| *** chuanm3 is now known as chuanm | 05:58 | |
| *** chuanm8 is now known as chuanm | 06:07 | |
| *** dasm is now known as Guest1555 | 07:16 | |
| *** Guest1555 is now known as dasm | 14:48 | |
| carloss | #startmeeting manila | 15:00 |
|---|---|---|
| opendevmeet | Meeting started Thu Sep 28 15:00:23 2023 UTC and is due to finish in 60 minutes. The chair is carloss. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'manila' | 15:00 |
| haixin | o/ | 15:00 |
| carloss | courtesy ping: dviroel felipe_rodrigues vhari gouthamr carthaca msaravan pulluri | 15:00 |
| carthaca | hi | 15:01 |
| gouthamr | o/ | 15:01 |
| caiquemello[m] | o/ | 15:01 |
| vhari | hi | 15:01 |
| felipe_rodrigues | o/ | 15:01 |
| thiagoalvoravel | o/ | 15:02 |
| gireesh | o/ | 15:02 |
| msaravan | o/ | 15:03 |
| dviroel | o/ | 15:04 |
| carloss | o/ hello everyone | 15:04 |
| carloss | good quorum | 15:04 |
| carloss | let's get started | 15:04 |
| carloss | today's meeting agenda: | 15:05 |
| carloss | #link https://wiki.openstack.org/wiki/Manila/Meetings#Next_meeting | 15:05 |
| carloss | #topic Announcements | 15:06 |
| carloss | Schedule and Deadlines: | 15:06 |
| carloss | #link https://releases.openstack.org/bobcat/schedule.html (Bobcat release schedule) | 15:06 |
| carloss | 1 week to go until the final Bobcat release | 15:07 |
| carloss | we are in a good shape so far | 15:08 |
| carloss | in the next week, as usual, the foundation is promoting the OpenInfra live | 15:08 |
| carloss | and in this episode, we will have some project representatives talking about big accomplishments of the projects during the Bobcat release | 15:09 |
| carloss | I will be proudly presenting the Manila highlights | 15:09 |
| carloss | the live will start at 14 UTC - one hour before this meeting | 15:09 |
| carloss | unsure if we will be able to keep the live within the 1 hour that it is scheduler | 15:10 |
| carloss | s/scheduler/scheduled | 15:10 |
| * carloss m-sch is taking over carloss' head | 15:11 | |
| carloss | so: gouthamr vhari ashrodri - could one of you please run the next week's upstream meeting? I'm pretty sure I'll be here, but there is a chance that I will need to divide my time between two things | 15:12 |
| gouthamr | sure no problem carloss | 15:12 |
| carloss | thanks gouthamr | 15:12 |
| carloss | that's all I had for $topic - is there an announcement you would like to share with us? | 15:13 |
| carloss | taking silence as no | 15:17 |
| carloss | #topic Bobcat Bugsquash | 15:17 |
| carloss | so, this is just a quick follow-up on the bugsquash | 15:17 |
| carloss | #link https://etherpad.opendev.org/p/manilabobcatbugsquash | 15:17 |
| carloss | we managed to close 9 out of all the bugs in the etherpad list, which is a good progress within the last week | 15:18 |
| carloss | we can share more in-depth stats | 15:19 |
| carloss | but I wanted to ask you: is there something you'd like to discuss about the bugs on that list? | 15:19 |
| carloss | a change you proposed and you'd like to get some reviewers' attention? | 15:19 |
| gireesh | bug link https://bugs.launchpad.net/manila/+bug/1996907 is fixed now, gouthamr suggested to cherry-pick to different branch, that also done | 15:21 |
| gireesh | just need to one more round of sanity testing. i think if all ok we can merge this changes | 15:21 |
| gireesh | https://review.opendev.org/c/openstack/manila/+/885213 | 15:22 |
| gireesh | above is the patch link | 15:22 |
| gouthamr | thanks gireesh - a note in these, the NetApp CI has failures; if there’s an infra problem, the only way to know if these changes don’t break anything is if there are approvals from other netapp folks | 15:23 |
| gouthamr | s/the only way to know/the only way for us non NetApp reviewers to know/ | 15:24 |
| msaravan | Yeah.. NetApp CI failures are taken as priority, and we'll address them soon. For now, we'll have reviews from folks to facilitate the merge. | 15:25 |
| gouthamr | thank you | 15:26 |
| carloss | oh, and I see the change is still on stable/xena | 15:26 |
| carloss | could you please propose it on master, so we can follow the backporting procedure? | 15:26 |
| carthaca | it seems it is cherrypicked to master https://review.opendev.org/c/openstack/manila/+/896759 | 15:27 |
| carloss | ah, okay - sorry about that | 15:28 |
| carloss | only saw the xena link | 15:28 |
| gireesh | thanks, carthaca for putting the link | 15:29 |
| carthaca | No, I think you are right - it should be the other way around. Proposed to master and cherry picked to xena than down the line, I think | 15:29 |
| carloss | yep - the commit message has the "cherry-picked from" marker | 15:30 |
| gireesh | so I need to abandon my patch and first merge to master and then cherry pickup to other branches | 15:31 |
| carloss | I think on master, if you did the cherry-pick of your commit on top of the branch, only deleting the "cherry-picked from" from the commit message will do | 15:34 |
| gireesh | ok, thanks will do that | 15:35 |
| carloss | and as you have the backports in place, just reusiung the changes and modify the "cherry-picked from" to match the previous commits should do | 15:36 |
| carloss | np | 15:36 |
| gireesh | thanks, will take care of it | 15:37 |
| carloss | thanks gireesh | 15:37 |
| carloss | okay, so I believe we can go to the next topic | 15:38 |
| carloss | #topic Hiding security service details | 15:38 |
| carloss | this is related to an issue reported a while ago | 15:39 |
| carloss | #link https://bugs.launchpad.net/manila/+bug/1817316 | 15:39 |
| carloss | and gouthamr and I chatted about it earlier this week | 15:39 |
| carloss | we wanted to bring this up again | 15:39 |
| carloss | there was a fix proposed a while ago: | 15:41 |
| carloss | #link https://review.opendev.org/c/openstack/manila/+/766519 (Remove password field from security service) | 15:41 |
| carloss | it basically does an API bump so that starting from a version, it will stop displaying the security service password | 15:41 |
| felipe_rodrigues | it partially fixes the problem | 15:41 |
| carloss | but that would not be ideal in our understanding | 15:41 |
| carloss | felipe_rodrigues: yep | 15:42 |
| felipe_rodrigues | from the security view, the problem isn't solved.. | 15:42 |
| carloss | with would not be ideal I mean: | 15:43 |
| carloss | you'd still be able to list passwords if you used an older version in your requests, so we believe that redacting the password field from the security services would be the way to go with this fix | 15:43 |
| carloss | > from the security view, the problem isn't solved.. | 15:43 |
| carloss | yep - password would still be stored in plain text, which was the initial issue | 15:43 |
| carloss | gouthamr: would you like to add something? | 15:44 |
| gouthamr | i agree this is a partial fix | 15:45 |
| gouthamr | but, it does resolve a good part of the problem | 15:46 |
| gouthamr | so lets treat it as two separate issues.. | 15:46 |
| gouthamr | since Eduardo's stepped away, is there anyone that can pick up this fix and complete it? | 15:47 |
| felipe_rodrigues | I can take it. it seems an interesting issue | 15:48 |
| carloss | ++ for separate issues | 15:48 |
| gouthamr | we can discuss encryption and storage during the PTG perhaps.. carthaca suggested using barbican as a way for users to provide us the password as an encrypted secret | 15:48 |
| felipe_rodrigues | so, should we remove the bump version removing from all versions and solve the conflicts ? | 15:48 |
| carloss | thanks felipe_rodrigues - yeah, we'd just need to remove the API bump and do the redacting bits | 15:49 |
| gouthamr | felipe_rodrigues: not remove, i agree with carthaca/carloss that we would obfuscate it | 15:49 |
| carloss | and the conflicts | 15:49 |
| felipe_rodrigues | sorry, remove or not remove ? | 15:50 |
| gouthamr | remove != redact :) | 15:50 |
| carloss | do not remove the field, just obfuscate it, but it shouldn't be something only for a specific API version | 15:51 |
| carloss | so we don't need to do the API version bump | 15:51 |
| carloss | and we'll be backporting it | 15:51 |
| felipe_rodrigues | nice. Remove API version bump and solve conflicts. got it! | 15:52 |
| gouthamr | what we mean is, the "password" field must be present in the API responses, it should have a value set to "******" or something | 15:52 |
| carloss | ^ | 15:52 |
| carloss | thanks! | 15:52 |
| carloss | > we can discuss encryption and storage during the PTG perhaps.. carthaca suggested using barbican as a way for users to provide us the password as an encrypted secret | 15:52 |
| carloss | ++ on this | 15:52 |
| carthaca | I would vote for doing both: removing in a newer microversion has also benefits | 15:53 |
| carthaca | If it is anyhow redacted, there is not much value in having it | 15:54 |
| carthaca | But I'm also fine with letting the clients make that decision :) | 15:55 |
| carloss | carthaca: yeah... feasible too | 15:55 |
| carloss | making it redacted is good because it would be something backportable | 15:56 |
| felipe_rodrigues | I think the idea is to avoid break any API caller that might read this field. If we remove the field, can we still backport ? | 15:57 |
| carloss | felipe_rodrigues: nope, new API would not be backportable | 15:57 |
| felipe_rodrigues | got it! thanks all | 15:57 |
| carloss | so I'd be okay with doing both too - while redacting we can try to make some noise to say it will be dropped if that's the case, but would be nice to get more feedback on the removal if possible | 15:58 |
| carloss | so: let's go for redacting and making the removal a part of the C PTG alongside the other discussion part with the barbican approach | 15:59 |
| carloss | is it okay? | 15:59 |
| felipe_rodrigues | ok | 16:00 |
| carloss | ack | 16:00 |
| carloss | we're at the top of the hour | 16:00 |
| carloss | let's wrap up | 16:00 |
| carloss | sorry for not having time for bug triaging vhari - and thanks for putting the list together | 16:01 |
| carloss | we can get some extra time to do it next week | 16:01 |
| carloss | thank you everyone for participating | 16:01 |
| carloss | see you on #openstack-manila | 16:01 |
| carloss | #endmeeting | 16:01 |
| opendevmeet | Meeting ended Thu Sep 28 16:01:39 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 16:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/manila/2023/manila.2023-09-28-15.00.html | 16:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/manila/2023/manila.2023-09-28-15.00.txt | 16:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/manila/2023/manila.2023-09-28-15.00.log.html | 16:01 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!