"I think Cinder is not happy:\nhttps://storage.bhs.cloud.ovh.net/v1/AUTH_dcaab5e32b234d56b626f72581e3644c/zuul_opendev_logs_11b/882893/3/check/kolla-ansible-rocky9-cephadm/11b1baf/primary/logs/ansible/test-core-openstack","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"bad62015b42fc899227acf2c17d915216b5037e5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"afcb34cb_1420e93c","updated":"2023-05-11 17:11:13.000000000","message":"LGTM","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"eb31916a39666b81057860d81c32e43c55d6a1db","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"bb24d1f0_252d8b74","updated":"2023-05-11 13:48:41.000000000","message":"question, mainly for mnasiadka:\n\nshould we add the cinder patch to all other services in this patch also?\n\nThat would mean validating service tokens for every service.\n\nWe could maybe also argue to split this work up in a second/more changesets.\n\nI have a slight preference to split this up to not let this security bugfix wait for much longer.\n\nWhat do you think?","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"6ea027e13905594463b8b8813df68d11eb55e654","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"794ff43c_2106021f","updated":"2023-05-11 15:09:43.000000000","message":"recheck image download failure","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"b81763dbe585f1e8627b34a45fabf7164b7c9d14","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"39ba3e98_d64df076","updated":"2023-05-11 15:09:24.000000000","message":"the download seems to have failed:\n\nhttps://zuul.opendev.org/t/openstack/build/76d5ff3db4a9408c895ffa86b52eafe3/log/primary/logs/ansible/init-runonce\n\n\u003e curl --fail -L -o .//cirros-0.6.0-x86_64-disk.img https://github.com/cirros-dev/cirros/releases/download/0.6.0//cirros-0.6.0-x86_64-disk.img\n2023-05-11 13:32:16 curl: (22) The requested URL returned error: 500","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"e9be81abf8d8d0dd48c1d795ecb423aae4243d5d","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"6c11a218_4dc416c4","in_reply_to":"4f615ad1_2444654e","updated":"2023-05-12 13:58:19.000000000","message":"any hints or help regarding the keystone setup in CI would be appreciated.\n\nI\u0027m currently trying to figure out how and which projects/tenants are created and if this is supposed to work at all or what\u0027s missing, but I\u0027m still learning when it comes to the k-a test suite, so at first I must find the correct file locations to even look at.","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"576ff2212d9eab0d2a9e53f70164ce1f56a1a324","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"4f615ad1_2444654e","in_reply_to":"5486ef29_9d1d664e","updated":"2023-05-12 12:33:38.000000000","message":"maybe there is also a deeper problem here. above paste shows \"401 not authorized\" errors and I find the following keystone errors as well:\n\n\"\n2145:2023-05-11 15:57:07.943 33 ERROR keystone.server.flask.application [None req-aaa57c74-32f7-46f3-b080-8226d75d62d3 6ffc4ae1295442999283b4c88ba497e9 a6ca4c77593c46a2b5e6c3c651e7e436 - - default default] Could not find project: service.: keystone.exception.ProjectNotFound: Could not find project: service.\n2283:2023-05-11 16:00:52.420 33 ERROR keystone.server.flask.application     raise exception.ServiceNotFound(service_id\u003dservice_id)\n2284:2023-05-11 16:00:52.420 33 ERROR keystone.server.flask.application keystone.exception.ServiceNotFound: Could not find service: neutron.\n\"\nin secondary1/logs/kolla/keystone/keystone-apache-public-error.txt","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"24bc41c528552d308fa879327931ddd75cd30189","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"97da5c55_b8466798","in_reply_to":"6c11a218_4dc416c4","updated":"2023-05-15 15:41:16.000000000","message":"Done","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"bad62015b42fc899227acf2c17d915216b5037e5","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"1a64956c_0d58de1f","in_reply_to":"a53831f3_60b272db","updated":"2023-05-11 17:11:13.000000000","message":"Ack","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"76214916ab925cb088f9ac755194d452f5ff7c3f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"a53831f3_60b272db","in_reply_to":"bb24d1f0_252d8b74","updated":"2023-05-11 14:20:32.000000000","message":"I think we should split the rest, it doesn\u0027t seem to be required now.","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"24bc41c528552d308fa879327931ddd75cd30189","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"e5524418_156e3fd0","in_reply_to":"be1a90e2_1308c375","updated":"2023-05-15 15:41:16.000000000","message":"Done","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":32553,"name":"Sven Kieske","email":"sven_oss@posteo.de","username":"skieske"},"change_message_id":"a98cbe0555869ea3222df13ecfa310c26407262f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":3,"id":"be1a90e2_1308c375","in_reply_to":"d298a935_8753b6f1","updated":"2023-05-12 09:49:27.000000000","message":"to be precicse, the error is:\n\n\u003e + attach_and_detach_a_volume test_volume kolla_boot_test\n+ local volume_name\u003dtest_volume\n+ local instance_name\u003dkolla_boot_test\n+ local attempt\n+ openstack server add volume kolla_boot_test test_volume --device /dev/vdb\nHttpException: 500: Server Error for url: http://192.0.2.10:8774/v2.1/servers/2177019c-a915-4bda-a898-4fa806901144/os-volume_attachments, Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.\n\u003cclass \u0027cinderclient.exceptions.Unauthorized\u0027\u003e\n\nwhich is a little weird, I would expect this to be a 4XX error when it would be related to the new service token. a 500 indicates, well a server error, checking nova bugtracker if there are known new issues attaching volumes.\n\nall previous checks worked, creating volumes etc.","commit_id":"81a6101653ccdcd9ae4403d94ec8e9f1c56ffd0d"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"45501365880b89815260969a9ce00815e52a8387","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"68998fcd_01e82874","updated":"2023-05-12 19:28:36.000000000","message":"upgrades are failing, that means we need to start from Wallaby…","commit_id":"60f2e1a1036e946d9b3e3e0c5e6bf7055a17ae86"},{"author":{"_account_id":22629,"name":"Michal Nasiadka","email":"mnasiadka@gmail.com","username":"mnasiadka"},"change_message_id":"a66a6a5d3ad9642782605fb53e9a6b6b5b0bd198","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"e753d709_23662d03","updated":"2023-05-15 06:45:57.000000000","message":"wallaby first","commit_id":"086976a65f755954d57ef7a2a09d4ce4b229951e"}]}
