)]}'
{"/COMMIT_MSG":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":9,"context_line":"Libvirt and QEMU allow to share USB devices over IP, using the USBredir"},{"line_number":10,"context_line":"protocol. The proposed spec is to allow end users to forward their USB devices"},{"line_number":11,"context_line":"and attach them to their instances."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"blueprint: usb-over-ip"},{"line_number":14,"context_line":"Change-Id: I862e822b0a3bfb81a340f744352b46006602b775"},{"line_number":15,"context_line":"Signed-off-by: Maxime Lubin \u003cmaxime.lubin@shadow.tech\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"2379e0f1_8a8e905d","line":12,"updated":"2024-06-06 15:57:35.000000000","message":"i do not have tim eto review this today but have you seen \n\nhttps://review.opendev.org/c/openstack/nova-specs/+/915190\n\nwhich is proposiang a spice direct mode which would allow some level of usb redirection.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":9,"context_line":"Libvirt and QEMU allow to share USB devices over IP, using the USBredir"},{"line_number":10,"context_line":"protocol. The proposed spec is to allow end users to forward their USB devices"},{"line_number":11,"context_line":"and attach them to their instances."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"blueprint: usb-over-ip"},{"line_number":14,"context_line":"Change-Id: I862e822b0a3bfb81a340f744352b46006602b775"},{"line_number":15,"context_line":"Signed-off-by: Maxime Lubin \u003cmaxime.lubin@shadow.tech\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"7675f828_4b2dc785","line":12,"in_reply_to":"2379e0f1_8a8e905d","updated":"2024-06-07 14:59:13.000000000","message":"Thank you for taking the time to review my spec; i indeed missed it somehow. after a first quick pass, it seems much of it overlaps with my proposal.\n\nOur currnet usb-specific client supports neither SPICE nor websockets, so indeed having to only add SPICE support would reduce our custom work.\n\nI did however already performed a quick test using usbredirect and some python code to validate that indeed the full flow works nicely with the existing html5-spiceproxy. From my point of view, both this propoal and kerbside-proxy would fullfill our functional requirements.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":9,"context_line":"Libvirt and QEMU allow to share USB devices over IP, using the USBredir"},{"line_number":10,"context_line":"protocol. The proposed spec is to allow end users to forward their USB devices"},{"line_number":11,"context_line":"and attach them to their instances."},{"line_number":12,"context_line":""},{"line_number":13,"context_line":"blueprint: usb-over-ip"},{"line_number":14,"context_line":"Change-Id: I862e822b0a3bfb81a340f744352b46006602b775"},{"line_number":15,"context_line":"Signed-off-by: Maxime Lubin \u003cmaxime.lubin@shadow.tech\u003e"}],"source_content_type":"text/x-gerrit-commit-message","patch_set":1,"id":"8eb6e949_d5101af2","line":12,"in_reply_to":"7675f828_4b2dc785","updated":"2024-07-03 08:46:36.000000000","message":"I added a reference + summary of this proposal in my spec. It is indeed a strict superset of ours, in the sense I only care about the USB part of SPICE.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"}],"/PATCHSET_LEVEL":[{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":1,"id":"b2eda88f_24bef2a1","updated":"2024-06-07 14:59:13.000000000","message":"Thank you for taking the time to review the spec","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"c10583a4_a7d9c4e9","updated":"2024-07-03 08:46:36.000000000","message":"Thanks again for checking the proposal. On my end, we have gone forward with it, given our timeline. So I managed to validate that the proposed changes: image metadata update, and going through spicehmlt5proxy works end to end.\n\nThe currnet proposal state requires little changes to nova. The implementation on our side is not yet in production, but first users test will done soon.","commit_id":"8bd2b33b99b4472f8ef224eecb035e4bd3ae7526"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"f7a7486c_278e9dab","updated":"2024-07-20 06:46:08.000000000","message":"we are passed the spec freeze deadline for 2024.2 but i belive this has merrit and i think it would make sense to continue proposing this for the 2025.1 cycle.\n\nif you wanted to start proposing a implemtnion of this in paralle based on what is descibe i proably wont have time to review it much until next cyle but we may be able to provided some early feedback.\n\nover all im happy with the direction you are taking with this.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"67888b92_6eaac31e","in_reply_to":"f7a7486c_278e9dab","updated":"2024-09-24 15:08:52.000000000","message":"Thank you for your feedback.\n\nI\u0027ll indeed repropose it for the next cycle. In the meantime, I\u0027ll update my current implementation to add your latest spec feedback, and submit for early review.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"ca087be4bc737fa4666e912dec53d166ec36b515","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":7,"id":"1d235837_a6a57452","updated":"2024-09-24 15:50:25.000000000","message":"@smooney@redhat.com I submitted the part of the spec enabling the console proxies to rely on nova-conductor rather than directly accessing the database.\n\nThe patchset is out for reviews:\nhttps://review.opendev.org/c/openstack/nova/+/930355\n\nAs for adding the relevant libvirt usb redirection options, I will hopefully rely on the already submitted patchset (https://review.opendev.org/c/openstack/nova/+/927354), since the overlap is almsot exact.","commit_id":"276072c145f8377b503ecd2019442b34e477b04b"},{"author":{"_account_id":2271,"name":"Michael Still","email":"mikal@stillhq.com","username":"mikalstill"},"change_message_id":"764ca0796b9736617880219161f7409d3785da65","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"36bcc7b1_0e0afb95","updated":"2024-08-29 07:18:56.000000000","message":"How much of your use case is addressed by https://review.opendev.org/c/openstack/nova/+/927354? I think that gives you most of what you want to my current understanding?","commit_id":"276072c145f8377b503ecd2019442b34e477b04b"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":7,"id":"08f47d7f_b8832392","in_reply_to":"36bcc7b1_0e0afb95","updated":"2024-09-24 15:08:52.000000000","message":"Thank you for pointing it out.\n\nIndeed, it is very similar to the patch I as about to submit. There are subtle differences though. In my proposal, I specifically match the usb controller\u0027number of ports for libvirt. As far as I can see in your submission, you leave the number of ports of the controller unspecified.\n\nFor example, with qemu-xhci controller, the default number is 4. When a 4th device redirect device is added, qemu/libvirt will automatically create a USB hub, and connect the device to it. It could create unwatend bandwidth limitation, but I suspect this case will hardly ever be seen in real life - if ever.\n\nI\u0027ll review your changeset more thoroughly, but I believe my current proposal and implementation will build upon yours.","commit_id":"276072c145f8377b503ecd2019442b34e477b04b"}],"specs/2024.2/approved/usb-over-ip.rst":[{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":35,"context_line":"1. As a gamer, I would like to forward my gamepad to my instance to play."},{"line_number":36,"context_line":"2. As a user, I would like to forward my USB camera to my instance to use it."},{"line_number":37,"context_line":"3. As a user, I would like to forward my USB key to my instance."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"As a Deployer, I would like to be able to enable or disable the USB over IP"},{"line_number":40,"context_line":"for each project."},{"line_number":41,"context_line":"As a Deployer, I would like to be able to limit the number of USB devices that"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3b5834e6_9577c3f1","line":38,"updated":"2024-06-06 15:57:35.000000000","message":"so these usecause can be done today by installing rdp or somethign like parsec in the vm\n\neven steam remote play i belive can do this via a virtual device driver\n\nso this use cause can technically be active via client software installed in teh instance.\n\nthat does not nessisarly mena we should not enabel this however we need to be very carful to ensure no details of the hypervior the vm is runing in is exposed ot the end user.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":35,"context_line":"1. As a gamer, I would like to forward my gamepad to my instance to play."},{"line_number":36,"context_line":"2. As a user, I would like to forward my USB camera to my instance to use it."},{"line_number":37,"context_line":"3. As a user, I would like to forward my USB key to my instance."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"As a Deployer, I would like to be able to enable or disable the USB over IP"},{"line_number":40,"context_line":"for each project."},{"line_number":41,"context_line":"As a Deployer, I would like to be able to limit the number of USB devices that"}],"source_content_type":"text/x-rst","patch_set":1,"id":"e3c56182_99ded289","line":38,"in_reply_to":"09d9c0f1_74a1b4c2","updated":"2024-07-03 08:46:36.000000000","message":"Acknowledged","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":35,"context_line":"1. As a gamer, I would like to forward my gamepad to my instance to play."},{"line_number":36,"context_line":"2. As a user, I would like to forward my USB camera to my instance to use it."},{"line_number":37,"context_line":"3. As a user, I would like to forward my USB key to my instance."},{"line_number":38,"context_line":""},{"line_number":39,"context_line":"As a Deployer, I would like to be able to enable or disable the USB over IP"},{"line_number":40,"context_line":"for each project."},{"line_number":41,"context_line":"As a Deployer, I would like to be able to limit the number of USB devices that"}],"source_content_type":"text/x-rst","patch_set":1,"id":"09d9c0f1_74a1b4c2","line":38,"in_reply_to":"3b5834e6_9577c3f1","updated":"2024-06-07 14:59:13.000000000","message":"\u003e so these usecause can be done today by installing rdp or somethign like parsec in the vm\n\u003e \n\u003e even steam remote play i belive can do this via a virtual device driver\n\nVery true, our private solution (Shadow) does this for most gamepads (mostly for bluetooth connected ones). Some more exotic gaming peripherals do require USB forwarding though.\n\n\u003e so this use cause can technically be active via client software installed in teh instance.\n\u003e \n\u003e that does not nessisarly mena we should not enabel this however we need to be very carful to ensure no details of the hypervior the vm is runing in is exposed ot the end user.\n\nAs mention later in the specs, co-locating the proxies on the hypervisors would be a big plus, albeit not mandatory. In such a scenario, the hypervisors public ip (or hostname) would indeed leak.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":55,"context_line":"   to their server. This might be done either through flavor or image"},{"line_number":56,"context_line":"   properties (I don\u0027t know yet which is the best way to do it). Our current"},{"line_number":57,"context_line":"   implementation relies on several USb controllers for maximum compatibility,"},{"line_number":58,"context_line":"   but we are revalidating this assumption against ``qemu-xhci``."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"},{"line_number":61,"context_line":"   addition to adding parsing, several options may need to be added to the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"cdbdd90a_90e98bce","line":58,"updated":"2024-06-06 15:57:35.000000000","message":"you can enable usb contolers in nova i belive via a combination of \n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#DEFAULT.pointer_model whic defautl to usbtable and using the q35 machien type and perhaps the spcie console.\n\nwether that is sufficent enough for your usecase  or not im not sure","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b476976174c5ef58a5c6fbdedde68451d9c1dc60","unresolved":true,"context_lines":[{"line_number":55,"context_line":"   to their server. This might be done either through flavor or image"},{"line_number":56,"context_line":"   properties (I don\u0027t know yet which is the best way to do it). Our current"},{"line_number":57,"context_line":"   implementation relies on several USb controllers for maximum compatibility,"},{"line_number":58,"context_line":"   but we are revalidating this assumption against ``qemu-xhci``."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"},{"line_number":61,"context_line":"   addition to adding parsing, several options may need to be added to the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"c0a9d928_b66c8304","line":58,"in_reply_to":"237d40f2_0c33db7c","updated":"2024-07-02 12:54:20.000000000","message":"hw:usb_ports_count is fine we could also have  hw_pointer_model as an image property to allow setting on any architecure on a per vm (image) basis","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":55,"context_line":"   to their server. This might be done either through flavor or image"},{"line_number":56,"context_line":"   properties (I don\u0027t know yet which is the best way to do it). Our current"},{"line_number":57,"context_line":"   implementation relies on several USb controllers for maximum compatibility,"},{"line_number":58,"context_line":"   but we are revalidating this assumption against ``qemu-xhci``."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"},{"line_number":61,"context_line":"   addition to adding parsing, several options may need to be added to the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a5d9e414_48e62084","line":58,"in_reply_to":"c0a9d928_b66c8304","updated":"2024-07-03 08:46:36.000000000","message":"Acknowledged","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":55,"context_line":"   to their server. This might be done either through flavor or image"},{"line_number":56,"context_line":"   properties (I don\u0027t know yet which is the best way to do it). Our current"},{"line_number":57,"context_line":"   implementation relies on several USb controllers for maximum compatibility,"},{"line_number":58,"context_line":"   but we are revalidating this assumption against ``qemu-xhci``."},{"line_number":59,"context_line":""},{"line_number":60,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"},{"line_number":61,"context_line":"   addition to adding parsing, several options may need to be added to the"}],"source_content_type":"text/x-rst","patch_set":1,"id":"237d40f2_0c33db7c","line":58,"in_reply_to":"cdbdd90a_90e98bce","updated":"2024-06-07 14:59:13.000000000","message":"indeed, a quick test with libvirt and going thourgh nova libvirt driver code, specifying a usbtable input device would force adding a default USB controller on the guest: for x86, it turns out to be exaclt the model i need ie qemu-xhci.\n\nI also need to specify how many USB endpoints/redirdev devices to add to the guest domain. As far as i can see, there is currently no way to do that.\n\nI would think adding, for example, a setting hw:usb_ports_count\u003d2 to restrict forwarding to 2 devices, could be done either with flavor or image metadata? not sure which would be a best fit, also I tend to favor the \u0027flavor metadata\u0027 approach. Also, while setting an appropriate `pointer_model` defaults on x86 to the controller I intend to use, I feel being able to explictly specify it (or another model on a different arch) can have value, in which i would the same mechanism of metadata.\n\nHow does that sound?","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":64,"context_line":"Libvirt\u0027s ``guest`` API already has the correct API to attach, detach, list and"},{"line_number":65,"context_line":"filter devices tied to a live domain. Attaching or detaching a USB device"},{"line_number":66,"context_line":"should only impact the live libvirt domain, and properly detached when"},{"line_number":67,"context_line":"necessary (migration?, shelving?)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Forwarding USB devices"},{"line_number":70,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"330598aa_ca9e92ea","line":67,"updated":"2024-06-06 15:57:35.000000000","message":"that is not a public rest api so this spec would have to detail how a user would\n\nwe would either need a","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":64,"context_line":"Libvirt\u0027s ``guest`` API already has the correct API to attach, detach, list and"},{"line_number":65,"context_line":"filter devices tied to a live domain. Attaching or detaching a USB device"},{"line_number":66,"context_line":"should only impact the live libvirt domain, and properly detached when"},{"line_number":67,"context_line":"necessary (migration?, shelving?)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Forwarding USB devices"},{"line_number":70,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"3fe9127a_689bc3b4","line":67,"in_reply_to":"330598aa_ca9e92ea","updated":"2024-06-07 14:59:13.000000000","message":"Indeed. I ddn\u0027t dive into further details for this alternate proposal because I wanted first to test the water and have a first feedback with SPICE and remote-consoles.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b476976174c5ef58a5c6fbdedde68451d9c1dc60","unresolved":true,"context_lines":[{"line_number":64,"context_line":"Libvirt\u0027s ``guest`` API already has the correct API to attach, detach, list and"},{"line_number":65,"context_line":"filter devices tied to a live domain. Attaching or detaching a USB device"},{"line_number":66,"context_line":"should only impact the live libvirt domain, and properly detached when"},{"line_number":67,"context_line":"necessary (migration?, shelving?)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Forwarding USB devices"},{"line_number":70,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"6015a2f7_32080c36","line":67,"in_reply_to":"3fe9127a_689bc3b4","updated":"2024-07-02 12:54:20.000000000","message":"so the main problem i see is how are you","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":64,"context_line":"Libvirt\u0027s ``guest`` API already has the correct API to attach, detach, list and"},{"line_number":65,"context_line":"filter devices tied to a live domain. Attaching or detaching a USB device"},{"line_number":66,"context_line":"should only impact the live libvirt domain, and properly detached when"},{"line_number":67,"context_line":"necessary (migration?, shelving?)."},{"line_number":68,"context_line":""},{"line_number":69,"context_line":"Forwarding USB devices"},{"line_number":70,"context_line":"----------------------"}],"source_content_type":"text/x-rst","patch_set":1,"id":"8a4de8aa_343987c3","line":67,"in_reply_to":"6015a2f7_32080c36","updated":"2024-07-03 08:46:36.000000000","message":"I removed this part of the spec: with spice, using the internal APi is unnecessary.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b476976174c5ef58a5c6fbdedde68451d9c1dc60","unresolved":true,"context_lines":[{"line_number":116,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":117,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":118,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":119,"context_line":"  \u003c/devices\u003e"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"}],"source_content_type":"text/x-rst","patch_set":1,"id":"faf5800d_5e672685","line":119,"updated":"2024-07-02 12:54:20.000000000","message":"so in this configureation am i correct in saying the vm xml does not need to have the remote ip of the usb device and the actul datapath of the usb devices is being transported over the spice protol via the spice-proxy/server form the spice client on the remote host?\n\n\nif nova does not need to activly take part in the confirutaiton of the forwarding and that is transparnelty done via the spice clinet/proxy/server then i think just allowing the confiugration of addtiona usp ports ectra is a much smaller change then having to have an api to model the remote clitns ipes ectra.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":116,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":117,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":118,"context_line":"    \u003credirdev bus\u003d\"usb\" type\u003d\"spicevmc\" /\u003e"},{"line_number":119,"context_line":"  \u003c/devices\u003e"},{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5679f18c_981e8591","line":119,"in_reply_to":"faf5800d_5e672685","updated":"2024-07-03 08:46:36.000000000","message":"Indeed, all nova has to do is settting up the spice server, usb controller and the spice redirdev. Available USB channels are to be discovered by connecting the main SPICE server, and SPICE protocol enables clients to target a specific channel (ie usb redirdev in our case), and spice will handle the rest.\n\nNo need to track remote ip or anything","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"},{"line_number":123,"context_line":"the hypervisor, similar to what is done for ``serial-proxy``. While the proxy"},{"line_number":124,"context_line":"hop introduces latency, the overhead should be low enough - even negligible."},{"line_number":125,"context_line":"The proxy solution provides several benefit shared with all remote-consoles:"},{"line_number":126,"context_line":"1. connection is encrypted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"03b45af7_1fd10ccc","line":123,"updated":"2024-06-06 15:57:35.000000000","message":"the serial proxy does not need to be on the hypervior and im not sure that is actlly our recommended best pratice today.\n\nit certenly can be but its not requried.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"},{"line_number":123,"context_line":"the hypervisor, similar to what is done for ``serial-proxy``. While the proxy"},{"line_number":124,"context_line":"hop introduces latency, the overhead should be low enough - even negligible."},{"line_number":125,"context_line":"The proxy solution provides several benefit shared with all remote-consoles:"},{"line_number":126,"context_line":"1. connection is encrypted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"5b713bf9_f87682fd","line":123,"in_reply_to":"03b45af7_1fd10ccc","updated":"2024-06-07 14:59:13.000000000","message":"Indeed, in all mentions I have seen, the proxy is indeed located elsewhere. From our current experience in production, a ping higher than 30ms renders the forwarded USb device essentailly useless; This constraints is already quite stringent, and going through a proxy not co-located with the hypervisor would only further constrain the feature.\n\nOur private openstack deployment currently sets up a public IP address on each hypervisor, so I believe we would be able to configure the proxies to run on the hypervisors through configuration only?","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"b476976174c5ef58a5c6fbdedde68451d9c1dc60","unresolved":true,"context_lines":[{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"},{"line_number":123,"context_line":"the hypervisor, similar to what is done for ``serial-proxy``. While the proxy"},{"line_number":124,"context_line":"hop introduces latency, the overhead should be low enough - even negligible."},{"line_number":125,"context_line":"The proxy solution provides several benefit shared with all remote-consoles:"},{"line_number":126,"context_line":"1. connection is encrypted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"61b6d05d_ea6c66fb","line":123,"in_reply_to":"5b713bf9_f87682fd","updated":"2024-07-02 12:54:20.000000000","message":"yes you can using \n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#spice.server_listen or https://docs.openstack.org/nova/latest/configuration/config.html#spice.html5proxy_host\n\ndepending on if you wanted to bind the vm or the proxy to the public adress.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":120,"context_line":""},{"line_number":121,"context_line":"To minimize latency and guarantee traffic to be encrypted all the way to the"},{"line_number":122,"context_line":"compute nodes, the current proposal mandates the spice-proxy to be located on"},{"line_number":123,"context_line":"the hypervisor, similar to what is done for ``serial-proxy``. While the proxy"},{"line_number":124,"context_line":"hop introduces latency, the overhead should be low enough - even negligible."},{"line_number":125,"context_line":"The proxy solution provides several benefit shared with all remote-consoles:"},{"line_number":126,"context_line":"1. connection is encrypted"}],"source_content_type":"text/x-rst","patch_set":1,"id":"b5e6b1c5_10ac760f","line":123,"in_reply_to":"61b6d05d_ea6c66fb","updated":"2024-07-03 08:46:36.000000000","message":"Yes, I managed to do that on our test cluster (and validate the full usb forwarding thourgh spice).\n\nThe proxy is bound to the public IP of our compute nodes","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":126,"context_line":"1. connection is encrypted"},{"line_number":127,"context_line":"2. connection is authenticated with a token against Nova"},{"line_number":128,"context_line":"3. websockets can be used, enabling a potential future web-based client. While"},{"line_number":129,"context_line":"not a requirement, we believe it is a nice to have."},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"One caveat, the device placement is automatically done by libvirt and QEMU,"},{"line_number":132,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"}],"source_content_type":"text/x-rst","patch_set":1,"id":"a9ae114e_b3c2f1ec","line":129,"updated":"2024-06-06 15:57:35.000000000","message":"the proxy to day exposes only a web based client and does not supprot navive spice clients.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"4f19a815532a35dc7ea10e79ffa751ac6ce5ef5c","unresolved":false,"context_lines":[{"line_number":126,"context_line":"1. connection is encrypted"},{"line_number":127,"context_line":"2. connection is authenticated with a token against Nova"},{"line_number":128,"context_line":"3. websockets can be used, enabling a potential future web-based client. While"},{"line_number":129,"context_line":"not a requirement, we believe it is a nice to have."},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"One caveat, the device placement is automatically done by libvirt and QEMU,"},{"line_number":132,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"}],"source_content_type":"text/x-rst","patch_set":1,"id":"08d663ab_9681ace0","line":129,"in_reply_to":"70227770_5f10844f","updated":"2024-07-03 08:46:36.000000000","message":"Acknowledged","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":true,"context_lines":[{"line_number":126,"context_line":"1. connection is encrypted"},{"line_number":127,"context_line":"2. connection is authenticated with a token against Nova"},{"line_number":128,"context_line":"3. websockets can be used, enabling a potential future web-based client. While"},{"line_number":129,"context_line":"not a requirement, we believe it is a nice to have."},{"line_number":130,"context_line":""},{"line_number":131,"context_line":"One caveat, the device placement is automatically done by libvirt and QEMU,"},{"line_number":132,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"}],"source_content_type":"text/x-rst","patch_set":1,"id":"70227770_5f10844f","line":129,"in_reply_to":"a9ae114e_b3c2f1ec","updated":"2024-06-07 14:59:13.000000000","message":"Indeed, that is not a blocking point for our use case, but supporintg USB forward only through websockets reduce potential uses since no open-source viewer does it, as far as I know.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"51bc6c60bccfd93a049b024157d1e78096fe21a4","unresolved":true,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Another alternative would more closely mimic our current implementation:"},{"line_number":144,"context_line":"1. Direct connection to QEMU server port on the hypervisor."},{"line_number":145,"context_line":"2. No proxy: reduced latency."},{"line_number":146,"context_line":"3. End to end encryption and authentication, through client SSL certificates."},{"line_number":147,"context_line":"Such certificates would have to be generated by a deployed CA (keystone) and"},{"line_number":148,"context_line":"allocated/sent to the client through Nova API changes."}],"source_content_type":"text/x-rst","patch_set":1,"id":"61d0e1e1_554068fc","line":145,"updated":"2024-06-06 15:57:35.000000000","message":"1 and 2 are security issues in a public cloud so in general that is not somethign i think woudl be approrate to supprot for usesr with only the member role\ni.e. tha twould have to be a admin only api which in a private cloud could be altered with custom policy.\n\ni dislike both approches in general but they are alternitives.","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"e0b35c2f0c16f1037c70f1eef92b011a8864203b","unresolved":false,"context_lines":[{"line_number":142,"context_line":""},{"line_number":143,"context_line":"Another alternative would more closely mimic our current implementation:"},{"line_number":144,"context_line":"1. Direct connection to QEMU server port on the hypervisor."},{"line_number":145,"context_line":"2. No proxy: reduced latency."},{"line_number":146,"context_line":"3. End to end encryption and authentication, through client SSL certificates."},{"line_number":147,"context_line":"Such certificates would have to be generated by a deployed CA (keystone) and"},{"line_number":148,"context_line":"allocated/sent to the client through Nova API changes."}],"source_content_type":"text/x-rst","patch_set":1,"id":"60cb9a54_6c537881","line":145,"in_reply_to":"61d0e1e1_554068fc","updated":"2024-06-07 14:59:13.000000000","message":"Acknowledged","commit_id":"35dc173021ba0e3cef9417331cd3d2967052d2a7"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":43,"context_line":"3. As a user, I would like to forward my USB key to my instance."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"As a Deployer, I would like to be able to enable or disable the USB over IP"},{"line_number":46,"context_line":"for each project."},{"line_number":47,"context_line":"As a Deployer, I would like to be able to limit the number of USB devices that"},{"line_number":48,"context_line":"can be forwarded to an instance."},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"6e7a76c6_92d6d4d9","line":46,"updated":"2024-07-20 06:46:08.000000000","message":"im not sure how you would do this but ill read the spec to fined out.\n\nwe proably cant do this in nova but im open to being convinced.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":43,"context_line":"3. As a user, I would like to forward my USB key to my instance."},{"line_number":44,"context_line":""},{"line_number":45,"context_line":"As a Deployer, I would like to be able to enable or disable the USB over IP"},{"line_number":46,"context_line":"for each project."},{"line_number":47,"context_line":"As a Deployer, I would like to be able to limit the number of USB devices that"},{"line_number":48,"context_line":"can be forwarded to an instance."},{"line_number":49,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"29403f49_59d41b87","line":46,"in_reply_to":"6e7a76c6_92d6d4d9","updated":"2024-09-24 15:08:52.000000000","message":"Looking back on this, I\u0027ll probably remove it from the draft. It is not really necessary for us at this point. If the need arises, I \u0027ll make another, separate proposal.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":64,"context_line":"   server through new image properties - many cloud image do not come equipped"},{"line_number":65,"context_line":"   with USB drivers, so it needs to be image-specific. Proposing to add a new"},{"line_number":66,"context_line":"   optional image metadata field to specify the USB controller model:"},{"line_number":67,"context_line":"   ``hw:usb_controller``, with default to ``None``, leaving the current"},{"line_number":68,"context_line":"   behavior unchanged."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"}],"source_content_type":"text/x-rst","patch_set":6,"id":"ffbe6c10_da75f934","line":67,"updated":"2024-07-20 06:46:08.000000000","message":"nit: this is the syntax of a flavor extra spec\n\nextra-specs have a namespace and name seperated by `:`\nimage propertes dont support namespaces so we just replace it with _\n\nso `hw_usb_controller`\n\nwe can support this in both the flavor and image if you think that would be useful","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":64,"context_line":"   server through new image properties - many cloud image do not come equipped"},{"line_number":65,"context_line":"   with USB drivers, so it needs to be image-specific. Proposing to add a new"},{"line_number":66,"context_line":"   optional image metadata field to specify the USB controller model:"},{"line_number":67,"context_line":"   ``hw:usb_controller``, with default to ``None``, leaving the current"},{"line_number":68,"context_line":"   behavior unchanged."},{"line_number":69,"context_line":""},{"line_number":70,"context_line":"2. libvirt ``redirdev`` is not currently handled by libvirt driver. In"}],"source_content_type":"text/x-rst","patch_set":6,"id":"4a275b65_af89eca1","line":67,"in_reply_to":"ffbe6c10_da75f934","updated":"2024-09-24 15:08:52.000000000","message":"From I\u0027ve already tested, it seems better to only have support in images. Otherwise, adding a flavor support, you can end up with a counterintuive and dysfunctional setup: you set a USB controller model but no device can be forward because the image you selected does not embed the proper drivers.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":71,"context_line":"   addition to adding parsing, several options may need to be added to the"},{"line_number":72,"context_line":"   current ``LibvirtConfigGuestChar``. Proposal is to add a new image metadata"},{"line_number":73,"context_line":"   field to specifiy the maximum number of USB devices to be forwarded:"},{"line_number":74,"context_line":"   ``hw:usb_port_count``, a positive integer, only taken into account when"},{"line_number":75,"context_line":"   SPICE is activated and a valid USB root controller is present."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Importantly, the forward USB devices will not be migrated with the instance."}],"source_content_type":"text/x-rst","patch_set":6,"id":"6a2a61c7_32b53601","line":74,"updated":"2024-07-20 06:46:08.000000000","message":"same as above `hw_usb_port_count`\n\nthis one i think makes more sense to support in both the flavor and  image\n\nin the flavor the operator would be precreating them and also limiting the number\nwhere as in the image the use can say how many then need.\n\nif its set in both then the if the value does not match it should raise a 409 conflict for the flavor image porperty conficlt.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":71,"context_line":"   addition to adding parsing, several options may need to be added to the"},{"line_number":72,"context_line":"   current ``LibvirtConfigGuestChar``. Proposal is to add a new image metadata"},{"line_number":73,"context_line":"   field to specifiy the maximum number of USB devices to be forwarded:"},{"line_number":74,"context_line":"   ``hw:usb_port_count``, a positive integer, only taken into account when"},{"line_number":75,"context_line":"   SPICE is activated and a valid USB root controller is present."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Importantly, the forward USB devices will not be migrated with the instance."}],"source_content_type":"text/x-rst","patch_set":6,"id":"14f74353_a47c7120","line":74,"in_reply_to":"6a2a61c7_32b53601","updated":"2024-09-24 15:08:52.000000000","message":"This might indeed be preferrable, since users can create new images, while new flavors are harder to come by. Limiting the maximum number of devices flavor side would prevent users going over a limit set by the Deployer.\n\nI would only slightly amend your proposal, and accept instance creation where hw:usb_port_count \u003e\u003d hw_usb_port_count: an image can request at most hw:usb_port_count, if set. Otherwise returning a 409 Conflict.\n\nWould that be OK with you?","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":75,"context_line":"   SPICE is activated and a valid USB root controller is present."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Importantly, the forward USB devices will not be migrated with the instance."},{"line_number":78,"context_line":"Upon migration, all forwarded will be automatically disconnected, and another,"},{"line_number":79,"context_line":"new console token must be requested, and the devices reconnected."},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Forwarding USB devices"}],"source_content_type":"text/x-rst","patch_set":6,"id":"fbe3974d_699656e8","line":78,"updated":"2024-07-20 06:46:08.000000000","message":"ok we refer to this as hot plug live migration if  we are removing and readding the  device.\n\nis that required or can we leave the device in the domain and just have the client reconnect to reassociate the dataplane via the new console session?","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":75,"context_line":"   SPICE is activated and a valid USB root controller is present."},{"line_number":76,"context_line":""},{"line_number":77,"context_line":"Importantly, the forward USB devices will not be migrated with the instance."},{"line_number":78,"context_line":"Upon migration, all forwarded will be automatically disconnected, and another,"},{"line_number":79,"context_line":"new console token must be requested, and the devices reconnected."},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Forwarding USB devices"}],"source_content_type":"text/x-rst","patch_set":6,"id":"659bee33_b08ee43e","line":78,"in_reply_to":"fbe3974d_699656e8","updated":"2024-09-24 15:08:52.000000000","message":"The devices can stay in the domain, and the client would need to reconnect through a new console session indeed. I\u0027ll clarify this point.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":167,"context_line":"``ComputeTaskAPI`` object with every validation. While not ideal, it seems"},{"line_number":168,"context_line":"lighter and may not be a problem in practice. Using ``nova-conductor`` could"},{"line_number":169,"context_line":"be made optional, and the proxy could fallback to the current behavior of"},{"line_number":170,"context_line":"directly connecting to the database."},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"One caveat, the device placement is automatically done by libvirt and QEMU,"},{"line_number":173,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"}],"source_content_type":"text/x-rst","patch_set":6,"id":"443f2f43_a5bc37ba","line":170,"updated":"2024-07-20 06:46:08.000000000","message":"hum we have discussed if other services should use the conductor for db acess in the past and have generally not made the proxies or schduler use it because of that.\n\nadding a fallback to use the conductor if the db password is not in the config might be ok but i think we would want it to continue to go direct if it has them.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":167,"context_line":"``ComputeTaskAPI`` object with every validation. While not ideal, it seems"},{"line_number":168,"context_line":"lighter and may not be a problem in practice. Using ``nova-conductor`` could"},{"line_number":169,"context_line":"be made optional, and the proxy could fallback to the current behavior of"},{"line_number":170,"context_line":"directly connecting to the database."},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"One caveat, the device placement is automatically done by libvirt and QEMU,"},{"line_number":173,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"}],"source_content_type":"text/x-rst","patch_set":6,"id":"12734cdf_054e8b6d","line":170,"in_reply_to":"443f2f43_a5bc37ba","updated":"2024-09-24 15:08:52.000000000","message":"Acknowledged","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":173,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"},{"line_number":174,"context_line":"controller, and QEMU will automatically create a USB2.0 controller as well."},{"line_number":175,"context_line":"Forwarded USB3.0 devices may end up on the wrong controller, limiting their"},{"line_number":176,"context_line":"feature set."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"Alternatives"},{"line_number":179,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"1d9c19ef_3fe2c34b","line":176,"updated":"2024-07-20 06:46:08.000000000","message":"we might be able to disable the usb2 createtion if that makes sense\nat least if you define a usb contoler modle.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":173,"context_line":"which precludes a finer control if necessary. The example above uses a USB3.0"},{"line_number":174,"context_line":"controller, and QEMU will automatically create a USB2.0 controller as well."},{"line_number":175,"context_line":"Forwarded USB3.0 devices may end up on the wrong controller, limiting their"},{"line_number":176,"context_line":"feature set."},{"line_number":177,"context_line":""},{"line_number":178,"context_line":"Alternatives"},{"line_number":179,"context_line":"------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"a557d85f_802f98de","line":176,"in_reply_to":"1d9c19ef_3fe2c34b","updated":"2024-09-24 15:08:52.000000000","message":"Acknowledged","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"a9093548d12d2ee544816f723cc9cba3504627f4","unresolved":true,"context_lines":[{"line_number":227,"context_line":"                   POST /servers/{server_id}/usbredir"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"Posting to get preliminary feedback on the scope of this spec."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Data model impact"},{"line_number":233,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"91d0d077_df054992","line":230,"updated":"2024-07-20 06:46:08.000000000","message":"ack. ya so do this properly we would need a Bring your own Cert feature\nbasically we would need to integrate with barbican to allow you to store a private/public cert pair which could be used for qemu for client auth.\n\nit also required knowlage of the hypervior ip amoung other things so if we can avoid this with your current proposal i agree that seams better.","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"},{"author":{"_account_id":37041,"name":"Maxime Lubin","display_name":"Maxime Lubin","email":"maxime.lubin@shadow.tech","username":"Previsou"},"change_message_id":"edbf7c08db9fa388700967f7f79f9ca19d020602","unresolved":false,"context_lines":[{"line_number":227,"context_line":"                   POST /servers/{server_id}/usbredir"},{"line_number":228,"context_line":""},{"line_number":229,"context_line":""},{"line_number":230,"context_line":"Posting to get preliminary feedback on the scope of this spec."},{"line_number":231,"context_line":""},{"line_number":232,"context_line":"Data model impact"},{"line_number":233,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f8260170_29020e99","line":230,"in_reply_to":"91d0d077_df054992","updated":"2024-09-24 15:08:52.000000000","message":"Acknowledged","commit_id":"86e3227137b7c9260fd32da4e36658d7f1378230"}]}