16:00:04 #startmeeting cinder 16:00:05 Meeting started Wed May 28 16:00:04 2014 UTC and is due to finish in 60 minutes. The chair is jgriffith. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:06 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:08 hey everyone 16:00:09 The meeting name has been set to 'cinder' 16:00:25 good afternoon 16:00:32 hey jgriffith 16:00:32 hey 16:00:39 hi 16:00:45 todays agenda #link https://wiki.openstack.org/wiki/CinderMeetings 16:00:55 Shall we? 16:01:00 jungleboyj: you ready? 16:01:09 #topic 3'rd party CI 16:01:12 jgriffith: Sure. 16:01:32 jungleboyj: ok, you're on 16:01:45 So, just a couple of things I wanted to chat about. It looks like we didn't land on a decision regarding which tempest tests need to be run. 16:01:52 https://etherpad.openstack.org/p/juno-cinder-3rd-party-cert-and-verification 16:01:56 hello 16:02:22 The suggesting is to run the "volume" test scenarios and the check-tempest-dsvm-full 16:02:31 Is that what we shoueld get running? 16:03:00 Seems like a good start - until people have tried, we won't know what the issues are 16:03:03 jungleboyj: cehck-tempest-dsvm-full includes those 16:03:33 jungleboyj: the question is if people want to just run "volume" tests 16:03:35 Ok, so get check-tempest-dsvm-full running. 16:03:41 jungleboyj: that would be the subset of dsvm-full 16:03:49 jungleboyj: yes 16:04:10 We said we'd shoot for dsvm-full every 24 hours or better in the session... 16:04:12 jgriffith: Ok. Thoughts? DuncanT 16:04:27 * jungleboyj knew you would be the first to chime in. 16:04:29 DuncanT: that's one thing that's kinda changed a bit after further talks with CI team 16:04:41 DuncanT: jungleboyj might as well just hit every Cinder commit 16:04:43 jgriffith: Ah, I missed all of that 16:04:47 DuncanT: jungleboyj or at least try 16:04:57 DuncanT: it was an IRC convo after the summit 16:05:14 jgriffith: That was what we were leaning towards here. It is what, 2 or 3 commits an hour on average? 16:05:20 jgriffith: On #openstack-cinder? I'll go read the log later 16:05:23 jungleboyj: if that 16:05:40 jgriffith: Right,that would be a busy day. 16:05:41 DuncanT: no, it was either in infra or in the 3'rd party ci weekly meeting 16:05:45 can't member 16:05:57 anyway, no reason not to "try" it 16:06:07 jgriffith: Ok, I'll try to find it, but if we're shooting for every commit, fine by me 16:06:10 jgriffith: Partially because of the difficulty of getting useful info out of the daily runs. 16:06:11 back to your question of dsvm full or other 16:06:22 jgriffith: +1 16:06:26 2 or 3 commits a hour, so one test may haven't finish, another one will start? 16:06:38 dsvm-full seems like the way to go, however I have to say I'm running into issues with that 16:06:45 xyang__: Will be queued up. 16:06:49 I have EXTREMELY inconsitent results 16:06:53 xyang__: potentially. 16:06:54 xyang__: or parallelism! 16:07:04 random failures in instance creation, networking etc 16:07:12 if you have multiple slaves you can test more than 1 change at a time 16:07:16 jgriffith: That isn't good. 16:07:20 and it's just using the exact infra setup, not using my driver or anything 16:07:33 jungleboyj: not, it's driving me crazy. Plus others apparantly have this working 16:07:47 I keep hoping someone here make some progress on this to compare notes :) 16:08:55 Does just the volume tests work for you jgriffith? 16:09:00 jgriffith: We haven't gotten that far yet. We have the right people in the loop and potentially the hardware. Need the system to put in front of it to be control node/run tests. 16:09:01 jungleboyj: and NO, not iSCSI only 16:09:16 akerr: yes, as long as I do a clean inbetween runs 16:09:25 jgriffith: Ok, for some reason I thought someone had said that. 16:09:45 jungleboyj: I think hemna was having issues with that 16:09:49 jungleboyj: but anyway 16:10:01 That's the price you pay for doing FC IMO :) 16:10:11 jgriffith: :-p 16:10:39 anybody else actively setting this up right now? 16:11:01 jgriffith: So, it sounds like my last question is also answered if we are going to do on each commit. It will be part of the Jenkins results then. 16:11:12 jungleboyj: correct 16:11:20 jgriffith: I have a toe in the water right now, plan to pick up steam in a week or 2 16:11:22 jgriffith: Ok. 16:11:31 akerr: cool, keep me posted on how it goes 16:11:48 akerr: are you using the tools laid out by jay? 16:11:55 Yes 16:12:09 akerr: cool, it'll be good to see if maybe it's my crappy AMD boxes :) 16:12:24 * jgriffith has crappy blades with AMD procs 16:12:59 looks like it's just /me and akerr then for now? 16:13:17 anything else on this one jungleboyj ? 16:13:24 did you get answers ? 16:13:51 Well, so continue to move forward trying to get dsvm-full working? 16:14:00 Or start smaller with the volume tests? 16:14:06 jungleboyj: dsvm-full 16:14:24 no reason not to try that first at least 16:14:25 IMO 16:14:27 aye aye captain. :-) 16:14:43 jgriffith: asselin_ is working on this for us, he'd not in at the moment, but he should be available in the cinder channel in a little bit 16:14:58 kmartin: cool, I'll be curious to hear how it's going 16:15:14 Funny, we have 20+ drivers and nobody really working on this yet :( 16:15:17 Somebody here should be working on it in the next week or so, hopefully not me 16:15:18 maybe 3 of us 16:15:24 DuncanT: haha! 16:15:36 jgriffith: I know he is looking at the pci pass though for FC 16:15:37 kmartin: Looks like he has been keeping the etherpad updated which is appreciated. 16:15:41 we'll start soon 16:16:03 coolio 16:16:04 jungleboyj: yes he is updating the etherpad 16:16:12 jgriffith: I am hoping that we have people actually trying to set this up in the next couple of weeks. 16:16:23 * jgriffith wishes he had *people* 16:16:28 Just pooling resources across the teams now. 16:16:32 on second thought... no he doesn't 16:16:40 jgriffith: :-) 16:16:56 jgriffith: Ok, I think that answers my questions. 16:17:02 jungleboyj: cool 16:17:07 #topic SSH host keys 16:17:13 jungleboyj: your's again 16:17:26 mornin 16:17:31 hemna: yo 16:17:34 jgriffith: Yeah ... so, security people here have sunk their teeth into this one. 16:17:42 hemna: Buenas Dias 16:18:15 jungleboyj: so I'm not seeing this as warranting a backport myself? 16:18:16 I have gotten them to take a deep breath but want to talk to everyone here about the issue and how we can move forward to a solution. 16:18:24 jungleboyj: care to ellaborate as to why it should be? 16:18:42 jungleboyj, is this one related to the recent ssh patch ? 16:18:54 url? 16:18:57 hemna: see the agenda, there are links 16:19:00 k 16:19:05 https://wiki.openstack.org/wiki/CinderMeetings 16:19:11 jgriffith: Ok, so, at this point, I agree on that aspect. It doesn't do any good without the drivers making fixes. 16:19:22 #link https://launchpad.net/bugs/1320050 and #link https://bugs.launchpad.net/cinder/+bug/1320056 16:19:24 Launchpad bug 1320050 in cinder "Brocade FC SAN lookup service should allow customized hosts key and missing policy" [High,Fix committed] 16:19:25 thnx 16:19:39 What does the driver need to fix? 16:19:50 Let me take a step back. 16:19:56 Looks like a legitimate bug, my main concern is, as usual, keeping running configs running 16:20:00 I think it's kinda cumbersome to not share keys independent of driver 16:20:14 DuncanT: which one are you looking at :) 16:20:44 jgriffith: Both actually ;-) 16:20:50 DuncanT: :) 16:21:02 by not checking the known_hosts file and using RejectPolicy when it doesn't match, you leave yourself open to MITM (man-in-the-middle) attacks 16:21:06 edmondsw: Cna you chime in. 16:21:12 we need to fix that throughout 16:21:28 jgriffith: DuncanT ^^^ The person who found this. 16:21:28 edmondsw: Low risk in most environments, but agreed 16:21:33 edmondsw: I guess I didn't read the bug that way 16:21:51 edmondsw: DuncanT to me this sounded like "I want to have my custom keys" 16:22:08 edmondsw: ie not have them in the hosts ~/.ssh dir? No? 16:22:09 edmondsw: The problem is that if we change the default the currently working installs grind to a halt, don't they? Or will the auto-add have stashed the key by then? 16:22:25 jgriffith: The new thing that came out of this is wanted to have a config option to support this. 16:22:35 jgriffith: might as well fix that while we're at it, but not, the issue is bigger than using a custom known_hosts file 16:22:37 auto-add should have stashed the keys by then. 16:22:53 markstur__: Thanks 16:22:57 but what they "used to do" won't work the next time in a clean env 16:23:35 markstur__: I'm far less concerned about that, though we could still default to auto-add and let packagers harden if they want 16:23:47 right now some things are using auto-add, some things are using warnings (which log but then continue). I'm not sure anything is actually rejecting when keys don't match, that I saw 16:23:49 hi 16:24:12 asselin_: Welcome. 16:24:14 edmondsw: indeed... ok that I agree is poor 16:24:27 I'd propose we focus on fixing the lack of security here first 16:24:42 jgriffith: +1 16:24:44 then revisit the idea of letting each driver add a custom key file/location 16:25:18 missing key policy should be configurable somewhere not hard-coded 16:25:47 markstur__: I think what I'm saying is there shouldn't be a "missing key policy" per say 16:25:56 you don't have the keys, or the keys don't match and your fail 16:26:02 s/your/you/ 16:26:23 i.e., policy == reject 16:26:25 jgriffith: my thought was that by supporting config settings to indicate what policy (and known_hosts... why not add that together?) you don't necessarily break anyone. 16:26:29 jgriffith: That sounds like a safer default right now. 16:26:39 Could leave defaults as they are today, initially, and then revisit the defaults when we can work out how to not break folks 16:26:43 avishay: yeah 16:26:54 then why bother? 16:27:14 jgriffith: So RejectPolicy is the missing_key_policy -- but really it should be configurable for at-your-own-risk type environments (test) 16:27:23 honestly unless I'm missing something why have an option that says "you can do this insecurely if you want" 16:27:36 markstur__: why? 16:27:41 jgriffith: this allows operators to harden, without breaking anyone. Doesn't mean it's a final solution, but buys time to work out how to fully fix 16:27:48 markstur__: we don't do that for instances for example 16:28:14 edmondsw: I guess I don't understand why we need to "buy time" rather than just fix it 16:28:17 jgriffith: we have other options to allow you to do things insecurely :) 16:28:29 it seems everybody feels this is poor / lacking in the realm of security features 16:28:52 +1 for having an option to do it insecurely for test/dev environments 16:28:57 edmondsw: ok... well, I guess I should defer to folks that actually need/use this :) 16:29:02 bswartz, +1 16:29:06 * bswartz sets his keystone password to "password" in his dev environment 16:29:06 bswartz: can anybody explain why? 16:29:11 bswartz: hemna ? 16:29:11 edmondsw: I guess I am a little confused. Initially you were worried about security. So, why not just harden security? 16:29:14 jgriffith: Breaking every install doc ever would be a downside of changing it to reject-by-default 16:29:31 DuncanT: Details. ;-) 16:29:42 DuncanT: wouldn't be the first time :) frankly I'm not too worried about that, you just update docs 16:29:59 If we never "fixed" anything because we didn't want to update docs that would be sad 16:30:00 jungleboyj: yeah, I don't mean to come off the wrong way here... I was trying to stage the solution to help out 16:30:04 jgriffith: Plus the failure should be pretty clear. 16:30:14 engineers update docs? 16:30:17 :P 16:30:25 hemna: bswartz still wondering about the advantage for a test option here? 16:30:31 hemna: just put docimpact and it's magic 16:30:36 edmondsw: The complication with new config options is that it really turns into a new feature and would be Juno only. 16:30:41 avishay: +1 :) 16:30:43 No way to backport. 16:30:47 avishay, :) 16:30:53 jungleboyj: yes and that's how it should be IMO 16:30:54 jgriffith: You asked for an example of why you might not want to go default=reject straight away. I'm fine with new installs breaking as long as upgrades don't, and it sounds like the key /should/ be cached for all running installs, so we're good there 16:31:04 * jungleboyj likes magic 16:31:07 jungleboyj: can't be Juno only... we need to backport 16:31:11 DuncanT: uh oh... are we agreeing again :) 16:31:16 edmondsw: why? 16:31:17 if forcing a secure option is not a large burden I'm not opposed to it but I know that people tend to take the path of least resistance when testing/developing and I don't see a problem with that 16:31:23 edmondsw: It doesn't fit the criteria IMO 16:31:27 edmondsw: it's a feature 16:31:29 jgriffith: re: why? -- Seems to me that if we harden someone, somewhere will need to loosen or write their own known host auto-add mechanisms. That is usually the intent, but it seems like a config is the better work-around. Does that answer the "why" way back up there that I missed? 16:31:45 Ok... let's back up 16:31:47 jgriffith: security vulnerability, not feature 16:31:49 jgriffith: The advantage of being able to config it off is that for frequently reinstalled systems (e.g. gate), having to go fetch the key, outside of cinder, is a pain in the ass 16:32:02 I had two people that said "needs to be configurable to make their lives easier" 16:32:05 hemna: bswartz 16:32:11 why does this matter for you? 16:32:24 as opposed to generating a key in the driver and actually using it? 16:32:47 for testing/dev environments. I suppose we could automate it via a devstack local.sh though 16:32:51 jgriffith: "configurable to make their lives easier" can be a feature... but not rejecting when known_hosts doesn't match is a vulnerability 16:32:52 generating a key in the driver? How do you confirm that's the key on the device? That's the whole point.... 16:32:53 I'm just throwing an opinion out there -- it doesn't matter to me 16:33:10 DuncanT: maybe I'm missing something here.... 16:33:23 DuncanT: I had assumed we'd have the driver setup keys during init 16:33:24 I don't use SSH so this won't impact me one way or the other 16:33:30 bswartz: haha 16:33:35 hehe 16:33:40 jgriffith: No, that doesn't solve the MITM problem 16:33:53 DuncanT: +1 16:33:58 DuncanT: ok, I'm missing something here 16:34:14 jgriffith: To do it securely, you have to set up the keys outside of cinder, having confirmed they are really the ones from the SAN 16:34:18 jgriffith: "have the driver setup keys during init" meaning have it auto-add to known_hosts the first time it talks to the device? 16:34:25 DuncanT: ok, so that's fine as well IMO 16:34:34 DuncanT: have devstack setup do it 16:34:45 edmondsw: yes, that's what I was thinking 16:34:53 edmondsw: and I'm still unclear on why that doesn't work 16:35:06 but I'm not arguing :) 16:35:12 jgriffith: auto-add by default means you can get hit by MITM at install time 16:35:14 jgriffith: someone can MITM during setup 16:35:17 jgriffith: better, but could still have had a MITM attack in progress when you make that first connection 16:35:25 avishay: how would they do that? 16:35:38 edmondsw: ahh... got it 16:35:39 avishay: True. 16:35:40 ok 16:35:53 seems like a bit of a strecth to me but that's fine 16:35:54 jgriffith: ARP spoof to steal the SAN IP, and fake a SAN? 16:36:01 jgriffith: we're talking 1337 h4x0rs here :) 16:36:12 I'd still just say we make strict key checking by default and set it up in devstack for devs 16:36:13 Granted all of this is somewhat unlikely in provate clouds but once we have more hybrid clouds it becomes a bigger concern. 16:36:26 jungleboyj: hybrid clouds... surely you jest! 16:36:29 :) 16:36:35 jgriffith: auto-add on first connect as a default, with a fail-if-changed policy, matches your idea 16:36:41 jgriffith: Someone said they are coming. ;-) 16:36:49 this is why I was assuming we'd need a conf setting to specify the policy and the pre-configured known_hosts file to check against... so operator can set that up prior to first connect 16:36:50 DuncanT: correct 16:36:59 jgriffith: And have a config option for super-strict you-sort-all-keys-in-advance mode 16:37:04 DuncanT: but honestly I'm also fine with stricter impl as well 16:37:11 and I'm failing to see why it's sooooo hard? 16:37:11 jgriffith: For paranoid installs 16:37:18 time check -- this topic has taken 20 minutes 16:37:22 just configure devstack to generate and setup keys 16:37:26 update docs 16:37:26 done 16:37:30 edmondsw, so an admin is going to have to build the known_hosts file for every SAN prior to starting Cinder ? 16:37:30 i think there is consensus 16:37:35 devstack is not the only fruit 16:37:43 bswartz: you're just worried navneet won't get enough time :) 16:37:52 jgriffith: yes! 16:37:56 bswartz: :) 16:37:57 :) 16:38:08 bswartz: navneet we'll cut over at 20 til 16:38:09 he is also worried that jgriffith won't have time 16:38:10 *chuckles* 16:38:14 hemna: if they want the strict security, yes. Could be configurable to allow less strictness, e.g. auto-add on first connect 16:38:17 jgriffith: So, can we try to put together a quick plan for this? 16:38:18 hemna: do you want security or not :) 16:38:28 :P 16:38:40 jgriffith: It sounds like this is something that we need to create a Blueprint for. Would you agree? 16:38:46 edmondsw: that's a compromise at any rate. I could live with that but I don't see the point at all 16:38:59 especially if you all are saying "we have to backport" 16:39:05 jgriffith: This is not a binary decision - turning security decusions into those tends to make from bad conclusions 16:39:10 then it seems it's not really that big of an issue IMO 16:39:18 so can we at least dump something useful in the logs then, so an admin's job of building the known_hosts file isn't a mystery 16:39:20 my concern is strict security... if you want to have a config setting to allow less strictness, that's fine, but I won't use it :) 16:39:22 DuncanT: fair enough 16:39:49 DuncanT: although I'd say if someobdy files an OSS and says "OMG security issue, must backport to everywhere" then it does become a bit binary 16:39:54 DuncanT: +2 ... I want to make sure we talk through this and com eup with a good solution. 16:39:56 Just sayin :) 16:40:16 Honestly I don't use SSH so not sure why I care ;) 16:40:21 jgriffith: Security bods tend to suggest the sky is falling for whatever issue they've just found 16:40:34 time 16:40:36 edmondsw, +1. If it's configurable, then that makes test/dev environments easy to deal with. just set the auto-add config setting and away you go. 16:40:38 Oh.... wait... I remember, because Cinder shouldn't be a steaming pile o'crap 16:41:07 hemna: just adding 3 lines of code to devstack/lib/cinder makes it even easier! 16:41:09 * jungleboyj notes that I would like to get a plan to go forward. 16:41:41 Ok.... 16:41:43 time's up 16:41:44 * DuncanT suggests default to auto-add on first connect, have a config option for super-paranoid mode 16:41:46 but real quick 16:41:51 DuncanT: +1 16:41:59 jungleboyj: edmondsw does that sound ok to you? 16:42:15 default auto-add on first connect, option to harden? 16:42:22 I think security cops would not like the auto-add default 16:42:23 DuncanT: +1 if that config option is two... policy and known_hosts location 16:42:29 DuncanT, +1 16:42:41 markstur__: I agree, but you guys keep shooting me down because apparantly it's "toooo hard" 16:42:47 markstur__, if it's configurable, then the security cops can be happy. 16:42:49 DuncanT: jgriffith So, we keep current config for first connect and throw an error for subsequent changes. 16:42:50 edmondsw: Fine with me 16:42:53 * jgriffith uses his 'whinie' voice 16:43:17 jungleboyj: +2 16:43:18 and if that auto-add is only on first connect, and it will reject thereafter by checking against known_hosts 16:43:22 Ok... jungleboyj edmondsw markstur__ we good at least for a start? 16:43:46 jgriffith: Sounds good to me. Should we do this through a cinder-spec then? 16:43:47 navneet: I'm trying buddy :) 16:43:55 jungleboyj: yes, it's def a feature 16:43:58 jgriffith: i understand :) 16:44:04 jgriffith: No backport. 16:44:17 jungleboyj: it's a feature, so that would mean no 16:44:23 jgriffith: need backport... have to fix security vulnerability in released versions 16:44:25 jungleboyj: but I'll let others make a fuss if they like 16:44:30 haha 16:44:38 edmondsw: jungleboyj let's chat in #cinder after meeting 16:44:38 I can make a fuss :) 16:44:41 jgriffith: Ok, warned edmondsw that was going to be the answer. 16:44:45 OK, how about first come up with a solution, then see about backport? 16:44:51 jgriffith: Ok. 16:44:53 avishay: fair 16:45:05 * avishay looks at his watch :) 16:45:06 * jungleboyj yields the floor. 16:45:09 #topic Dynamic multi-pools 16:45:13 navneet: you're up 16:45:22 jgiffith: the code is WIP 16:45:30 if somebody wants to gv early feedback 16:45:34 https://review.openstack.org/#/c/85760/ 16:45:43 its nearly done 16:45:52 navneet: what does WIP mean? still writing? can test? 16:46:02 the main change since atlanta is added unit tests 16:46:08 avishay: I was but m done now for c-vol 16:46:20 some differences still not submitted 16:46:24 ll do it soon 16:46:28 OK 16:46:47 I'd still prefer a simpler approach that simply uses pools in volume types and pass the pool stats to the scheduler in the get_volume_stats 16:46:59 hemna: +1 16:47:02 hemna: +1 16:47:18 hemna: that does no sound like a clean approach 16:47:22 Mabye one of use should propose an alternate and we can all compare/contrast? 16:47:28 you need to make changes at many places 16:47:37 I think if we do the simpler approach and it then still doesn't meet the needs of folks, we can try navneet's approach or something similar. 16:47:42 also the rpc layer 16:47:42 as long as the end result is the same should be ok no? 16:47:46 hemna: that may sound simpler but the code change would be a lot more and scattered around 16:48:00 bswartz: but that's the OS way!!! :) 16:48:04 navneet: Your approach changes the way the driver is called, in quite fundamental ways, I'm still far from convinced there aren't serious issues 16:48:08 bswartz: +1 16:48:19 navneet: we have been using that approach for sometime 16:48:20 bswartz: seriously though, it might open the door to some other 'features/enhancements' in the future 16:48:24 it's more flexible 16:48:32 DuncanT: u can highlight the issues 16:48:34 navneet: Changing the driver from a singleton to having many is a big deal IMO 16:48:45 DuncanT: +1 16:48:45 DuncanT, +1 16:48:54 DuncanT: we do ti for multiple backends today 16:48:56 doesn't multibackend already do that? 16:49:01 we r just extending it for pools 16:49:10 navneet: actually no I don't think so 16:49:12 driver is not aware of multi-backend 16:49:15 navneet: Yeah, but they're talking to different backends 16:49:23 navneet: guitarzan driver is still a singleton 16:49:29 navneet, DuncanT: the difference is multiple instances of the driver in one PID vs in different PIDs 16:49:45 you can make multiple instances of a driver talk to a single backend today using multiple PIDs 16:49:48 navneet: e.g. now there'll be (NPOOLS x ssh connections) rather than one 16:49:48 DuncanT: you can have same endor and controller as diff backends too 16:49:59 sighhh... 16:50:38 bswartz: You can do that, but if you break it you get to keep both halves... you can't do it by accident 16:50:38 DuncanT: NPOOLs x ssh for management? 16:50:41 Ok... so here's the thing 16:50:51 bottom line is that we need the capability and we all agree on that 16:50:57 yup 16:50:57 implementation is still questionable 16:51:02 jgriffith: +1 16:51:03 does someone want to volunteer to write the feature in the way hemna suggests? 16:51:06 I'd propose we all take a look at the WIP 16:51:18 test it, inspect it, try to break it 16:51:25 jgriffith: dats wat I wnt 16:51:29 bswartz, If I had the time I'd do it, but I'm buried right now. 16:51:32 jgriffith: +1 - no point in debating before looking at the code 16:51:33 we could do it, but it will take time and we've already spent a bunch of time getting it right using the way we suggested 16:51:39 and if possible maybe look at an alternative approach via a prototype 16:51:56 bswartz: I wouldn't expect you to have to do it 16:52:05 Gonna need time to beat on it... can we agree not to merge it before next meeting? I'd be happy with that as a starting point 16:52:09 bswartz: you already proposed a solution as far as I'm concerned 16:52:18 DuncanT: +1000 16:52:27 jgriffith: dats fine 16:52:31 I have no intention of approving that patch in the next week 16:52:41 Cool, I'll relax then 16:52:54 It's still a WIP so that shouldn't be a real risk 16:52:58 jgriffith: I want to talk abt cinder back up 16:53:03 so let's all try to do a high-level review at least, think if there is a better alternative, and reconvene next week? 16:53:08 navneet: you have two minutes 16:53:14 avishay: that sounds good 16:53:14 avishay: +1 16:53:19 the backup is not written right 16:53:21 #topic cinder-backup 16:53:26 * bswartz notices jgriffith saving time for his own topic 16:53:30 navneet: haha... you know how to make friends 16:53:31 as far as back up manager is concerned 16:53:46 navneet: Details? 16:53:53 jgriffith: it does a lot of routing stuff in the manager 16:53:57 DuncanT: stop being so defensive ;) 16:54:05 which should be handled at the rpc layer 16:54:23 DuncanT: just said 16:54:26 navneet: scheduler IMO 16:54:34 it routes calls to backends in the mgr 16:54:45 no manager 16:54:51 navneet is referring to the way the c-bak service handles incoming RPC messages 16:54:52 navneet: yes, because there is no backup scheduler 16:55:00 the code is in the wrong place 16:55:15 avishay: 16:55:16 and he's proposing a fix 16:55:20 yes 16:55:34 the rpc calls all got the same host 16:55:37 navneet: It was done that way because it broke otherwise - originally there was a backup scheduler, but it broke stuff... most of the stuff is now fixed, I'd be totally fine with bringing back a backup scheduler 16:55:39