Tuesday, 2017-08-29

*** gouthamr_ has joined #openstack-manila		01:05
*** gouthamr has quit IRC		01:07
*** baojg_ has quit IRC		01:10
openstackgerrit	Merged openstack/puppet-manila master: Add "host" parameter for manila.conf https://review.openstack.org/497481	01:23
zhongjun	gouthamr_: ping	01:27
gouthamr_	zhongjun: pong	01:27
zhongjun	gouthamr_: We can not get all shares by non-admin even if we change share_instance:index policy from ‘admin_api’ to non limit. Because we added	01:27
zhongjun	@require_admin_context in share_instances_get_all db function. Do you know any	01:27
zhongjun	historical reasons?	01:27
*** gouthamr_ is now known as gouthamr		01:27
bswartz	zhongjun: we never test the nonstandard policies	01:28
gouthamr	zhongjun: sounds like a bug	01:28
bswartz	I would count it as a bug	01:28
zhongjun	gouthamr: I tested it when I write the code about "policy in code" feature, it will raise “ERROR: User does not have admin privileges.”	01:29
gouthamr	We could unit test policies..	01:29
bswartz	gouthamr: if you can think of a scalable way to do so	01:30
bswartz	IMO the matrix of options is too large	01:30
gouthamr	bswartz: true.. but with zhongjun's changes, there'll be a default policy in code, we could specify a non-default configuration to test	01:32
zhongjun	bswartz: We added @require_admin_context in many places : https://github.com/openstack/manila/blob/master/manila/db/sqlalchemy/api.py#L372 I thought it could have a original reason	01:32
gouthamr	zhongjun: i used to see the pattern with deletes, most calls elevate privileges to delete the row	01:33
bswartz	I would be mostly concerned with testing the dangerous cases	01:33
gouthamr	zhongjun: wait-a-minute, that's many GET methods	01:33
bswartz	it's way worse if a non-admin can do admin things than if an admin can't do something	01:34
gouthamr	yes.. i think we've been mindful about the first part.. kinda why we split admin and regular api tests apart	01:35
zhongjun	bswartz: I changed "share:get_all" policy from ‘admin_api’ to 'default', it is not nonstandard policies.	01:36
gouthamr	zhongjun: would be a bug worth fixing.. we have the policy check in the service API as well... https://github.com/openstack/manila/blob/master/manila/api/v2/services.py#L35	01:37
bswartz	zhongjun: as long as the policy is properly enforced (and we have tests to ensure that) then I'm happy	01:39
bswartz	it's entirely possible that there's some code in there that predates the policy.json mechanism and effectively hard codes the policy in some places	01:40
zhongjun	gouthamr, bswartz: yeah, it look like a bug. but I could try to find the original code modification, why they added this.	01:41
zhongjun	bswartz: yes, It could be.	01:42
zhongjun	bswartz: I didn't find it in nova, it could be changed from cinder	01:43
tommylikehu	maybe it could remind the administrator he/she had configured the wrong policy	01:43
zhongjun	tommylikehu: yes, It could be. I just think of the case: If the admin give a policy to the user to see all of the shares, is it a reasonable requirement?	01:46
*** markstur has quit IRC		01:47
zhongjun	gouthamr, bswartz: In nova, it also added the admin check in db level after the policy check in API. But it didn't raise the error if the "xxx:get_all" policy changed from ‘admin_api’ to 'default'. It just add the appropriate filter(project, user) in db api level. https://github.com/openstack/nova/blob/16.0.0.0b2/nova/db/sqlalchemy/api.py#L2051	02:26
zhongjun	gouthamr: yeah, we can not let a non-admin do admin things, it will be enforced in code	02:28
zhongjun	gouthamr: s / share:get_all / share_instance:index	02:49
*** gcb has joined #openstack-manila		02:50
*** markstur has joined #openstack-manila		02:53
*** markstur has quit IRC		02:57
*** gouthamr has quit IRC		02:59
*** baojg has joined #openstack-manila		03:14
*** baojg has quit IRC		03:19
*** markstur has joined #openstack-manila		03:26
*** hoonetorg has quit IRC		04:11
*** hoonetorg has joined #openstack-manila		04:23
*** markstur has quit IRC		04:24
*** markstur has joined #openstack-manila		04:25
*** lpetrut has joined #openstack-manila		04:26
*** markstur has quit IRC		04:30
*** markstur has joined #openstack-manila		04:46
*** rejy has joined #openstack-manila		04:50
*** markstur has quit IRC		04:50
*** lpetrut has quit IRC		04:56
*** rejy has quit IRC		05:22
*** markstur has joined #openstack-manila		05:28
*** markstur has quit IRC		05:32
*** carthaca_1 has quit IRC		05:58
*** carthaca_ has joined #openstack-manila		05:58
*** zengyingzhe has quit IRC		06:14
*** zengyingzhe has joined #openstack-manila		06:14
*** pcaruana has joined #openstack-manila		06:39
*** raissa has quit IRC		06:46
*** jprovazn has joined #openstack-manila		07:10
*** markstur has joined #openstack-manila		07:46
*** td has joined #openstack-manila		07:49
*** markstur has quit IRC		07:51
*** dsariel has joined #openstack-manila		08:14
*** raissa has joined #openstack-manila		08:20
*** markstur has joined #openstack-manila		08:23
*** markstur has quit IRC		08:28
*** markstur has joined #openstack-manila		09:00
*** markstur has quit IRC		09:05
*** markstur has joined #openstack-manila		09:37
*** markstur has quit IRC		09:42
*** markstur has joined #openstack-manila		10:13
*** markstur has quit IRC		10:18
*** ociuhandu has quit IRC		10:30
*** lpetrut has joined #openstack-manila		10:34
*** lpetrut_ has joined #openstack-manila		10:34
*** markstur has joined #openstack-manila		10:50
*** ociuhandu has joined #openstack-manila		10:51
*** markstur has quit IRC		10:55
*** ganso has joined #openstack-manila		10:56
*** markstur has joined #openstack-manila		11:11
*** markstur has quit IRC		11:15
*** markstur has joined #openstack-manila		11:48
*** baojg has joined #openstack-manila		11:52
*** markstur has quit IRC		11:52
*** MVenesio has joined #openstack-manila		12:20
*** MVenesio has quit IRC		12:20
*** markstur has joined #openstack-manila		12:24
*** markstur has quit IRC		12:29
*** gcb has quit IRC		12:29
*** gcb has joined #openstack-manila		12:30
*** eharney has quit IRC		12:50
*** rraja has joined #openstack-manila		13:00
*** hoonetorg has quit IRC		13:08
*** hoonetorg has joined #openstack-manila		13:09
*** catintheroof has joined #openstack-manila		13:19
*** dustins has joined #openstack-manila		13:20
*** belmoreira has joined #openstack-manila		13:26
*** zengyingzhe has quit IRC		13:26
*** zengyingzhe has joined #openstack-manila		13:26
*** gouthamr has joined #openstack-manila		13:33
*** eharney has joined #openstack-manila		13:41
*** zengyingzhe_ has joined #openstack-manila		13:54
*** zengyingzhe has quit IRC		13:57
*** jprovazn has quit IRC		13:58
*** ociuhandu has quit IRC		14:07
*** baojg has quit IRC		14:25
*** baojg has joined #openstack-manila		14:26
*** markstur has joined #openstack-manila		14:35
*** eharney has quit IRC		14:35
*** baojg has quit IRC		14:37
*** markstur has quit IRC		14:39
*** baojg has joined #openstack-manila		14:39
*** baojg has quit IRC		14:40
*** baojg has joined #openstack-manila		14:40
*** baojg has quit IRC		14:40
*** chlong has joined #openstack-manila		14:41
*** baojg has joined #openstack-manila		14:42
*** baojg has quit IRC		14:42
openstackgerrit	Merged openstack/manila master: doc migration: update the doc link address https://review.openstack.org/498359	14:43
*** markstur has joined #openstack-manila		14:44
*** eharney has joined #openstack-manila		14:50
*** jprovazn has joined #openstack-manila		15:02
smcginnis	bswartz: Would be good to get your validation on here when you get a chance: https://review.openstack.org/#/c/498263/	15:28
bswartz	smcginnis: looking	15:31
bswartz	smcginnis: never seen diff_start before -- you know what that is?	15:31
smcginnis	bswartz: That controls the release notes output so you get a full release instead of the separate ones we have now for each RC.	15:35
bswartz	I see	15:35
smcginnis	bswartz: There's a small chance of overlap since they do it from the first RC of the last release, but that makes sure all included changes are there.	15:35
bswartz	so the commit hash in there misses all of the docs changes made in the last week	15:35
bswartz	I assume that's okay but I wanted to confirm that that was intentional	15:35
smcginnis	bswartz: Did you do another RC?	15:35
bswartz	no I was told not to make another RC just for docs changes	15:36
bswartz	which makes sense because the docs website doesn't care about tags -- just branches	15:36
smcginnis	Ah, yeah, docs are published separately, so that's ok. As long as there isn't any code change missed that's critical to pike.	15:36
bswartz	the only other missing changes are the .gitreview file and the upper constrains in tox.ini	15:37
bswartz	I'm okay to +1 it	15:38
smcginnis	bswartz: Yep, those are OK too as they aren't included in the release tars.	15:38
bswartz	done	15:39
smcginnis	bswartz: Cool, thanks. That will help wrap things up for Pike once we have all the validation from individual projects.	15:39
bswartz	It will be nice to see pike shipped	15:39
smcginnis	++	15:40
bswartz	pike was less stressful than some other releases, but still challenging to get done	15:40
smcginnis	Yeah, same for me.	15:45
*** xyang_ has joined #openstack-manila		15:48
*** rraja has quit IRC		15:49
*** lpetrut_ has quit IRC		15:50
*** markstur_ has joined #openstack-manila		15:58
*** markstur has quit IRC		16:01
Reepicheep	is anyone familure with how the manila share service creates openvswitch ports and adds system routes when using the generic backend?	16:43
Reepicheep	https://bugs.launchpad.net/manila/+bug/1688155	16:43
openstack	Launchpad bug 1688155 in Manila "tap device will disappear after manila-share node restart" [Undecided,In progress] - Assigned to yankee (yankeefu)	16:43
Reepicheep	this seems to be giving me problems ^ ^	16:44
Reepicheep	I'm wonder what I need to run to bring these ports / routes backup from the manila share service	16:45
*** belmoreira has quit IRC		16:46
*** belmoreira has joined #openstack-manila		16:47
*** belmoreira has quit IRC		16:48
*** pcaruana has quit IRC		16:48
*** lpetrut has quit IRC		16:54
*** raissa has quit IRC		17:10
bswartz	Reepicheep: I'm familiar with it	17:41
bswartz	Reepicheep: you're correct that the generic driver isn't able to recreate things that are destroyed externally -- including ports, tap devices, routes, nova VMs, etc	17:43
bswartz	work is needed to make the driver able to survive reboots	17:44
*** lpetrut has joined #openstack-manila		17:45
*** catintheroof has quit IRC		17:49
*** eharney has quit IRC		17:49
*** lpetrut has quit IRC		17:51
*** lpetrut has joined #openstack-manila		17:51
Reepicheep	bswartz: thanks for the update is there a manual procedure I can use to recreate those ports?	18:16
Reepicheep	I was looking at the setup_connectivity_with_service_instances function but not being a developer I'm struggling with the steps need	18:17
*** sumitshatwara has quit IRC		18:21
*** catintheroof has joined #openstack-manila		18:23
*** xyang_ has quit IRC		18:34
*** xyang_ has joined #openstack-manila		18:35
*** xyang_ has quit IRC		18:36
*** lpetrut has quit IRC		18:37
*** eharney has joined #openstack-manila		18:49
*** lpetrut has joined #openstack-manila		18:59
*** lpetrut has quit IRC		19:05
*** catintheroof has quit IRC		19:30
*** gcb has quit IRC		19:33
*** lpetrut has joined #openstack-manila		19:33
*** catintheroof has joined #openstack-manila		19:36
*** jprovazn has quit IRC		19:43
*** xyang1 has joined #openstack-manila		19:47
*** belmoreira has joined #openstack-manila		20:04
bswartz	Reepicheep: I've never tried it -- basically you'd have to follow the code and replicate what it does	20:44
bswartz	we maybe need to clarify the existing limitations of the generic driver in our docs	20:45
bswartz	we've designed the generic driver to be production ready eventually, but there are gaps to be addressed before we get there	20:46
*** ChanServ changes topic to "OpenStack Shared File Systems \| Manila \| PTG Sept 20-21 https://etherpad.openstack.org/p/manila-ptg-queens"		20:47
bswartz	Reepicheep: I put a topic on the PTG etherpad to discuss it in September	20:48
*** gouthamr has quit IRC		21:05
Reepicheep	bswartz: thanks.. I'm going to have to try to figure out what it does. I'm basically in a spot that I need to get it back online	21:24
Reepicheep	generic is currently one of the few options that I have :(	21:28
Reepicheep	am I correct in understanding that the cephfs driver still has some significant work to be done also?	21:30
*** catintheroof has quit IRC		21:34
*** tbarron is now known as tbarron\|errand		21:46
*** belmoreira has quit IRC		21:49
*** markstur_ has quit IRC		21:50
*** lpetrut has quit IRC		21:55
*** xyang1 has quit IRC		22:06
*** gouthamr has joined #openstack-manila		22:38
*** dustins has quit IRC		22:45
*** ianychoi has quit IRC		23:17
*** ianychoi has joined #openstack-manila		23:17
*** jmlowe has joined #openstack-manila		23:43

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!