)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":35761,"name":"Guillaume Boutry","display_name":"gboutry","email":"guillaume.boutry@canonical.com","username":"gboutry"},"change_message_id":"087bd25c42f67b546bfda594ad2bbd927b640a3d","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"3c9bcc85_43a9896c","updated":"2025-10-21 07:50:58.000000000","message":"Thanks @ahmad.hassan@canonical.com for writing the spec","commit_id":"6b5c43d717b6158bfe42b692e156c685f6cce0d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":4,"id":"8c32d22f_95c04c34","updated":"2025-10-21 12:42:18.000000000","message":"im not against the idea but this need more work to explain why we shoudl not use somehtign like ftp and actully provdie a new http application and create a new file transfer protocal.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":6,"id":"00f6158b_c4f20ae9","updated":"2025-12-04 09:17:43.000000000","message":"I have mostly comment details but I foresee an important upgrade concern that we haven\u0027t discussed yet : cold migrations shouldn\u0027t be using https support until all of the computes are upgraded.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"cbfe5500bddf942a8c0480e3e490890ca5a506af","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":6,"id":"78dfbc66_f7b2c5ab","updated":"2025-12-04 17:48:50.000000000","message":"This is pretty light on details and i agree with Sylvain that we need to define the upgrade semantics.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"}],"specs/2026.1/approved/cold-migration-using-https.rst":[{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":31,"context_line":"The cloud operator should run a Webdav server of"},{"line_number":32,"context_line":"their choice (e.g. Apache2 Webdav) on each compute node.  The"},{"line_number":33,"context_line":"Webdav server  will run outside the context of"},{"line_number":34,"context_line":"Nova. With in Nova, implement a new"},{"line_number":35,"context_line":"``http`` Webdav client driver that extends the ``RemoteFilesystemDriver``"},{"line_number":36,"context_line":"interface to Nova\u0027s libvirt remotefs driver. User configures"},{"line_number":37,"context_line":"``nova.conf`` to use the ``http`` transport for remote file system"}],"source_content_type":"text/x-rst","patch_set":6,"id":"47abace7_9ec83628","line":34,"range":{"start_line":34,"start_character":6,"end_line":34,"end_character":13},"updated":"2025-12-04 09:17:43.000000000","message":"nit: Within","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"cbfe5500bddf942a8c0480e3e490890ca5a506af","unresolved":true,"context_lines":[{"line_number":32,"context_line":"their choice (e.g. Apache2 Webdav) on each compute node.  The"},{"line_number":33,"context_line":"Webdav server  will run outside the context of"},{"line_number":34,"context_line":"Nova. With in Nova, implement a new"},{"line_number":35,"context_line":"``http`` Webdav client driver that extends the ``RemoteFilesystemDriver``"},{"line_number":36,"context_line":"interface to Nova\u0027s libvirt remotefs driver. User configures"},{"line_number":37,"context_line":"``nova.conf`` to use the ``http`` transport for remote file system"},{"line_number":38,"context_line":"operations and performs remote file operations via the Webdav driver"}],"source_content_type":"text/x-rst","patch_set":6,"id":"179cee77_355a8558","line":35,"range":{"start_line":35,"start_character":2,"end_line":35,"end_character":6},"updated":"2025-12-04 17:48:50.000000000","message":"nit: should we call it `webdav` instead since that really the protocol?\n\n`http` is also fine.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":32,"context_line":"their choice (e.g. Apache2 Webdav) on each compute node.  The"},{"line_number":33,"context_line":"Webdav server  will run outside the context of"},{"line_number":34,"context_line":"Nova. With in Nova, implement a new"},{"line_number":35,"context_line":"``http`` Webdav client driver that extends the ``RemoteFilesystemDriver``"},{"line_number":36,"context_line":"interface to Nova\u0027s libvirt remotefs driver. User configures"},{"line_number":37,"context_line":"``nova.conf`` to use the ``http`` transport for remote file system"},{"line_number":38,"context_line":"operations and performs remote file operations via the Webdav driver"}],"source_content_type":"text/x-rst","patch_set":6,"id":"93f29132_83ea8442","line":35,"range":{"start_line":35,"start_character":2,"end_line":35,"end_character":6},"in_reply_to":"179cee77_355a8558","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":46,"context_line":""},{"line_number":47,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"This spec introduces the following changes:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Webdav as a protocol for remote file system operations."},{"line_number":52,"context_line":"* Nova will not spawn the web server directly."},{"line_number":53,"context_line":"* Implement Webdav driver client for remotefs in Nova."},{"line_number":54,"context_line":"* Enable http webdav client driver through remote_filesystem_transport"},{"line_number":55,"context_line":"  option in nova.conf."},{"line_number":56,"context_line":"* Add DevStack support to test the feature in CI."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Webdav server"},{"line_number":59,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"842bf1e7_38fee637","line":56,"range":{"start_line":49,"start_character":43,"end_line":56,"end_character":49},"updated":"2025-12-04 09:17:43.000000000","message":"nit : that can be moved into the work items section","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"cbfe5500bddf942a8c0480e3e490890ca5a506af","unresolved":true,"context_lines":[{"line_number":46,"context_line":""},{"line_number":47,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"This spec introduces the following changes:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Webdav as a protocol for remote file system operations."},{"line_number":52,"context_line":"* Nova will not spawn the web server directly."},{"line_number":53,"context_line":"* Implement Webdav driver client for remotefs in Nova."},{"line_number":54,"context_line":"* Enable http webdav client driver through remote_filesystem_transport"},{"line_number":55,"context_line":"  option in nova.conf."},{"line_number":56,"context_line":"* Add DevStack support to test the feature in CI."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Webdav server"},{"line_number":59,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"b2791ed6_5d689b2d","line":56,"range":{"start_line":49,"start_character":43,"end_line":56,"end_character":49},"in_reply_to":"842bf1e7_38fee637","updated":"2025-12-04 17:48:50.000000000","message":"+1\n\nthe \"Proposed change\" section shoudl be prose describign the changes but work times can be a simple bullet list like this so it better placed ther.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":46,"context_line":""},{"line_number":47,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":48,"context_line":""},{"line_number":49,"context_line":"This spec introduces the following changes:"},{"line_number":50,"context_line":""},{"line_number":51,"context_line":"* Webdav as a protocol for remote file system operations."},{"line_number":52,"context_line":"* Nova will not spawn the web server directly."},{"line_number":53,"context_line":"* Implement Webdav driver client for remotefs in Nova."},{"line_number":54,"context_line":"* Enable http webdav client driver through remote_filesystem_transport"},{"line_number":55,"context_line":"  option in nova.conf."},{"line_number":56,"context_line":"* Add DevStack support to test the feature in CI."},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Webdav server"},{"line_number":59,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"cf67050c_95a7c974","line":56,"range":{"start_line":49,"start_character":43,"end_line":56,"end_character":49},"in_reply_to":"b2791ed6_5d689b2d","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":59,"context_line":"-----------------"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"The cloud operator is responsible for running a Webdav server on each"},{"line_number":62,"context_line":"compute node. The Webdav server will run outside the Nova. The Webdav"},{"line_number":63,"context_line":"server will be configured to expose the following operations:"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"* Create a file"}],"source_content_type":"text/x-rst","patch_set":6,"id":"670bf2a0_fc85d2e6","line":62,"range":{"start_line":62,"start_character":49,"end_line":62,"end_character":58},"updated":"2025-12-04 09:17:43.000000000","message":"of Nova","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":59,"context_line":"-----------------"},{"line_number":60,"context_line":""},{"line_number":61,"context_line":"The cloud operator is responsible for running a Webdav server on each"},{"line_number":62,"context_line":"compute node. The Webdav server will run outside the Nova. The Webdav"},{"line_number":63,"context_line":"server will be configured to expose the following operations:"},{"line_number":64,"context_line":""},{"line_number":65,"context_line":"* Create a file"}],"source_content_type":"text/x-rst","patch_set":6,"id":"f2e59881_33c30193","line":62,"range":{"start_line":62,"start_character":49,"end_line":62,"end_character":58},"in_reply_to":"670bf2a0_fc85d2e6","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Webdav server is configured with mTLS. The server verifies the Nova"},{"line_number":73,"context_line":"HTTPs driver client certificate; the client verifies the server"},{"line_number":74,"context_line":"certificate. All the communication happens over HTTPS."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"HTTPs driver client (in Nova)"},{"line_number":77,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"7f79886a_abd13b0d","line":74,"updated":"2025-12-04 09:17:43.000000000","message":"so I guess it will require a nova configuration option for the TLS certificate ?","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"cbfe5500bddf942a8c0480e3e490890ca5a506af","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Webdav server is configured with mTLS. The server verifies the Nova"},{"line_number":73,"context_line":"HTTPs driver client certificate; the client verifies the server"},{"line_number":74,"context_line":"certificate. All the communication happens over HTTPS."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"HTTPs driver client (in Nova)"},{"line_number":77,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"c238036b_183d5b67","line":74,"in_reply_to":"7f79886a_abd13b0d","updated":"2025-12-04 17:48:50.000000000","message":"it will at a minium need a config option to point to the client cert but we may also need to have additional config option for a ca path/cert so we trust the server\n\nbasiclly the same way we have cafile, certfile and key file in the service sections\n\nhttps://docs.openstack.org/nova/latest/configuration/config.html#keystone.cafile\nhttps://docs.openstack.org/nova/latest/configuration/config.html#keystone.certfile\nhttps://docs.openstack.org/nova/latest/configuration/config.html#keystone.keyfile\n\nit is also possibel to just add the server cert issue to the systems global turst store i guess but we will at least need 1 config option for our cert.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":71,"context_line":""},{"line_number":72,"context_line":"Webdav server is configured with mTLS. The server verifies the Nova"},{"line_number":73,"context_line":"HTTPs driver client certificate; the client verifies the server"},{"line_number":74,"context_line":"certificate. All the communication happens over HTTPS."},{"line_number":75,"context_line":""},{"line_number":76,"context_line":"HTTPs driver client (in Nova)"},{"line_number":77,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"90ba60d6_1c9d241b","line":74,"in_reply_to":"c238036b_183d5b67","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":80,"context_line":"`RemoteFilesystemDriver interface"},{"line_number":81,"context_line":"\u003chttps://opendev.org/openstack/nova/src/commit/b99a882366251f88d145e27312b94692e0b2266f/nova/virt/libvirt/volume/remotefs.py#L109\u003e`_."},{"line_number":82,"context_line":"It provides the five methods listed above above and proxy the calls to"},{"line_number":83,"context_line":"the Webdav server."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"This approach avoids the need for SSH between nodes while preserving Nova\u0027s"},{"line_number":86,"context_line":"existing migration semantics."}],"source_content_type":"text/x-rst","patch_set":6,"id":"b37f0275_bbb8abea","line":83,"updated":"2025-12-04 09:17:43.000000000","message":"I see some refactoring here, but yeah we could reuse the existing remotefs helper.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":80,"context_line":"`RemoteFilesystemDriver interface"},{"line_number":81,"context_line":"\u003chttps://opendev.org/openstack/nova/src/commit/b99a882366251f88d145e27312b94692e0b2266f/nova/virt/libvirt/volume/remotefs.py#L109\u003e`_."},{"line_number":82,"context_line":"It provides the five methods listed above above and proxy the calls to"},{"line_number":83,"context_line":"the Webdav server."},{"line_number":84,"context_line":""},{"line_number":85,"context_line":"This approach avoids the need for SSH between nodes while preserving Nova\u0027s"},{"line_number":86,"context_line":"existing migration semantics."}],"source_content_type":"text/x-rst","patch_set":6,"id":"5c3fd6a7_24bb0707","line":83,"in_reply_to":"b37f0275_bbb8abea","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":98,"context_line":"REST API impact"},{"line_number":99,"context_line":"---------------"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"None. Nova\u0027s public REST API is unchanged."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"Security impact"},{"line_number":104,"context_line":"---------------"},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"c38f92d9_14b14de1","line":102,"range":{"start_line":101,"start_character":5,"end_line":102,"end_character":1},"updated":"2025-12-04 09:17:43.000000000","message":"you can remove this","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":98,"context_line":"REST API impact"},{"line_number":99,"context_line":"---------------"},{"line_number":100,"context_line":""},{"line_number":101,"context_line":"None. Nova\u0027s public REST API is unchanged."},{"line_number":102,"context_line":""},{"line_number":103,"context_line":"Security impact"},{"line_number":104,"context_line":"---------------"},{"line_number":105,"context_line":""}],"source_content_type":"text/x-rst","patch_set":6,"id":"614c4e8e_87771979","line":102,"range":{"start_line":101,"start_character":5,"end_line":102,"end_character":1},"in_reply_to":"c38f92d9_14b14de1","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"* New transport choice: ``[libvirt] remote_filesystem_transport \u003d http``"},{"line_number":129,"context_line":"* Cloud operator is responsible for running a Webdav server on each"},{"line_number":130,"context_line":"  compute node."},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Developer impact"},{"line_number":133,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"99c9ff11_9a5daef4","line":130,"updated":"2025-12-04 09:17:43.000000000","message":"they will also need to correctly setup the TLS challenge between the client and the server.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":127,"context_line":""},{"line_number":128,"context_line":"* New transport choice: ``[libvirt] remote_filesystem_transport \u003d http``"},{"line_number":129,"context_line":"* Cloud operator is responsible for running a Webdav server on each"},{"line_number":130,"context_line":"  compute node."},{"line_number":131,"context_line":""},{"line_number":132,"context_line":"Developer impact"},{"line_number":133,"context_line":"----------------"}],"source_content_type":"text/x-rst","patch_set":6,"id":"d4f7d394_cf5b1885","line":130,"in_reply_to":"99c9ff11_9a5daef4","updated":"2026-03-19 08:58:48.000000000","message":"Thanks, Addressed.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":7166,"name":"Sylvain Bauza","email":"sbauza@redhat.com","username":"sbauza"},"change_message_id":"438afe4d3b5f8770550d744ff0de8c7016af3ef7","unresolved":true,"context_lines":[{"line_number":137,"context_line":"Upgrade impact"},{"line_number":138,"context_line":"--------------"},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"None. Default remotefs driver remains unchanged."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Implementation"},{"line_number":143,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"9af3dbd5_118c97f3","line":140,"updated":"2025-12-04 09:17:43.000000000","message":"There is a big one tho which isn\u0027t mentioned : what if some user wants to cold migrate some instance to some host that\u0027s not yet upgraded ? As a reminder, Nova supports rolling upgrades so this is possible to have Epoxy computes with a Gazpacho controlplane.\n\nhow will you plan to manage such backwards compatibility ?","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"e9f7afba18344d60ddb564fa99a19c03a738d28f","unresolved":true,"context_lines":[{"line_number":137,"context_line":"Upgrade impact"},{"line_number":138,"context_line":"--------------"},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"None. Default remotefs driver remains unchanged."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Implementation"},{"line_number":143,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"22815544_22e3336c","line":140,"in_reply_to":"52fb6e5d_f2415edd","updated":"2026-03-19 08:58:48.000000000","message":"@smooney@redhat.com I have added a section. We have discussed this internally and the assumption is that his feature will only be enabled by cloud operator if all the nodes are running the supported version of openstack release. In such a case, we do not need to go into the complexity of upgrade paths or nova traits. \n\nPlease review the spec again. Thank you","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"cbfe5500bddf942a8c0480e3e490890ca5a506af","unresolved":true,"context_lines":[{"line_number":137,"context_line":"Upgrade impact"},{"line_number":138,"context_line":"--------------"},{"line_number":139,"context_line":""},{"line_number":140,"context_line":"None. Default remotefs driver remains unchanged."},{"line_number":141,"context_line":""},{"line_number":142,"context_line":"Implementation"},{"line_number":143,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":6,"id":"52fb6e5d_f2415edd","line":140,"in_reply_to":"9af3dbd5_118c97f3","updated":"2025-12-04 17:48:50.000000000","message":"so for upgrades we will upgrade with the existing config option and default so by default we will not have an upgrade impact.\n\nonce you have 2026.1 compute then that is where the possible impact arises\n\nTo mitigate that we could add a compute service version for this and a min compute service version check at the cell level.\n\nim not sure i really like that approach.\n\nanother may be to have a compute capability trait for http support.\n\nthat would allow scheduling to other host with the same driver so perhasp that is better although its mroe cost then just using a version bump.\nwe shoud not require you to modify your flavor jsut to make this work so we would still need a compute service version bump and pre-filter to use the trait so that also not a good option.\n\nso im wondering shoudl we just document that this is only supported between host with the same value and that operator need to partition there cloud with host aggregate or other means if they do not use the same driver on all hosts.\n\nthe problems related ot mixing different driver are not really any diffent then they are today.\n\none way to adopt the new mode is to install the webdav servers on all hosts first and keep ssh/rsync functional. then you can upgrade nova and finally update the config.\n\nprovided both dirver work for all host you can do this in a roling fashion\nthis woudl result in diffent driver beign used depenign on the direction fo the move operation but it should work even if they are usign diffent drivers.\n\nbut we would need to explain that in an upgrade release note or doc.","commit_id":"41dc6b8f5bc64afa7fe7c19360271a28c9cb1325"}],"specs/2026.1/approved/offline-migration-using-https.rst":[{"author":{"_account_id":35761,"name":"Guillaume Boutry","display_name":"gboutry","email":"guillaume.boutry@canonical.com","username":"gboutry"},"change_message_id":"087bd25c42f67b546bfda594ad2bbd927b640a3d","unresolved":true,"context_lines":[{"line_number":12,"context_line":"Problem description"},{"line_number":13,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Offline VM migration currently fails when compute nodes do not have ``SSH``"},{"line_number":16,"context_line":"access to each other. Nova\u0027s libvirt remote filesystem (remotefs) drivers"},{"line_number":17,"context_line":"rely on ``scp/rsync`` for offline migration. As a result,"},{"line_number":18,"context_line":"offline VM migration fails with scp/rsync permission errors, preventing"},{"line_number":19,"context_line":"operators from migrating shut off instances between compute nodes."}],"source_content_type":"text/x-rst","patch_set":3,"id":"2ec3e2d2_c03ad04f","line":16,"range":{"start_line":15,"start_character":0,"end_line":16,"end_character":20},"updated":"2025-10-21 07:50:58.000000000","message":"Having SSH configured is a requirement for offline migration.\n\nThis does not really represent the problem, except saying \"things are not working when we don\u0027t have all the requirements\".\n\nI think this is the occasion to delve a bit deeper on the actual problem:\n\nWe\u0027re running the nova-compute daemon in a heavily confined environment, and we don\u0027t want to enable SSH access between the nodes. However, with the current implementation, this is a requirement.","commit_id":"6b5c43d717b6158bfe42b692e156c685f6cce0d0"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"a76c01f51f3a9f8d1b49dbe6f30cecde6c296922","unresolved":true,"context_lines":[{"line_number":12,"context_line":"Problem description"},{"line_number":13,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"Offline VM migration currently fails when compute nodes do not have ``SSH``"},{"line_number":16,"context_line":"access to each other. Nova\u0027s libvirt remote filesystem (remotefs) drivers"},{"line_number":17,"context_line":"rely on ``scp/rsync`` for offline migration. As a result,"},{"line_number":18,"context_line":"offline VM migration fails with scp/rsync permission errors, preventing"},{"line_number":19,"context_line":"operators from migrating shut off instances between compute nodes."}],"source_content_type":"text/x-rst","patch_set":3,"id":"50bb6aad_3ddae392","line":16,"range":{"start_line":15,"start_character":0,"end_line":16,"end_character":20},"in_reply_to":"2ec3e2d2_c03ad04f","updated":"2025-10-21 12:00:09.000000000","message":"rephrased the problem","commit_id":"6b5c43d717b6158bfe42b692e156c685f6cce0d0"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"Offline migration using HTTPs"},{"line_number":10,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":4,"id":"0c5416ac_fd146210","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":17},"updated":"2025-10-21 12:42:18.000000000","message":"offline migration is not a term of art in nova\n\nwe have live migration and cold migration\n\nwe also have other move operation like shleve/evacuate but those are not really migrations.\n\ni assume you mean cold migration?","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"bb457464d833417b18a901190d0525c533be9548","unresolved":true,"context_lines":[{"line_number":6,"context_line":""},{"line_number":7,"context_line":""},{"line_number":8,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":9,"context_line":"Offline migration using HTTPs"},{"line_number":10,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":11,"context_line":""},{"line_number":12,"context_line":"Problem description"}],"source_content_type":"text/x-rst","patch_set":4,"id":"be3dfe37_245433b9","line":9,"range":{"start_line":9,"start_character":0,"end_line":9,"end_character":17},"in_reply_to":"0c5416ac_fd146210","updated":"2025-10-31 12:22:26.000000000","message":"yes cold migration only","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":22,"context_line":"---------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"* As an OpenStack user, I need to migrate a shut off instance from one"},{"line_number":25,"context_line":"  compute node to another without requiring SSH access between nodes."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed change"},{"line_number":28,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"91692e12_280aade3","line":25,"updated":"2025-10-21 12:42:18.000000000","message":"we currently use the ssh acces for 2 thing\n1st the data tansfer.\n2nd to check that the vm is not on a shared file system like nfs or cephfs.\n\nif we were to support https or similar alternitive method.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"30574476d03726ae499f7a7d1afa076ffa670949","unresolved":true,"context_lines":[{"line_number":22,"context_line":"---------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"* As an OpenStack user, I need to migrate a shut off instance from one"},{"line_number":25,"context_line":"  compute node to another without requiring SSH access between nodes."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed change"},{"line_number":28,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7c1237e6_bc52b975","line":25,"in_reply_to":"4fb53fd5_7d3b64bd","updated":"2025-10-31 12:36:04.000000000","message":"that is a problem becausee we use soem of the same helper function in both cases so this should be supproted for live migration as well.\n\nwe dont want a casue wehre you cant live migrate because there is no ssh access and you have enabled this new backend.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"1710f819ada3c776b5e09bec1bed35390020fb14","unresolved":true,"context_lines":[{"line_number":22,"context_line":"---------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"* As an OpenStack user, I need to migrate a shut off instance from one"},{"line_number":25,"context_line":"  compute node to another without requiring SSH access between nodes."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed change"},{"line_number":28,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"02c9907c_f27bdefe","line":25,"in_reply_to":"7c1237e6_bc52b975","updated":"2025-12-02 08:16:30.000000000","message":"The spec is updated with the agreed approach during the PTG\n\nWebdav as a protocol for remote file system operations.\nNova will not spawn the web server directly.\nImplement Webdav driver client for remotefs in Nova.\nEnable http webdav client driver through remote_filesystem_transport option in nova.conf.\nAdd DevStack support to test the feature in CI.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"bb457464d833417b18a901190d0525c533be9548","unresolved":true,"context_lines":[{"line_number":22,"context_line":"---------"},{"line_number":23,"context_line":""},{"line_number":24,"context_line":"* As an OpenStack user, I need to migrate a shut off instance from one"},{"line_number":25,"context_line":"  compute node to another without requiring SSH access between nodes."},{"line_number":26,"context_line":""},{"line_number":27,"context_line":"Proposed change"},{"line_number":28,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"4fb53fd5_7d3b64bd","line":25,"in_reply_to":"91692e12_280aade3","updated":"2025-10-31 12:22:26.000000000","message":"the current scope is limited to only cold migration.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"This spec adds ``http`` as a third choice:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"HTTPs file server"},{"line_number":45,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"0e9583a7_4a0fc44e","line":42,"updated":"2025-10-21 12:42:18.000000000","message":"are you plannign to supprot non libvirt based drivers?\n\nif so why http and not using libvirt/qemus NBD server or something similar.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"bb457464d833417b18a901190d0525c533be9548","unresolved":true,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"This spec adds ``http`` as a third choice:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"HTTPs file server"},{"line_number":45,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"ca8c86f8_5d2d368b","line":42,"in_reply_to":"0e9583a7_4a0fc44e","updated":"2025-10-31 12:22:26.000000000","message":"only libvirt in the current scope","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"30574476d03726ae499f7a7d1afa076ffa670949","unresolved":false,"context_lines":[{"line_number":39,"context_line":""},{"line_number":40,"context_line":"This spec adds ``http`` as a third choice:"},{"line_number":41,"context_line":""},{"line_number":42,"context_line":"``remote_filesystem_transport \u003d ssh | rsync | http``"},{"line_number":43,"context_line":""},{"line_number":44,"context_line":"HTTPs file server"},{"line_number":45,"context_line":"-----------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"f352a085_43c6ac8a","line":42,"in_reply_to":"ca8c86f8_5d2d368b","updated":"2025-10-31 12:36:04.000000000","message":"Acknowledged","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":53,"context_line":"* ``create_dir`` (Restricted to sandboxed base path)"},{"line_number":54,"context_line":"* ``remove_dir`` (Restricted to sandboxed base path)"},{"line_number":55,"context_line":"* ``copy_file`` (pull/push of instance disk content using chunked streams,"},{"line_number":56,"context_line":"  Restricted to sandboxed base path)"},{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Security is enforced with mutual TLS (mTLS). The server verifies the Nova HTTPs"},{"line_number":59,"context_line":"driver client certificate; the client verifies the server certificate. The"}],"source_content_type":"text/x-rst","patch_set":4,"id":"0cab5fc7_386726c8","line":56,"updated":"2025-10-21 12:42:18.000000000","message":"we also need the capablity to test if a file is avaible on the remote host to impelemnnt the ablity to detect of /var/lib/nova/instnaces is on a shared file system.\n\nwe do that by creating a file/directory on the souce host and sshing to the dest to see if its visable there.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Security is enforced with mutual TLS (mTLS). The server verifies the Nova HTTPs"},{"line_number":59,"context_line":"driver client certificate; the client verifies the server certificate. The"},{"line_number":60,"context_line":"server restricts all paths to a per-node sandbox."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"HTTPs driver client (in Nova)"},{"line_number":63,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"fdaabbfa_d0250904","line":60,"updated":"2025-10-21 12:42:18.000000000","message":"perhaps what implamtion where you thinkign of usign to implement this.\n\ni dont think we shoudl impelemnt a http server from scratch in nova and we are currently removeign our supprot for eventlet so it woudl not be approate to use eventlets webserver.\n\n\ncurrently the only option i really see as valid fi its part of nova would be the python standard libs http server perhaps via wisgref \nor using some thing like https://github.com/cherrypy/cheroot which is http server that ironic has chosen to implemente there json rpc endpoints.\n\ncheroot is the server i was condiring peroposing for our healtcheck endpoing in the furure.\n\nnova is not currently plannong on using asycio so that is not an option at this time.\n\nwe may recondier that once eventlet support is fully removed but its not an option for then next couple of releases.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"8ece3c5046ba5d02640a877642289bc06a879859","unresolved":true,"context_lines":[{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Security is enforced with mutual TLS (mTLS). The server verifies the Nova HTTPs"},{"line_number":59,"context_line":"driver client certificate; the client verifies the server certificate. The"},{"line_number":60,"context_line":"server restricts all paths to a per-node sandbox."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"HTTPs driver client (in Nova)"},{"line_number":63,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"b8cdc9f7_823b9e5b","line":60,"in_reply_to":"24e57d8e_177457ad","updated":"2025-12-02 08:18:12.000000000","message":"@smooney@redhat.com Kindly review the spec again. I have rewritten it based on the PTG feedback. Thanks","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"1710f819ada3c776b5e09bec1bed35390020fb14","unresolved":true,"context_lines":[{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Security is enforced with mutual TLS (mTLS). The server verifies the Nova HTTPs"},{"line_number":59,"context_line":"driver client certificate; the client verifies the server certificate. The"},{"line_number":60,"context_line":"server restricts all paths to a per-node sandbox."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"HTTPs driver client (in Nova)"},{"line_number":63,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"24e57d8e_177457ad","line":60,"in_reply_to":"3b01f045_ff17ba29","updated":"2025-12-02 08:16:30.000000000","message":"The spec is updated with the agreed approach during the PTG\n\nWebdav as a protocol for remote file system operations.\nNova will not spawn the web server directly.\nImplement Webdav driver client for remotefs in Nova.\nEnable http webdav client driver through remote_filesystem_transport option in nova.conf.\nAdd DevStack support to test the feature in CI.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"bb457464d833417b18a901190d0525c533be9548","unresolved":true,"context_lines":[{"line_number":57,"context_line":""},{"line_number":58,"context_line":"Security is enforced with mutual TLS (mTLS). The server verifies the Nova HTTPs"},{"line_number":59,"context_line":"driver client certificate; the client verifies the server certificate. The"},{"line_number":60,"context_line":"server restricts all paths to a per-node sandbox."},{"line_number":61,"context_line":""},{"line_number":62,"context_line":"HTTPs driver client (in Nova)"},{"line_number":63,"context_line":"------------------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"3b01f045_ff17ba29","line":60,"in_reply_to":"fdaabbfa_d0250904","updated":"2025-10-31 12:22:26.000000000","message":"the current impl is wsgiref based.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":69,"context_line":""},{"line_number":70,"context_line":"This approach avoids the need for SSH between nodes while preserving Nova\u0027s"},{"line_number":71,"context_line":"existing migration semantics."},{"line_number":72,"context_line":""},{"line_number":73,"context_line":"Alternatives"},{"line_number":74,"context_line":"------------"},{"line_number":75,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"c5899853_6b04bc39","line":72,"updated":"2025-10-21 12:42:18.000000000","message":"speaking of exisitng semantics we also have logic i belive for live migration to pull the image backing file form the source node to the dest node over ssh if the image has been deleted form glance.\n\nim not 100% sure if we deleted that code or not recently.\n\nmy point is that if we supprot https as a remotefs solution we may need to ensure that https is also used in teh live migration code paths in some edge cases as well so we would need to audit and test this.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":77,"context_line":"  nodes)."},{"line_number":78,"context_line":"* Require operators to deploy shared storage (e.g. CEPH) for all instances"},{"line_number":79,"context_line":"  which is operationally heavy and is not desired in this case."},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Data model impact"},{"line_number":82,"context_line":"-----------------"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"b6759bbf_f79c581a","line":80,"updated":"2025-10-21 12:42:18.000000000","message":"we coudl also supprot webdav or another standard protocal like ftp instead of inventing our own http file transfer protocal.\n\nis there  reason why you are proposing a new protocol?\n\nwe could even do the transfer via netcat if direct transfer over tcp is allow in this env.\n\n\ni would like to see an explaiion in the spec why these option are not a better alternitive to the current propsoal.\n\nby the way i belive rsync can operator over tcp without ssh to so before addign a new driver i want to also confirm that we cant use rsync is a diffent mode that would work for your usecase.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"30574476d03726ae499f7a7d1afa076ffa670949","unresolved":true,"context_lines":[{"line_number":77,"context_line":"  nodes)."},{"line_number":78,"context_line":"* Require operators to deploy shared storage (e.g. CEPH) for all instances"},{"line_number":79,"context_line":"  which is operationally heavy and is not desired in this case."},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Data model impact"},{"line_number":82,"context_line":"-----------------"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"20aa002c_1b1b40ee","line":80,"in_reply_to":"75ee6c46_7bbf0ddb","updated":"2025-10-31 12:36:04.000000000","message":"this should be catured in teh usecases or problem statement to motivate why exstign solution are not approate.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":37697,"name":"Ahmad Hassan","display_name":"Ahmad","email":"ahmad.hassan@canonical.com","username":"hassahma"},"change_message_id":"bb457464d833417b18a901190d0525c533be9548","unresolved":true,"context_lines":[{"line_number":77,"context_line":"  nodes)."},{"line_number":78,"context_line":"* Require operators to deploy shared storage (e.g. CEPH) for all instances"},{"line_number":79,"context_line":"  which is operationally heavy and is not desired in this case."},{"line_number":80,"context_line":""},{"line_number":81,"context_line":"Data model impact"},{"line_number":82,"context_line":"-----------------"},{"line_number":83,"context_line":""}],"source_content_type":"text/x-rst","patch_set":4,"id":"75ee6c46_7bbf0ddb","line":80,"in_reply_to":"b6759bbf_f79c581a","updated":"2025-10-31 12:22:26.000000000","message":"the reason is that the remote compute node is running nova-compute openstack hypervisor in a strictly confined snap. hence no ssh/rsync access from outside the snap context.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":95,"context_line":"* Uses mutual TLS between Nova\u0027s HTTPs driver client and the per-node"},{"line_number":96,"context_line":"  HTTPs file server."},{"line_number":97,"context_line":"* The server enforces a sandboxed base path to avoid arbitrary filesystem"},{"line_number":98,"context_line":"  access."},{"line_number":99,"context_line":""},{"line_number":100,"context_line":"Notifications impact"},{"line_number":101,"context_line":"--------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"069ae1b0_471179e0","line":98,"updated":"2025-10-21 12:42:18.000000000","message":"both of these are none trivial secuirty risks.\n\nwe will need to ensure they sandboxing is secuire and that the http server can be exploited to do redirect ectra.\n\nwe may also need to consdier if auth shoudl eb tied into keystone in some way of if mtls is really enough but i can see the agument for why it is.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":111,"context_line":"------------------"},{"line_number":112,"context_line":""},{"line_number":113,"context_line":"Optional compression and chunked streaming is used for the ``copy_file``"},{"line_number":114,"context_line":"operation."},{"line_number":115,"context_line":""},{"line_number":116,"context_line":"Other deployer impact"},{"line_number":117,"context_line":"---------------------"}],"source_content_type":"text/x-rst","patch_set":4,"id":"a4cb89ea_ba639a08","line":114,"updated":"2025-10-21 12:42:18.000000000","message":"i think we would need ot understand the performance impact of this and that will partly depend on how the httpserver is run.\n\nis it spawned as a seperate thread by the nova-compute agent or is a seperate process that must be run on each system.\ncan it handel multipel concurrent migration stream and if so how does it scale.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":161,"context_line":"Dependencies"},{"line_number":162,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":163,"context_line":""},{"line_number":164,"context_line":"None."},{"line_number":165,"context_line":""},{"line_number":166,"context_line":"Testing"},{"line_number":167,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"7de73ffb_5f3517f3","line":164,"updated":"2025-10-21 12:42:18.000000000","message":"stating none here would imply that the http server would purely use the std lib http server.\n\nif we are using any other server implemnetaion we shoudl list that as a dependency.\n\neven if its somehting like apache2.\n\ncurrently nova does not depend on any http server\n\nif the intent is to provide a wsgi applction to implement the new functionaly that can be run on any wsgi server then we don\u0027t need to list a specific web server here.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"},{"author":{"_account_id":11604,"name":"sean mooney","email":"smooney@redhat.com","username":"sean-k-mooney"},"change_message_id":"23f4d6a9ccfcce26a4096e7b99d14da761f89d5a","unresolved":true,"context_lines":[{"line_number":167,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d"},{"line_number":168,"context_line":""},{"line_number":169,"context_line":"* Unit tests for the HTTPs driver."},{"line_number":170,"context_line":"* Integration tests exercising offline migration between two computes."},{"line_number":171,"context_line":""},{"line_number":172,"context_line":"Documentation Impact"},{"line_number":173,"context_line":"\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d\u003d"}],"source_content_type":"text/x-rst","patch_set":4,"id":"67c1b937_3616deac","line":170,"updated":"2025-10-21 12:42:18.000000000","message":"so to test this properly we woudl need to modify one of the existing jobs to enable the http driver\n\nthat means we also need to modify devstack or nova\u0027s devstack plugin to be able to configure and delpoy the http server.","commit_id":"dbb137a12075ebe00794ae4820e6f3480173e361"}]}