| rosmaita | #startmeeting cinder | 14:00 |
|---|---|---|
| opendevmeet | Meeting started Wed May 8 14:00:28 2024 UTC and is due to finish in 60 minutes. The chair is rosmaita. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
| opendevmeet | The meeting name has been set to 'cinder' | 14:00 |
| rosmaita | #topic roll call | 14:00 |
| whoami-rajat | Hi | 14:00 |
| rosmaita | o/ | 14:00 |
| Sai | o/ | 14:00 |
| crohmann | o/ | 14:01 |
| akawai | o/ | 14:01 |
| msaravan | Hi | 14:03 |
| rosmaita | i guess we should get started | 14:03 |
| ccokeke[m] | O/ | 14:03 |
| zaitcev | Oh. I thought jbernard would. | 14:03 |
| rosmaita | #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings | 14:03 |
| rosmaita | agenda ^^ | 14:03 |
| rosmaita | jbernard had a conflict come up, so i'm chairing the meeting for him | 14:04 |
| rosmaita | looks like there are no announcements | 14:04 |
| rosmaita | actually, here's one | 14:04 |
| Luzi | o/ | 14:05 |
| rosmaita | i think i've seen this a few times, usually in cinder-tempest-plugin-lvm-multiattach | 14:05 |
| rosmaita | tempest.scenario.test_instances_with_cinder_volumes.TestInstancesWithCinderVolumes.test_instances_with_cinder_volumes_on_all_compute_nodes : mount: mounting /dev/vdb on /mnt/vdb failed: Device or resource busy | 14:05 |
| rosmaita | seems to be intermittent, but we should keep an eye on it in case there's a real issue | 14:05 |
| rosmaita | so if you have a failure in cinder-tempest-plugin-lvm-multiattach , before rechecking, take a look and see if that's the error you are hitting | 14:06 |
| rosmaita | ok, that's all the announcements | 14:07 |
| rosmaita | #topic Repropose spec to introduce new backup_status field for volume | 14:07 |
| rosmaita | crohmann: that's you | 14:07 |
| crohmann | Yes. I reproposed this and wanted to know if you believe this is something that could be jointly worked on? | 14:08 |
| crohmann | I was merged before, but not worked on or implemented. | 14:09 |
| rosmaita | it's been a while since i looked at that spec | 14:09 |
| rosmaita | i seem to remember that hemna had a devastating critique that came up after it was merged? | 14:09 |
| rosmaita | or am i thinking of something else | 14:09 |
| rosmaita | must be something else, i don't see a comment from him on the original patch | 14:10 |
| rosmaita | so crohmann , when you say jointly worked on, do you mean that you are looking for someone interested in implementing this spec? | 14:11 |
| crohmann | Yes, actually if this is something you cores would work on yourself. I doubt this is the kind of thing one can ever get done as a part time contributor. | 14:12 |
| *** Guest4920 is now known as geguileo | 14:13 | |
| crohmann | De-Coupling backups from other volume status to mee seems kind of a great improvement to core of what cinder is and does | 14:14 |
| rosmaita | well, we need to re-approve the spec, so that should encourage cores to re-read it and think about implementation | 14:15 |
| rosmaita | my initial thought was that if it's well defined, maybe Desire would be interested in picking it up to work on | 14:16 |
| rosmaita | not sure what her time commitments are, though | 14:17 |
| zaitcev | The hardest part to think about is to imagine the consequences of it. | 14:17 |
| zaitcev | At least for me. | 14:17 |
| rosmaita | i will have to search the old meeting logs, or maybe just ping Walt ... i was sure that he had a serious objection | 14:18 |
| crohmann | rosmaita: I believe you are referring to e.g. https://review.opendev.org/c/openstack/cinder-specs/+/818551 which was the former idea to introduce a whole new task status field. But that was indeed a bad idea. | 14:19 |
| rosmaita | thanks ... though i thought it was more recent than 2022! | 14:20 |
| crohmann | That is when we went back to the drawing board and realized that it's not about all tasks ... but backups especially that can run independently from other actions on the volume. | 14:20 |
| rosmaita | ok, i clearly need to re-read this spec | 14:20 |
| rosmaita | so, the situation is: spec needs to be re-approved, and we are looking for someone willing to pick it up | 14:21 |
| whoami-rajat | more than the implementation i think it requires thorough testing | 14:21 |
| whoami-rajat | since the volume state won't be backing-up, there are all the operations that we can perform on the volume | 14:21 |
| whoami-rajat | and any one of them could break causing a regression | 14:22 |
| rosmaita | we will need a full suite of tempest tests | 14:22 |
| whoami-rajat | so that is the major thing to examine IMO | 14:22 |
| geguileo | And we could even block processes if, for example, we delete the volume | 14:22 |
| whoami-rajat | +1 for tempest tests | 14:23 |
| rosmaita | sounds like a good action item would be for someone to review our current tempest backup test coverage and propose some new tests | 14:23 |
| rosmaita | ok, so let's keep that in mind in reviewing the spec | 14:23 |
| geguileo | I believe the tests would depend on the operations that we can think of that would break thigns | 14:23 |
| crohmann | I know it's complex, but it also promises some benefits by removing interlocking of cinder and cinder-backup. But from the discussion here I believe I am right to assume this really needs your buy in ... there really is no way to just push some code for review. | 14:24 |
| rosmaita | i agree about the benefits, but also with the wide opportunity to break things | 14:25 |
| rosmaita | i think if you have time to code some stuff, a good place to start would be to improve the test coverage | 14:26 |
| crohmann | (see my request for review :-P ) | 14:26 |
| rosmaita | ok, let's move on ... result of the discussion is that cores need to please review the spec | 14:27 |
| rosmaita | #topic image encryption | 14:27 |
| rosmaita | Luzi: that's you | 14:28 |
| Luzi | yeah, the glance spec is still under review and i addressed your comments rosmaita | 14:28 |
| rosmaita | just saw that, i need to re-review | 14:28 |
| Luzi | do you want a spec for cinder too, now that you have looked through it? | 14:28 |
| rosmaita | did i see that you put up a patch for a new database table? | 14:28 |
| rosmaita | in cinder, i mean | 14:28 |
| Luzi | that was for the volume type spec | 14:29 |
| rosmaita | oh, ok | 14:29 |
| Luzi | that is another topic - let's focus on image encryption first | 14:29 |
| rosmaita | yes, sorry for confusing things | 14:30 |
| Luzi | i think it is important to also have cinder folks looking through the glance spec, because you mentioned the need for another parameter | 14:30 |
| Luzi | would something like "os_encrypt_compressed" = True/False good enough? | 14:31 |
| whoami-rajat | do we have a link to the spec somewhere? | 14:32 |
| Luzi | https://review.opendev.org/c/openstack/glance-specs/+/915726 | 14:32 |
| whoami-rajat | thanks | 14:32 |
| rosmaita | looking that over, i think you may need a cinder spec, but you can keep it short | 14:35 |
| rosmaita | you can refer to the glance spec for the basic outline | 14:35 |
| Luzi | okay I will write a spec for Cinder | 14:35 |
| rosmaita | the key things for cinder will be what metadata items to look for and how creating a volume from an image will be handled | 14:35 |
| rosmaita | it's probably pretty similar to what we are currently doing | 14:36 |
| Luzi | yeah, I will keep that in mind | 14:36 |
| rosmaita | but the problem is that we currently have a closed-loop system where cinder controls everything | 14:36 |
| rosmaita | once we inject users into the system, we need to be a lot more careful about checking things | 14:37 |
| Luzi | so maybe i should outline the possible workflows? | 14:37 |
| whoami-rajat | "uses it to encrypt the image locally using the OpenStack client (osc) when uploading it." -- did i read this correctly? how will OSC help in encrypting the image? | 14:38 |
| Luzi | what is done when cinder uses a user generated encrypted vs an image created from a Cinder LUKS-colume | 14:38 |
| Luzi | volume | 14:38 |
| Luzi | whoami-rajat, we want to make it easy for users and to be sure on how the encryption is done - so we aim for intagrating that into the osc | 14:39 |
| rosmaita | i guess the questions are: what does cinder have to worry about in downloading a user-supplied LUKS image so that it can write it into a volume | 14:40 |
| Luzi | we also had done this for the gpg-encryption | 14:40 |
| rosmaita | and, is there anything new cinder needs to do when uploading a LUKS volume as an image to glance | 14:40 |
| Luzi | rosmaita, yes that is what I mean | 14:40 |
| rosmaita | ok, we are on the same page then ... writing that up would be helpful | 14:41 |
| whoami-rajat | that seems really strange to me, is the OSC team aware about this? since i see OSC as just the CLI interface and SDK for the API requests, but yeah i will add comments to spec | 14:41 |
| rosmaita | Luzi: you also have a good point about needing to fail early if there's no key manager | 14:43 |
| Luzi | yeah, that is what is bugging me with the container format | 14:43 |
| Luzi | maybe you could discuss this with the Glance team? We have a national holiday tomorrow - so I will not be available | 14:44 |
| rosmaita | the glance team will probably have a holiday tomorrow, too | 14:45 |
| Luzi | ah okay | 14:45 |
| rosmaita | (also, i have a conflict with the glance meeting) | 14:45 |
| rosmaita | can you explain real quickly though what the problem is with the container format? is the idea that an operator who doesn't have barbican can not allow uploads of encrypted volumes by not including 'encrypted' in the glance container_formats config? | 14:46 |
| Luzi | you can and still need to update most of the "os_encrypt_*" parameters later on - if there is no Keymanager available, an encrypted image could be uploaded all parameters set, without getting an error | 14:48 |
| Luzi | and cinder or nova using images which than have a container format like qcow2 or raw - how would you handle it? if there is a check, than it would fail in cinder or nova, but not while uploading in glance | 14:49 |
| Luzi | i don't think that would be a good user experience | 14:50 |
| rosmaita | well, i guess the osc could check that there's a key manager endpoint available before uploading the image? | 14:50 |
| rosmaita | (when you ask it to do the encryption) | 14:50 |
| rosmaita | i guess it has to, anyway | 14:50 |
| Luzi | yeah but that way we would still have the problem in the API... | 14:51 |
| rosmaita | yeah, but you have to figure that API users at least a little know what they are doing | 14:51 |
| rosmaita | right now you can put a JPEG into glance, and as long as it's container=bare, disk_format=raw, you can create a volume from it | 14:52 |
| Luzi | well i think this point really needs a discussion with also the Glance and see what they would want | 14:53 |
| rosmaita | ok, well it sounds like me and Rajat are committed to looking at the glance spec, so that's probably a good outcome for today | 14:53 |
| Luzi | yeah thank you | 14:53 |
| rosmaita | #topic review requests | 14:54 |
| rosmaita | looks like crohmann needs help interpreting a failing test | 14:54 |
| rosmaita | #link https://review.opendev.org/c/openstack/cinder/+/484729/comments/b6da8f16_5c9481e3 | 14:54 |
| * whoami-rajat adding all naive comments to the spec | 14:55 | |
| rosmaita | the festival of reviews is next week (may 17), maybe we can make it a festival of backup reviews | 14:56 |
| rosmaita | they do seem to be piling up a bit | 14:56 |
| whoami-rajat | also one thing i forgot to mention in announcement is, we have M-1 next week but not sure if we had planned any deadlines for M-1 this cycle | 14:56 |
| rosmaita | wow, that snuck up fast | 14:57 |
| whoami-rajat | yeah, i was just trying to see if we had a midcycle-1 date there and noticed the M-1 deadline | 14:57 |
| rosmaita | i know jon was working on scheduling the midcycles, guess we will be having one soon | 14:57 |
| whoami-rajat | #link https://releases.openstack.org/dalmatian/schedule.html | 14:57 |
| rosmaita | that means the release team will be asking for an early os-brick release | 14:58 |
| rosmaita | we need to prioritize os-brick reviews: https://review.opendev.org/q/project:openstack/os-brick+status:open | 14:58 |
| whoami-rajat | looks like it, maybe we can prioritize any important review | 14:59 |
| whoami-rajat | in brick | 14:59 |
| rosmaita | ok we are out of time for today ... please look at the agenda to follow up on the other review requests, they look reasonable | 14:59 |
| rosmaita | #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings | 14:59 |
| rosmaita | thanks everyone ... have a productive remainder of your day | 15:00 |
| whoami-rajat | thanks rosmaita ! | 15:00 |
| rosmaita | #endmeeting | 15:00 |
| opendevmeet | Meeting ended Wed May 8 15:00:16 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:00 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/cinder/2024/cinder.2024-05-08-14.00.html | 15:00 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/cinder/2024/cinder.2024-05-08-14.00.txt | 15:00 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/cinder/2024/cinder.2024-05-08-14.00.log.html | 15:00 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!