16:00:20 <jungleboyj> #startmeeting Cinder 16:00:22 <openstack> Meeting started Wed Oct 3 16:00:20 2018 UTC and is due to finish in 60 minutes. The chair is jungleboyj. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:00:23 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:00:26 <openstack> The meeting name has been set to 'cinder' 16:00:29 <smcginnis> o/ 16:00:37 <Luzi> o/ 16:00:37 <rosmaita> o/ 16:00:38 <mhen> o/ 16:00:38 <ganso> hello 16:00:41 <abishop_> o/ 16:00:42 <jungleboyj> Agenda link: https://etherpad.openstack.org/p/cinder-stein-meeting-agendas 16:00:43 <whoami-rajat> Hi 16:00:48 <e0ne> hi 16:00:48 <jungleboyj> #link https://etherpad.openstack.org/p/cinder-stein-meeting-agendas 16:00:52 <eharney> hi 16:01:12 <jungleboyj> eharney is back! 16:01:16 <eharney> :) 16:01:17 <jungleboyj> @! 16:01:17 <_pewp_> jungleboyj \( ・_・) 16:01:52 <_erlon_> Hey 16:02:12 <xyang> hi 16:02:42 <jungleboyj> Ok. So, it looks like we have a Quorum. 16:02:50 <jungleboyj> Lets get started. 16:03:04 <jungleboyj> #announcements 16:03:09 <jungleboyj> #topic announcements 16:03:18 * jungleboyj is apparently struggling to control the meeting. 16:03:49 <jungleboyj> I have sent out an e-mail to the mailing list proposing geguileo_PTO as a stable core. 16:04:03 <jungleboyj> We discussed that at the PTG so that shouldn't be a huge surprise. :-) 16:04:17 <jungleboyj> If anyone has concerns please let me know. 16:04:39 <jungleboyj> Also, I am working on getting releases of python-cinderclient and os-brick out. 16:05:07 <jungleboyj> I looked and it doesn't seem like there are too many outstanding patches. Does anyone have anything important they need to get in before I do releases? 16:05:30 * smcginnis looks 16:06:47 <smcginnis> Looks like we're in decent shape for a release to me. 16:06:53 <jungleboyj> A reminder that we have an etherpad to talk about the mid-cycle: https://etherpad.openstack.org/p/cinder-stein-mid-cycle-planning 16:07:05 <jungleboyj> #link https://etherpad.openstack.org/p/cinder-stein-mid-cycle-planning 16:07:09 <smcginnis> erlon: Can you check the response to your comments on https://review.openstack.org/#/c/604578/ 16:07:15 <e0ne> there is nothing important to release python-brick-cinderclient-ext 16:07:38 <erlon> smcginnis, I will 16:07:45 <jungleboyj> We have lots of remote attendees. 16:07:58 <jungleboyj> Hope we could get some more on-site participation. 16:09:03 <jungleboyj> Please add topics as you come up with them. 16:09:17 <jungleboyj> erlon: Yeah, if you can address that it would be appreciated and then we can do another release there. 16:10:29 <jungleboyj> smcginnis: Thanks for double checking and confirming that things look pretty good. 16:10:33 <erlon> jungleboyj, smcginnis, yeah, comment was most something to be improved, but its a backport so 16:10:42 <jungleboyj> erlon: Yeah. 16:10:45 <erlon> jungleboyj, are you releasing for rock as well? 16:11:06 <jungleboyj> erlon: That is the plan if there are sufficient changes. I haven't checked how many there have been. 16:11:44 <erlon> done 16:12:16 <jungleboyj> erlon: Thank you. 16:12:45 <smcginnis> rosmaita: Yay 16:12:59 <jungleboyj> smcginnis: ? 16:13:19 <smcginnis> jungleboyj: Just saw that he had added his name to the midcycle attendance list. 16:13:37 <rosmaita> not guaranteed attendance yet, though 16:13:50 <jungleboyj> smcginnis: Oh. Yay indeed! will be nice to have you there rosmaita ! 16:13:58 <rosmaita> :) 16:14:04 <jungleboyj> Ok, moving on from Announcements. 16:14:25 <jungleboyj> #topic Image Encryption Proposal 16:14:33 <jungleboyj> Luzi: and mhen You here? 16:14:38 <Luzi> yes 16:14:41 <mhen> o/ 16:14:42 <mhen> hello all :) 16:14:46 <Luzi> hi :) 16:14:54 <mhen> as already announced on the ML we want to propose the introduction of image encryption in OpenStack 16:15:01 <mhen> #link http://lists.openstack.org/pipermail/openstack-dev/2018-September/135167.html 16:15:09 <jungleboyj> @! 16:15:09 <_pewp_> jungleboyj (ஐ╹◡╹)ノ 16:15:17 <jungleboyj> Right, have seen the notes on that. 16:15:22 <mhen> this will have impact on several projects including Cinder as well as Nova, Glance and OSC - for which we are currently writing individual specs 16:15:43 <mhen> for Cinder we basically want to add image decryption when converting an encrypted image into a volume 16:16:21 * smcginnis is glad eharney is back for this 16:16:23 <jungleboyj> Ok. 16:16:27 <jungleboyj> smcginnis: Me too. 16:16:29 <mhen> (plus incorporating the already existing case of creating images from encrypted volumes, as eharney also mentioned on the ML today) 16:17:13 <mhen> our proposal for creating volumes from encrypted images would focus on volume backends supporting encryption, starting with Ceph and LVM - as we don't see a point in allowing encrypted images to be converted into unencrypted volumes 16:17:45 <mhen> any opinions on that? 16:18:23 <eharney> it seems like a reasonable idea, but folks relying on the glance<->cinder optimized cloning of images to volumes inside of Ceph are going to take a big perf hit when using this 16:18:36 <eharney> which is fine, just needs to be well understood 16:18:55 <smcginnis> Does anyone actually use ceph? 16:18:59 <smcginnis> (jk) 16:19:40 <erlon> eharney, why do loose the optimized cloning if you are not decrypting? 16:19:45 <eharney> i just started looking at this today but i haven't come up with any big objections to the general idea 16:20:05 <eharney> erlon: they have to decrypt if it's a gpg based encryption which is totally different from the normal luks volume encryption 16:20:16 <mhen> correct 16:20:45 <erlon> eharney, so, only if is a gpg? 16:21:02 <erlon> is it possible to use the same encryption method? 16:21:11 <eharney> well the proposal is that the images will be encrypted w/ gpg 16:21:20 <eharney> i don't think so, because they want to use a streamable format 16:21:28 <erlon> hmmm 16:21:51 <erlon> got it 16:23:11 <jungleboyj> Thoughts on not supporting going from an encrypted image to a non-encrypted volume? 16:24:20 <eharney> i'm not sure i understand the reason for that restriction 16:24:30 <jungleboyj> It seems to be that there are people who may have a backend that doesn't support encryption but want to access an encrypted image. 16:24:58 <jungleboyj> We could handle that like we do with other things like this where we don't allow it by default but allow the user to enable it if that is what they want. 16:25:57 <jungleboyj> *crickets* 16:26:10 <mhen> jungleboyj, fair point. However, the goal of the image encryption is to keep the data safe no matter where the image is transferred to and handled. Converting it into an unencrypted volume would mean exposing the data on this host essentially. 16:26:12 <eharney> if you consider a deployment where the Glance storage is in some less secured area than the Cinder backend, it makes sense to decrypt an image to an unencrypted volume 16:26:50 <eharney> it ends up exposed on the compute host anyway when it's attached 16:27:06 <jungleboyj> mhen: Yeah. That is why we would make it an option and default to not allowing it. 16:27:39 <mhen> eharney, with native LUKS this shouldn't be the case or am I wrong? 16:28:01 <mhen> in QEMU/LibVirt 16:28:48 <eharney> i forget, do we support QEMU's luks layer for iSCSI yet? either way, i think most deployments use device-mapper for decryption 16:29:30 <jungleboyj> eharney: Good question. I am not sure. 16:29:52 <jungleboyj> Anyway, we don't have to solve the design issues right here. 16:30:06 <eharney> i can participate in spec reviews for this 16:30:21 <jungleboyj> It looks like other projects are adopting this functionality and it is something that we should also support. 16:30:25 <mhen> eharney, we would definetly appreciate that :) 16:31:12 <jungleboyj> eharney: That would be appreciated. 16:32:06 <jungleboyj> So, any objections to a spec being proposed and us supporting this effort? 16:33:19 <rosmaita> no objection, makes sense for cinder to do this if glance/nova are doing it 16:33:30 <jungleboyj> rosmaita: Yep. :-) 16:33:31 <smcginnis> It sounds like a good thing to support, so I think we should at least work through the spec and see if we can work through any issues. 16:33:39 <rosmaita> and ironic 16:33:43 <jungleboyj> smcginnis: ++ 16:34:10 <jungleboyj> #action Luzi mhen to propose a spec for implementation in Cinder 16:34:20 <mhen> we will do, thanks for your support :) 16:34:26 <jungleboyj> #action team to review the spec and work through design details 16:34:27 <mhen> we are currently planning to outsource the encryption/decryption functionality into the SDK, because it is used across several components, including Cinder 16:34:41 <jungleboyj> #action eharney to provide Cinder encryption expertise. 16:34:52 <mhen> would that be alright for you? 16:35:03 <smcginnis> Makes sense. 16:35:53 <mhen> it's currently not in the requirements for Cinder, so it would need to be added 16:36:07 <jungleboyj> Ok. 16:36:35 <jungleboyj> mhen: Is that the approach being taken in other services? 16:37:34 <mhen> jungleboyj, we don't know yet; we are currently still reaching out to all the other teams as well 16:38:07 <smcginnis> Having common things in a library will be much better than copying and pasting into each project. 16:38:14 <jungleboyj> smcginnis: ++ 16:38:25 <jungleboyj> Yeah, so obviously we would be open to that. 16:38:28 <smcginnis> mhen: Is this a library that is already tracked in openstack/requirements? 16:38:43 <Luzi> yes 16:38:53 <Luzi> its used in the openstack-client for example 16:39:00 <smcginnis> Perfect. Should be fine then. 16:39:06 <mhen> called "openstacksdk" 16:39:37 <eharney> cinder would use openstacksdk? 16:40:51 <rosmaita> that seems counterintuitive 16:40:56 <jungleboyj> eharney: That is how I am reading it. 16:41:10 <mhen> another alternative would have been glanceclient, but I thought the individual client libraries are to be unified in the SDK? 16:41:13 <eharney> yeah, it sounds not so great to me 16:41:36 <smcginnis> Anyway, details we can work through in the implementation. 16:41:44 <jungleboyj> smcginnis: ++ 16:42:33 <rosmaita> mhen: you may want to take a look at how the image signature stuff was pulled out into the cursive library for both glance and nova to consume 16:42:49 <rosmaita> i think that may be a more typical pattern 16:43:32 <jungleboyj> So, lets move on. 16:43:43 <mhen> rosmaita, that's quite funny - we recently added image signature generation to osc, where we first added it to cursive library but the devs suggested moving it to the sdk 16:43:56 <jungleboyj> Are there any other topics or should we spend a few minutes on bug triage? 16:44:59 <rosmaita> mhen: interesting 16:45:01 <jungleboyj> Ok. Looks like we can move on. #topic bug triage 16:45:11 <jungleboyj> #topic bug trieage 16:45:13 <smcginnis> #fail 16:45:14 <jungleboyj> #topic bug triage 16:45:16 <smcginnis> :) 16:45:23 * jungleboyj glares at smcginnis 16:46:14 <jungleboyj> First, eharney we have been waiting for you input on this bug: 16:46:25 <jungleboyj> #link https://bugs.launchpad.net/cinder/+bug/1788619 16:46:25 <openstack> Launchpad bug 1788619 in Cinder "disk cachemodes should be restricted with multiattached volumes" [High,New] 16:46:44 <eharney> well this one's easy to triage for cinder - it's a nova issue :) 16:47:01 <jungleboyj> eharney: Oh, ok. 16:47:18 <jungleboyj> So, there isn't anything we need to do here? 16:47:51 <eharney> no 16:48:31 <jungleboyj> Ok. That is good. 16:49:23 <jungleboyj> eharney: Thanks. 16:50:03 <jungleboyj> #link https://bugs.launchpad.net/cinder/+bug/1782714 16:50:04 <openstack> Launchpad bug 1782714 in Cinder "Properties of an attached volume are lost after live migration" [Medium,New] 16:50:17 <jungleboyj> So, it looks like the reporter responded to this one. 16:50:28 <jungleboyj> whoami-rajat: Did anyone get a chance to look at this? 16:51:06 <whoami-rajat> jungleboyj: don't think so. 16:51:39 <whoami-rajat> geguileo_PTO: has been off since past 2-3 days i guess 16:52:23 <jungleboyj> Ok. And he had taken a look at that. So. Follow up when he is back. 16:52:30 <jungleboyj> whoami-rajat: Other bugs to look at? 16:52:44 <whoami-rajat> jungleboyj: yes 16:52:48 <whoami-rajat> https://bugs.launchpad.net/cinder/+bug/1793364 16:52:48 <openstack> Launchpad bug 1793364 in OpenStack Compute (nova) "mysql db opportunistic unit tests timing out intermittently in the gate (bad thread switch?)" [High,Confirmed] 16:53:01 <whoami-rajat> jungleboyj: ok will do 16:54:19 <jungleboyj> Hmmm, ok. So looks like this is being seen across multiple projects. 16:54:57 <whoami-rajat> jungleboyj: yes, the manila team confirmed it too on their gate. 16:56:22 <jungleboyj> mriedem: Confirmed in Cinder. 16:56:56 <whoami-rajat> jungleboyj: yes, cause the problem was originally found in nova and cinder. 16:57:38 <erlon> jungleboyj, https://bugs.launchpad.net/cinder/+bug/1789944 16:57:38 <openstack> Launchpad bug 1789944 in Cinder "cinder-tempest-plugin CG tests are broken" [High,In progress] - Assigned to Miriam Yumi (miriamyumi) 16:58:14 <erlon> Someone else was mentioning the bugs on the consistency group tests a few weeks ago 16:58:45 <erlon> the fix should be ready: https://review.openstack.org/598999 16:59:29 <erlon> oops, fix: https://review.openstack.org/#/c/599720/ 16:59:54 <jungleboyj> erlon: Ah, good. Hopefully we can get that through. 17:00:02 <jungleboyj> eharney: smcginnis ^^ 17:00:10 <erlon> nice 17:00:20 <jungleboyj> Otherwise, will need to look into the next bug that whoami-rajat has proposed. 17:00:27 <jungleboyj> And with that. We are out of time here. 17:00:51 <jungleboyj> Thank you everyone for meeting. 17:00:56 <jungleboyj> #endmeeting