jungleboyj#startmeeting Cinder16:00
openstackMeeting started Wed Oct 17 16:00:59 2018 UTC and is due to finish in 60 minutes.  The chair is jungleboyj. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.16:01
*** openstack changes topic to " (Meeting topic: Cinder)"16:01
openstackThe meeting name has been set to 'cinder'16:01
mhenhi o/16:01
_pewp_jungleboyj (^▽^)/ ʸᵉᔆᵎ16:01
jungleboyjHey everyone.16:02
jungleboyjLooks like a good crowd joining.16:03
*** annabelleB has joined #openstack-meeting16:04
jungleboyjOk.  Lets get started.16:04
jungleboyj#topic announcements16:05
*** openstack changes topic to "announcements (Meeting topic: Cinder)"16:05
jungleboyjDon't really have any big announcements other than the fact that smcginnis_vaca is out the rest of the week.16:05
jungleboyjJust for awareness.16:05
jungleboyjSo, we can move on to our topics for the week.16:06
jungleboyj#topic Image Encryption Spec16:06
*** openstack changes topic to "Image Encryption Spec (Meeting topic: Cinder)"16:06
jungleboyjmhen: Luzi16:06
Luzihi again :)16:07
mhenas already mentioned on the ML, we created an etherpad to discuss the location for the proposed image encryption code:16:07
mhen#link image encryption library discussion
erlonLuzi, hey16:07
mhenwe would like to receive input and comments from all involved projects, so please participate if possible :)16:07
mhenI guess there's no need for discussing this here since this should happen in the etherpad right?16:08
jungleboyjYes.  Have been trying to get time to review.16:08
jungleboyjeharney:  Have you reviewed yet?16:08
*** priteau has joined #openstack-meeting16:08
mheneharney reviewed our original spec16:08
eharneyjungleboyj: i wrote about a couple of concerns there -- those concerns generally still exist16:08
mhen#link image encryption proposal
erlonLuzi, nice, Its in my TODO list, I should get some time later this week or beginning of next to review the spec16:09
*** efried is now known as efried_pto16:09
mhenerlon, that would be great thanks :)16:09
mhenregarding the comments on the spec16:09
mhenthe question was raised why we are not doing the image encryption on top of the volume’s LUKS layer for "upload-to-image" but instead propose to re-encrypt the volume data into an image16:09
mhenas commented in the spec we consider volumes and images to be separate resources that each have their own format and encryption, able to be transformed into one another16:10
mhenif such images were to be reused in any other way (e.g. “image save” in OSC, “server create --image” in Nova), handling this special case (double encryption) with the additional LUKS layer would be a nightmare to get consistently implemented everywhere images are handled16:10
mhenat least that's our view on this16:10
eharneythis proposal assumes that if someone decides they want to encrypt images, and they are using cinder volume encryption, then the image encryption isn't needed because they are interchangeable16:10
eharneybut they are different encryption schemes that may have different properties and security guarantees16:11
eharneyso i'm not really sure that plays out well16:11
mhen"the image encryption isn't needed because they are interchangeable" - our spec doesn't mean to imply that, does it sound to you like that?16:12
erlonI don't know if is possible, but using the same encryption for both would be better for usability16:12
mhenerlon, that'd mean that we'd use LUKS containers for the encrypted image format16:12
eharneynot re-encrypting the volume upon upload to image if it's already encryption with cinder/luks encryption, is what i'm referring to16:12
eharneyif it's already encrypted*16:13
erlonI think I have brought this before and there was some reason why it wasn't possible16:13
mhenerlon, and handling LUKS containers needs cryptsetup and root, also on user side16:13
*** annabelleB has quit IRC16:13
eharneyluks doesn't necessarily require cryptsetup, qemu-img also supports it, i'm using it now in the WIP NFS encryption patch16:14
*** tssurya has quit IRC16:14
Luzieharney, can you link that patch?16:14
mheneharney, you are referring to the currently existing case of the "inherited" image encryption in Cinder copy_to_image that we decided to keep right?16:14
mheneharney, we could as well remove that behavior but that would break existing LUKS-based images (originating from cinder) in existing infrastructures16:15
eharneyLuzi:  (warning: it's still generally a mess, but the code is there in some form)16:16
mheniirc qemu-img needs a plain-text key file right?16:16
mhenfor creating LUKS containers16:16
Luzithanks i just want to get an idea of it :)16:16
eharneyit can use plain-text key files, it can also use other ways to transfer the key in which are more secure, iirc16:17
erloneharney, raise "TODO:FIXME", exception.FIXME is the proper one :p16:17
eharneyanyway, need to think more on design and less on implementation here16:18
mhenalso if you ever were to read from an encrypted image that is in LUKS format, you can't stream the content without exposing it via temporary file (qemu-img convert) or dmcrypt endpoint (cryptsetup)16:19
mhenat least from my understanding16:19
mhenimo using another encryption format or re-using LUKS is a design decision that heavily impacts implementation16:19
mhenbut we can continue in the comments on the spec if you prefer16:20
jungleboyjSounds like there is still a lot of discussion required around this.16:21
jungleboyjWould rather take our time on the design and get it right given how complicated Encryption is.16:21
eharneyyeah, i'll pick through the spec some more and continue there, not sure what else to add here forn ow16:21
*** bobh has joined #openstack-meeting16:21
mhenokay, please look at the spec and the library discussion etherpad if you have time16:22
eharneyi'm still a bit wary of this idea of requiring openstacksdk, especially when we already have a library used for encryption (cursive)16:22
jungleboyj#action eharney to do more review of the spec.16:22
mheneharney, please add your points to the etherpad then :)16:23
mhenso that would be all from our side then, thanks everyone for your attention :)16:24
* mhen bows16:24
jungleboyjOk.  Sounds good.16:24
* jungleboyj bows back ?16:24
*** munimeha1 has joined #openstack-meeting16:24
*** knikolla has joined #openstack-meeting16:24
*** vabada has joined #openstack-meeting16:24
*** changes topic to "OpenStack Meetings ||"16:24
jungleboyj#topic User Survey Forum Topic Planning16:25
*** openstack changes topic to "User Survey Forum Topic Planning (Meeting topic: Cinder)"16:25
jungleboyjSo, I added this topic as I want to make sure we don't forget this for the summit.16:25
erlonjungleboyj, do we have any document we can start from?16:26
jungleboyjSo, we wanted to address the comments from the feedback.16:26
jungleboyjerlon:  :-)  Yeah, that seems to be the first step here is to create an etherpad.16:26
jungleboyjLets start here:16:27
*** awaugama is now known as awaugama_appoint16:28
erlonjungleboyj, Im confused about this survey, is this about the questions that we send to the openstack survey?16:29
*** jamesmcarthur has quit IRC16:29
jungleboyjThinking I can summarize the feedback in there and then we can decide how we want to proceed.16:30
jungleboyjerlon:  No, this is to discuss the information they sent to us during the last survey.16:30
*** cloudrancher has quit IRC16:30
jungleboyjAddress the concerns.16:30
erlonjungleboyj, hmm, got it we had some notes from the PTG etherpad right?16:31
erlonsome feature requests, and other things16:31
jungleboyjThey have sent me an updated excel sheet with more info and translations.16:32
jungleboyjI can link that in the etherpad and start organizing the responses.16:32
*** jesusaur has quit IRC16:32
*** jbadiapa has quit IRC16:33
jungleboyjI pull all that into the etherpad and we can discuss at next week's meeting.  Sound ok to everyone?16:33
*** a-pugachev_ has joined #openstack-meeting16:33
erlonsounds good16:33
*** jamesmcarthur has joined #openstack-meeting16:34
jungleboyjOk.  Had hoped to get more done on that this week but have been fighting another fire.16:34
jungleboyj#action jungleboyj  To make the translated feedback available.16:35
jungleboyj#action jungleboyj  To summarize concerns in the etherpad above.16:36
*** a-pugachev has quit IRC16:36
*** a-pugachev_ is now known as a-pugachev16:36
jungleboyj#action team to discuss in next week's meeting to prepare for the Summit.16:36
jungleboyjOk.  Anyone have other questions about that?16:36
*** yamamoto has joined #openstack-meeting16:36
jungleboyj#topic Volume revert-snapshot errors16:37
*** openstack changes topic to "Volume revert-snapshot errors (Meeting topic: Cinder)"16:37
*** jesusaur has joined #openstack-meeting16:38
*** erlon_ has joined #openstack-meeting16:38
jungleboyjerlon:  You still around?16:38
erlon_energy drop16:39
jungleboyjBoo.  That happened here the other day.16:39
erlon_did I miss something? have you guys solved my problem already?16:39
jungleboyjNo, erlon_  Your turn.16:39
*** erlon has quit IRC16:40
erlon_so, I was playing with the revert snapshot, and noticed that the API is not blocking operations when the users tries to revert to a snapstho with smaller size than the volume size16:40
* jungleboyj taps the microphone ... is this thing on?16:40
erlon_the spec says: 409, if volume and snapshot's status are not 'available' or16:41
erlon_   the sizes of volume and snapshot are not equal.16:41
erlon_just need to confirm if this is a bug or a design change on the implementation16:41
erlon_jungleboyj, that is why I was asking about Tommy16:42
erlon_but someone else here could also know16:42
jungleboyjerlon_:  Interesting.16:43
*** annabelleB has joined #openstack-meeting16:43
jungleboyjI am not sure if that was a change from the Spec or a Bug in Implementation.16:43
jungleboyjI am of two minds here.  If they extended the volume and they revert they are going to lose the size change.16:44
erlon_jungleboyj, I tested for LVM, which does not handle this situation, but LVM increase the snapshot size when you extend the volume16:44
jungleboyjThey are going to lose any additional data they added either way though.  Right?16:44
erlon_so, in theory, for LVM that would be OK16:44
jungleboyjerlon_: Would be nice if we could get hold of Tommy to verify what happened.16:45
erlon_jungleboyj, yes they will, but for Cinder, the volume still have the bigger size16:45
erlon_yeap, he will definitely know that16:46
*** e0ne has quit IRC16:46
erlon_well, just a head ups to see if I could get any feedback from someone other than Tommy16:47
erlon_I'm good if nobody has any clue16:47
jungleboyjerlon_:  Oh you are saying we could get into a state where the volume is actually smaller than Cinder says.16:47
*** jbadiapa has joined #openstack-meeting16:47
jungleboyjBecause then that is a problem.16:48
gansosounds like a bug16:48
erlon_jungleboyj, yes, if the backend does not handle that and allow the revert16:48
jungleboyjerlon_:  Then that is definitely a but.16:49
erlon_the thing being is that for LVM, the revert operation does not shrink the size of the volume16:49
jungleboyjWas assuming that if it reverted to a different sized volume that the size would be updated.16:49
erlon_let's  say, You create a volume, take a snapshot, extend it, and revert to the snapshot. ON LVM, when you extend, the snapshot size (in the storage size) gets extended too16:50
gansoerlon_: I'd say that if this kind of operation is allowed, then LVM should shrink the volume back. Same if the volume has been shrinked, and then reverted to a bigger one16:50
jungleboyjerlon_:  Got it.16:50
erlon_but that does not happens to other drivers, like SolidFire16:50
jungleboyjganso:  Can you shrink a volume though?16:51
erlon_no, cinder does not allow that16:51
gansojungleboyj: oh nvm, forgot that Manila has this functionality, not Cinder16:51
erlon_Im not aware of LVM limitations about extending/reverting snapshots16:52
jungleboyjganso:  Ok, was confused for a minute.16:52
jungleboyjSo, we would have to have some sort of special case for changing the volume size in the DB?16:53
erlon_jungleboyj, well I think that the best approach would be either not allow the operation and clock in the API, or set the volume size to the proper size on DB16:54
jungleboyjerlon_:  That would be the two options.  :-)16:55
jungleboyjAnyone have a strong opinion on the direction to go here?16:55
erlon_lol, dont need the 2. If you don't allow that to happen, dont need to set the proper size16:55
*** jbadiapa has quit IRC16:55
jungleboyjSo, it seems ok to allow the revert.16:57
jungleboyjIf I want to go back to that snapshot, I want to go to that snapshot.16:57
jungleboyjI may be annoyed in the future when it is smaller, but then I have to remember I reverted.16:58
jungleboyjExtend it again.16:58
jungleboyjBut, then we have a bug and we need to make sure that the size in the DB is right.16:58
jungleboyjAnyone have a concern about fixing the bug and leaving the function?16:59
erlon_jungleboyj, I don't know if there was any architectural problem related to revert to a small size16:59
erlon_Ill try to talk to Tommy or if not able to understand if there would be any16:59
jungleboyjerlon_:  You willing to check into it?16:59
erlon_jungleboyj, ye16:59
jungleboyjerlon_:  Ok.  You may need to e-mail him. Don't see him on IRC anymore.17:00
*** jamesmcarthur has quit IRC17:00
jungleboyjLets start there and then discuss next week if necessary.17:00
*** tpsilva has joined #openstack-meeting17:00
jungleboyj#action erlon_ To follow up with Tommy on the design choice and get back to us.17:00
erlon_jungleboyj, good point Ill do that17:00
jungleboyjAnd we are at time.17:00
jungleboyjThank you everyone!17:00
jungleboyjTalk to you next week.17:01
whoami-rajatjungleboyj: Thanks.17:01
*** openstack changes topic to "OpenStack Meetings ||"17:01
openstackMeeting ended Wed Oct 17 17:01:12 2018 UTC.  Information about MeetBot at . (v 0.1.4)17:01
openstackMinutes (text):
jungleboyjwhoami-rajat:  Sorry we didn't get to bug triage.  We will get to it when we can.  :-)17:01
whoami-rajatjungleboyj: yes no problem. :)17:01
*** Luzi has quit IRC17:02
*** erlon__ has joined #openstack-meeting17:04
*** erlon_ has quit IRC17:07
*** woojay has left #openstack-meeting17:11
*** a-pugachev has quit IRC17:13
*** kopecmartin|ruck is now known as kopecmartin|off17:14
*** Swami has joined #openstack-meeting17:31
*** diablo_rojo has joined #openstack-meeting17:34
*** yamahata has joined #openstack-meeting17:35
*** awaugama_appoint is now known as awaugama17:41
*** ralonsoh has quit IRC17:47
*** apetrich has quit IRC17:50
*** macza has quit IRC17:52
*** dklyle has joined #openstack-meeting17:52
*** macza has joined #openstack-meeting17:52
*** cloudrancher has joined #openstack-meeting17:53
*** ganso has left #openstack-meeting17:56
notmyname#startmeeting swift21:03
openstackMeeting started Wed Oct 17 21:03:28 2018 UTC and is due to finish in 60 minutes.  The chair is notmyname. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:03
*** openstack changes topic to " (Meeting topic: swift)"21:03
openstackThe meeting name has been set to 'swift'21:03
notmynamewho's here for the swift team meeting?21:03
kota_good morning21:03
rledisezhi o/21:04
notmynameagenda is the same as last week (and it looks like *someone* forgot to update the date...)21:04
notmynamethere have been quite a few reviews on py3 and s3api patches and several have landed21:05
notmynametimburke: we're getting closer!21:05
notmynamealso, multiple keymaster support. thanks mattoliverau21:06
mattoliverauI should probably look at some of those py3 ones seeing as SUSE want a py3 release soonish.21:06
mattoliverauno thank timburke for the patch :)21:06
notmynamethat would be great, thanks21:06
notmynamekota_: rledisez: anything to update the rest of us on this week?21:06
timburkelots of patches from OVH this week, too! i'm excited about them21:07
notmynamerledisez: looks like there's some work from your team (eg patch 611325)21:07
patchbot - swift - Remove empty directories after a revert job - 1 patch set21:07
mattoliveraurledisez: I still haven't had a chance to really look and play with your ssync patches, but sound kinda exciting.21:07
rledisezwhile we were looking at SSYNC, we optimized some part. there is still some works on other part, but it gives good result for now21:07
kota_not so much updates to me, I randomly walk some patches related to s3api's... including keystone secret caching.21:08
rledisezthx timburke for the reviews. I think your concerns atomicity must be addressed now21:08
kota_rledisez: cool21:08
*** DHE has joined #openstack-meeting21:09
*** dklyle has quit IRC21:10
*** dklyle has joined #openstack-meeting21:10
notmynametimburke or tdasilva: do you have anything to update on?21:10
tdasilvanothing from me21:11
timburkethere's a patch at that addresses a long-standing bug from swift3. i saw kota_ and zaitcev already took a glance at it21:11
patchbotpatch 610747 - swift - s3api: Stop relying on container listings during m... - 2 patch sets21:11
notmynameFWIW, at swiftstack we've been working on some s3 migration functionality for 1space. the s3api patches are getting more important to us (blocking future s3 api compat work).21:11
timburkeit requires a new feature in slo, found in
patchbotpatch 609860 - swift - Add slo_validator callback - 2 patch sets21:12
mattoliverauwell better s3api is better for us all :)21:12
notmynamethanks kota_ and zaitcev for looking at those21:13
timburkeoh, and the multi-keymaster patch isn't *quite* landed yet; i wound up putting it on a chain with a couple refactorings: and
patchbotpatch 611172 - swift - Unify handle_get/handle_head in decrypter - 1 patch set21:13
patchbotpatch 611173 - swift - Simplify the decryption of container listings - 1 patch set21:13
mattoliverauI'm building a vitual multinode swift env to attempt to recreate the sharding bugs.. and maybe use it to test ssync while I'm at it.21:13
notmynamepersonally, I'm getting a little nervous about summit prep, so I'll be working on that Real Soon Now(tm) :-)21:14
* mattoliverau misses the days of unlimitted public cloud, or hardware for that matter. 21:14
notmynamemattoliverau: lol I hear ya21:14
mattoliveraubut one's gotta do what ones gotta do :P21:14
*** felipemonteiro has joined #openstack-meeting21:14
notmynamedoes anyone want to talk about any of these things in more detail right now? highlight any current work you're doing?21:15
timburkeoh yeah! and was a fun thing to shake out of some more s3api compat testing21:15
patchbotpatch 609843 - swift - Allow arbitrary UTF-8 strings as delimiters in con... - 2 patch sets21:15
notmynameoh right. timburke that came from a third-party client we were testing, right?21:16
timburkeyep. i forget which one offhand21:17
notmynameIIRC splunk21:17
*** dklyle has quit IRC21:17
timburkeit seemed like a bit of a weird client -- the delimiter was literally '<product>Guid'; it *really* seemed like they forgot to interpolate a string or something21:17
*** rcernin has joined #openstack-meeting21:18
notmynameI'm wondering if we should do an upstream swift release when we get the s3api patches landed21:18
*** dklyle has joined #openstack-meeting21:18
notmynamenot sure yet, but maybe just a 2.19.1?21:19
mattoliverausounds good to me, release often I say :)21:19
*** ykatabam has joined #openstack-meeting21:19
timburkeoh yeah, i should look at timur's
patchbotpatch 605568 - swift - Handle non-ASCII characters in S3 v2 listings. - 2 patch sets21:20
notmynamethe last few weeks in the community (and here in these meetings) it's felt a little quieter, but I think that's ok for now. we're reviewing patches, making progress on s3api and py3, making (slower) progress on losf. thank you for the "slow and steady" work you're doing :-)21:21
notmynamedoes anyone have anythign else to bring up this week?21:21
kota_I'd like to ask to tdasilva for FOSDEM 201921:22
mattoliverauI have to play with ipv6 stuff in a new sqaud I'm apart of. I assume Swift is fine at that.. I remember some patches re ipv6 landed ages ago.21:22
tdasilvakota_: hey! what's up?21:22
mattoliverauin any case, I'll soon find out :)21:22
notmynamemattoliverau: yeah, swift is good with ipv6 everywhere21:22
notmyname(if it's not, it's a bug)21:22
mattoliveraugood, cause that's what I've been telling people ;)21:23
kota_it sounds like currently it's in the term to gather topics so... I'm wondering someone is planning to do it21:23
timburkewe've even got an IPv6 gate job :-)21:23
notmynamekota_: are you planning on going to fosdem?21:24
*** felipemonteiro has quit IRC21:24
tdasilvakota_: yeah, last year acoles cschwede and I kinda of organized ourselves to propose multiple talks, maybe we could do the same this year?21:24
tdasilvarledisez: any chance you might be able to go?21:24
*** slaweq has quit IRC21:25
kota_notmyname: i hope but I'd like to find the reason to negotiate to my boss :-)21:25
rlediseztdasilva: i can't say. for now it's not part of my plan. i'll check and let you know21:25
mattoliverautimburke: oh yeah of course :)21:25
tdasilvarledisez: ack21:26
kota_so for example, if we could have some talks on losf and can do some hacking work with rledisez (and any attendees) it's obviously reasonable to go there.21:26
notmynamerledisez: now it sounds like you must go! :-)21:27
rledisezyeah, i'll told my boss I have no choice but to go ;)21:27
notmynamegood. I'm glad we got all that settled :-)21:27
tdasilvakota_: rledisez: I'll start a mail thread and we can try to get organized...21:28
notmynametdasilva: it would be great if you could help coordinate .... awesome. way ahead of me as always :-)21:28
kota_tdasilva: much appreciated21:28
notmynameanything other topics this week?21:29
*** jamesmcarthur has quit IRC21:29
notmynamerledisez: mattoliverau: do you have anything else?21:29
rlediseznotmyname: nope21:29
mattoliveraunot that I can think of, at least until after the meeting closes :P21:29
notmynameok then. let's close it (and so mattoliverau can get his morning coffee and remember what he really wanted to talk about)21:30
notmynamethanks for coming21:30
*** openstack changes topic to "OpenStack Meetings ||"21:30
openstackMeeting ended Wed Oct 17 21:30:11 2018 UTC.  Information about MeetBot at . (v 0.1.4)21:30
openstackMinutes (text):
mattoliverau\o/ coffee!21:30
