#openstack-cinder log

15:07:27 <enriquetaso> #startmeeting bug-report-cinder
15:07:27 <openstack> Meeting started Wed Mar 10 15:07:27 2021 UTC and is due to finish in 60 minutes.  The chair is enriquetaso. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:07:28 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:07:30 <openstack> The meeting name has been set to 'bug_report_cinder'
15:07:33 <enriquetaso> I need to think of a more original and cool name for the next meeting.
15:07:40 <rosmaita> :)
15:07:44 <enriquetaso> I couldn't fully prepare the etherpard for today's but I have some bugs to discuss:
15:07:51 <enriquetaso> #topic #bug_1:"Cinder ignores reader role conventions in default policies"
15:08:00 <hemna> eharney, I'll work on a draft spec
15:08:03 <enriquetaso> #link https://bugs.launchpad.net/cinder/+bug/1917795
15:08:05 <openstack> Launchpad bug 1917795 in Cinder "Cinder ignores reader role conventions in default policies" [Undecided,New]
15:08:15 <enriquetaso> In keystone, if I grant someone the reader role on a project [0], they're able to make writable changes in cinder.
15:08:15 <enriquetaso> Opening this bug to track work for cinder to consume keystone's default read-only `reader` role.
15:08:36 <enriquetaso> I am worried about doing this as we approach RC time but I think we want this for W, right?
15:08:49 <rosmaita> well, we'll have to see
15:09:12 <rosmaita> this is a bug, so not subject to FF
15:09:19 <rosmaita> and it is a real bug, i think
15:09:55 <enriquetaso> ah OK, so I'll set medium importance
15:10:07 <enriquetaso> #topic bug_2: "Cinder request to glance does not support TLS"
15:10:18 <enriquetaso> #link https://bugs.launchpad.net/cinder/+bug/1917797
15:10:19 <openstack> Launchpad bug 1917797 in Cinder "Cinder request to glance does not support TLS" [Undecided,In progress]
15:10:30 <enriquetaso> in https://github.com/openstack/cinder/blob/39e6008543cd72bbb0daebda676d69ec80bc7be4/cinder/image/glance.py#L107
15:10:30 <enriquetaso> the code does not send cert/key certificates to keystoneauth so if the glance API require TLS the request will fail
15:10:35 <eharney> that doesn't sound right
15:10:41 <eharney> or at least, needs a lot more detail
15:10:55 <enriquetaso> There's a patch for this so far:
15:10:59 <enriquetaso> #link https://review.opendev.org/c/openstack/cinder/+/778768
15:11:17 <enriquetaso> so, the bug it's not completed
15:11:25 <eharney> so is this really about mTLS again?
15:12:09 <enriquetaso> yep
15:12:19 <eharney> i don't think we can go adding support for security related features without the bugs/patches at least having a clear description of what's going on
15:12:22 <enriquetaso> as you mention last time this bug assumes that we support strict mTLS from cinderclient which i don't know is a reasonable assumption but worth fix it.
15:12:57 <rosmaita> well, i find it concerning that someone who wants to work on this is not being precise about what they are talking about
15:13:02 <eharney> me too
15:13:17 <eharney> because it's not clear if we or they understand what the requirements actually are
15:14:12 <rosmaita> i am going to request a spec
15:14:15 <enriquetaso> so this could be more a topic for the next PTG if the reported would like to prepare it?
15:14:23 <enriquetaso> oh spec sounds cool
15:14:26 <rosmaita> yep
15:14:35 <enriquetaso> ok, next one
15:14:43 <enriquetaso> #topic bug_3:  "Volume backup timeout for large volumes"
15:14:46 <enriquetaso> #link https://bugs.launchpad.net/cinder/+bug/1918119
15:14:47 <openstack> Launchpad bug 1918119 in Cinder "Volume backup timeout for large volumes" [Undecided,In progress] - Assigned to kiran pawar (kiranpawar89)
15:14:52 <enriquetaso> There's a patch for this
15:14:53 <enriquetaso> #link https://review.opendev.org/c/openstack/cinder/+/779233
15:14:53 <enriquetaso> Update from today's meeting earlier: we are going to push it to Xena
15:15:07 <enriquetaso> just to double check ^
15:15:09 <eharney> i don't think this patch is even going in the right direction the longer i think about it
15:15:21 <eharney> both Gorka and i left some feedback
15:15:35 <enriquetaso> cool, thanks!
15:15:56 <enriquetaso> Last one
15:16:03 <enriquetaso> #topic bug_4: "Cinder-backup progress notification has incorrect percentage."
15:16:10 <enriquetaso> #link https://bugs.launchpad.net/cinder/+bug/1918102
15:16:11 <openstack> Launchpad bug 1918102 in Cinder "Cinder-backup progress notification has incorrect percentage." [Undecided,New] - Assigned to Jon Cui (czl389)
15:16:16 <enriquetaso> In the process of volume backup, Jon Cui found the percentage number was wrong for progress notification.
15:16:16 <enriquetaso> I wonder if this should be treat as medium o high importance bug.
15:16:34 <rosmaita> do we give a real percentage or just make one up?
15:16:44 <eharney> probably not high
15:17:25 <enriquetaso> good question
15:17:42 <rosmaita> TIL: ctrl-L in my IRC client completely wipes out the buffer
15:17:42 <hemna> ++++ backup_percent is 1.5832483768463135e-05
15:17:44 <hemna> heh
15:17:46 <eharney> the calculation looks wrong
15:18:01 <eharney> dividing number of blocks by volume size, those aren't even the same units
15:18:01 <rosmaita> hemna: sounds like one  of your 2TB backups
15:18:24 <hemna> rosmaita yah I think it's related to our backup setup.
15:18:44 <hemna> we are suffering pretty bad for backups taking ages right now
15:18:55 <eharney> we should just mark that as confirmed but it's medium prio at best
15:19:11 <eharney> (probably low prio given that presumably it's been like that for ages with nobody noticing)
15:19:46 <enriquetaso> sounds good to me
15:20:05 <enriquetaso> #topic open discussion
15:20:20 <hemna> ram usage peaked around 3G for the parallel backup w/ that patch
15:20:21 <enriquetaso> Not sure if we need a open discussion
15:20:43 <eharney> one thing i've wondered about re: bug meetings
15:20:54 <hemna> we also have an issue with expiring tokens for the backups taking that long
15:21:00 <hemna> which kills the backup
15:21:04 <eharney> we have a process for looking at incoming new bugs, do we need to periodically look at ones that have been stuck in in-progress for a long time?
15:21:35 <enriquetaso> hemna, do you have a link?
15:21:40 <openstackgerrit> Simon Dodsley proposed openstack/cinder stable/victoria: Pure Storage: check volumename length does not exceed maximum  https://review.opendev.org/c/openstack/cinder/+/779596
15:21:42 <eharney> i think that expiration problem no longer happens if you configure things to use the correct style of keystone tokens etc
15:21:45 <hemna> enriquetaso no, it's internal
15:22:05 <hemna> eharney correct style ?
15:22:11 <enriquetaso> eharney, i think it's a good concern, I should probably start looking to older and stuck bugs too
15:22:21 <rosmaita> hemna: https://docs.openstack.org/cinder/latest/configuration/block-storage/service-token.html
15:23:09 <enriquetaso> the problem is: how to do the report of 'stuck in in-progress' bugs, send an email?
15:23:44 <rosmaita> probably
15:24:13 <hemna> rosmaita I just checked out cinder.conf and we have teh send_service_user_token = true
15:24:54 <rosmaita> do you have the username, project, etc for the service user?
15:25:32 <enriquetaso> #action enriquetaso: think a good way to report the 'stuck in in-progress for a long time' bugs
15:26:31 <rosmaita> enriquetaso: short term, we could look them over at this meeting and see if they're still relevant
15:26:49 <hemna> yah
15:26:55 <enriquetaso> ++
15:27:02 <enriquetaso> OK
15:27:11 <enriquetaso> that's all I have for today's meeting
15:27:33 <rosmaita> thanks, enriquetaso
15:28:08 <enriquetaso> #endmeeting