14:00:28 <rosmaita> #startmeeting cinder 14:00:28 <opendevmeet> Meeting started Wed May 8 14:00:28 2024 UTC and is due to finish in 60 minutes. The chair is rosmaita. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:28 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:28 <opendevmeet> The meeting name has been set to 'cinder' 14:00:37 <rosmaita> #topic roll call 14:00:38 <whoami-rajat> Hi 14:00:47 <rosmaita> o/ 14:00:52 <Sai> o/ 14:01:11 <crohmann> o/ 14:01:24 <akawai> o/ 14:03:06 <msaravan> Hi 14:03:13 <rosmaita> i guess we should get started 14:03:17 <ccokeke[m]> O/ 14:03:22 <zaitcev> Oh. I thought jbernard would. 14:03:35 <rosmaita> #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings 14:03:43 <rosmaita> agenda ^^ 14:04:03 <rosmaita> jbernard had a conflict come up, so i'm chairing the meeting for him 14:04:33 <rosmaita> looks like there are no announcements 14:04:49 <rosmaita> actually, here's one 14:05:02 <Luzi> o/ 14:05:27 <rosmaita> i think i've seen this a few times, usually in cinder-tempest-plugin-lvm-multiattach 14:05:37 <rosmaita> tempest.scenario.test_instances_with_cinder_volumes.TestInstancesWithCinderVolumes.test_instances_with_cinder_volumes_on_all_compute_nodes : mount: mounting /dev/vdb on /mnt/vdb failed: Device or resource busy 14:05:56 <rosmaita> seems to be intermittent, but we should keep an eye on it in case there's a real issue 14:06:45 <rosmaita> so if you have a failure in cinder-tempest-plugin-lvm-multiattach , before rechecking, take a look and see if that's the error you are hitting 14:07:11 <rosmaita> ok, that's all the announcements 14:07:32 <rosmaita> #topic Repropose spec to introduce new backup_status field for volume 14:07:41 <rosmaita> crohmann: that's you 14:08:25 <crohmann> Yes. I reproposed this and wanted to know if you believe this is something that could be jointly worked on? 14:09:07 <crohmann> I was merged before, but not worked on or implemented. 14:09:11 <rosmaita> it's been a while since i looked at that spec 14:09:35 <rosmaita> i seem to remember that hemna had a devastating critique that came up after it was merged? 14:09:41 <rosmaita> or am i thinking of something else 14:10:28 <rosmaita> must be something else, i don't see a comment from him on the original patch 14:11:40 <rosmaita> so crohmann , when you say jointly worked on, do you mean that you are looking for someone interested in implementing this spec? 14:12:47 <crohmann> Yes, actually if this is something you cores would work on yourself. I doubt this is the kind of thing one can ever get done as a part time contributor. 14:14:22 <crohmann> De-Coupling backups from other volume status to mee seems kind of a great improvement to core of what cinder is and does 14:15:51 <rosmaita> well, we need to re-approve the spec, so that should encourage cores to re-read it and think about implementation 14:16:48 <rosmaita> my initial thought was that if it's well defined, maybe Desire would be interested in picking it up to work on 14:17:09 <rosmaita> not sure what her time commitments are, though 14:17:11 <zaitcev> The hardest part to think about is to imagine the consequences of it. 14:17:18 <zaitcev> At least for me. 14:18:03 <rosmaita> i will have to search the old meeting logs, or maybe just ping Walt ... i was sure that he had a serious objection 14:19:08 <crohmann> rosmaita: I believe you are referring to e.g. https://review.opendev.org/c/openstack/cinder-specs/+/818551 which was the former idea to introduce a whole new task status field. But that was indeed a bad idea. 14:20:21 <rosmaita> thanks ... though i thought it was more recent than 2022! 14:20:22 <crohmann> That is when we went back to the drawing board and realized that it's not about all tasks ... but backups especially that can run independently from other actions on the volume. 14:20:52 <rosmaita> ok, i clearly need to re-read this spec 14:21:27 <rosmaita> so, the situation is: spec needs to be re-approved, and we are looking for someone willing to pick it up 14:21:36 <whoami-rajat> more than the implementation i think it requires thorough testing 14:21:54 <whoami-rajat> since the volume state won't be backing-up, there are all the operations that we can perform on the volume 14:22:08 <whoami-rajat> and any one of them could break causing a regression 14:22:17 <rosmaita> we will need a full suite of tempest tests 14:22:24 <whoami-rajat> so that is the major thing to examine IMO 14:22:40 <geguileo> And we could even block processes if, for example, we delete the volume 14:23:06 <whoami-rajat> +1 for tempest tests 14:23:10 <rosmaita> sounds like a good action item would be for someone to review our current tempest backup test coverage and propose some new tests 14:23:46 <rosmaita> ok, so let's keep that in mind in reviewing the spec 14:23:55 <geguileo> I believe the tests would depend on the operations that we can think of that would break thigns 14:24:58 <crohmann> I know it's complex, but it also promises some benefits by removing interlocking of cinder and cinder-backup. But from the discussion here I believe I am right to assume this really needs your buy in ... there really is no way to just push some code for review. 14:25:35 <rosmaita> i agree about the benefits, but also with the wide opportunity to break things 14:26:24 <rosmaita> i think if you have time to code some stuff, a good place to start would be to improve the test coverage 14:26:42 <crohmann> (see my request for review :-P ) 14:27:50 <rosmaita> ok, let's move on ... result of the discussion is that cores need to please review the spec 14:27:57 <rosmaita> #topic image encryption 14:28:02 <rosmaita> Luzi: that's you 14:28:24 <Luzi> yeah, the glance spec is still under review and i addressed your comments rosmaita 14:28:35 <rosmaita> just saw that, i need to re-review 14:28:42 <Luzi> do you want a spec for cinder too, now that you have looked through it? 14:28:51 <rosmaita> did i see that you put up a patch for a new database table? 14:28:58 <rosmaita> in cinder, i mean 14:29:09 <Luzi> that was for the volume type spec 14:29:37 <rosmaita> oh, ok 14:29:53 <Luzi> that is another topic - let's focus on image encryption first 14:30:04 <rosmaita> yes, sorry for confusing things 14:30:40 <Luzi> i think it is important to also have cinder folks looking through the glance spec, because you mentioned the need for another parameter 14:31:40 <Luzi> would something like "os_encrypt_compressed" = True/False good enough? 14:32:07 <whoami-rajat> do we have a link to the spec somewhere? 14:32:17 <Luzi> https://review.opendev.org/c/openstack/glance-specs/+/915726 14:32:22 <whoami-rajat> thanks 14:35:02 <rosmaita> looking that over, i think you may need a cinder spec, but you can keep it short 14:35:12 <rosmaita> you can refer to the glance spec for the basic outline 14:35:30 <Luzi> okay I will write a spec for Cinder 14:35:48 <rosmaita> the key things for cinder will be what metadata items to look for and how creating a volume from an image will be handled 14:36:13 <rosmaita> it's probably pretty similar to what we are currently doing 14:36:14 <Luzi> yeah, I will keep that in mind 14:36:38 <rosmaita> but the problem is that we currently have a closed-loop system where cinder controls everything 14:37:06 <rosmaita> once we inject users into the system, we need to be a lot more careful about checking things 14:37:30 <Luzi> so maybe i should outline the possible workflows? 14:38:09 <whoami-rajat> "uses it to encrypt the image locally using the OpenStack client (osc) when uploading it." -- did i read this correctly? how will OSC help in encrypting the image? 14:38:41 <Luzi> what is done when cinder uses a user generated encrypted vs an image created from a Cinder LUKS-colume 14:38:44 <Luzi> volume 14:39:35 <Luzi> whoami-rajat, we want to make it easy for users and to be sure on how the encryption is done - so we aim for intagrating that into the osc 14:40:00 <rosmaita> i guess the questions are: what does cinder have to worry about in downloading a user-supplied LUKS image so that it can write it into a volume 14:40:10 <Luzi> we also had done this for the gpg-encryption 14:40:29 <rosmaita> and, is there anything new cinder needs to do when uploading a LUKS volume as an image to glance 14:40:37 <Luzi> rosmaita, yes that is what I mean 14:41:01 <rosmaita> ok, we are on the same page then ... writing that up would be helpful 14:41:04 <whoami-rajat> that seems really strange to me, is the OSC team aware about this? since i see OSC as just the CLI interface and SDK for the API requests, but yeah i will add comments to spec 14:43:02 <rosmaita> Luzi: you also have a good point about needing to fail early if there's no key manager 14:43:55 <Luzi> yeah, that is what is bugging me with the container format 14:44:30 <Luzi> maybe you could discuss this with the Glance team? We have a national holiday tomorrow - so I will not be available 14:45:02 <rosmaita> the glance team will probably have a holiday tomorrow, too 14:45:17 <Luzi> ah okay 14:45:22 <rosmaita> (also, i have a conflict with the glance meeting) 14:46:43 <rosmaita> can you explain real quickly though what the problem is with the container format? is the idea that an operator who doesn't have barbican can not allow uploads of encrypted volumes by not including 'encrypted' in the glance container_formats config? 14:48:07 <Luzi> you can and still need to update most of the "os_encrypt_*" parameters later on - if there is no Keymanager available, an encrypted image could be uploaded all parameters set, without getting an error 14:49:50 <Luzi> and cinder or nova using images which than have a container format like qcow2 or raw - how would you handle it? if there is a check, than it would fail in cinder or nova, but not while uploading in glance 14:50:02 <Luzi> i don't think that would be a good user experience 14:50:25 <rosmaita> well, i guess the osc could check that there's a key manager endpoint available before uploading the image? 14:50:34 <rosmaita> (when you ask it to do the encryption) 14:50:43 <rosmaita> i guess it has to, anyway 14:51:19 <Luzi> yeah but that way we would still have the problem in the API... 14:51:40 <rosmaita> yeah, but you have to figure that API users at least a little know what they are doing 14:52:06 <rosmaita> right now you can put a JPEG into glance, and as long as it's container=bare, disk_format=raw, you can create a volume from it 14:53:00 <Luzi> well i think this point really needs a discussion with also the Glance and see what they would want 14:53:40 <rosmaita> ok, well it sounds like me and Rajat are committed to looking at the glance spec, so that's probably a good outcome for today 14:53:49 <Luzi> yeah thank you 14:54:19 <rosmaita> #topic review requests 14:54:46 <rosmaita> looks like crohmann needs help interpreting a failing test 14:54:57 <rosmaita> #link https://review.opendev.org/c/openstack/cinder/+/484729/comments/b6da8f16_5c9481e3 14:55:57 * whoami-rajat adding all naive comments to the spec 14:56:15 <rosmaita> the festival of reviews is next week (may 17), maybe we can make it a festival of backup reviews 14:56:25 <rosmaita> they do seem to be piling up a bit 14:56:48 <whoami-rajat> also one thing i forgot to mention in announcement is, we have M-1 next week but not sure if we had planned any deadlines for M-1 this cycle 14:57:03 <rosmaita> wow, that snuck up fast 14:57:37 <whoami-rajat> yeah, i was just trying to see if we had a midcycle-1 date there and noticed the M-1 deadline 14:57:41 <rosmaita> i know jon was working on scheduling the midcycles, guess we will be having one soon 14:57:44 <whoami-rajat> #link https://releases.openstack.org/dalmatian/schedule.html 14:58:10 <rosmaita> that means the release team will be asking for an early os-brick release 14:58:59 <rosmaita> we need to prioritize os-brick reviews: https://review.opendev.org/q/project:openstack/os-brick+status:open 14:59:04 <whoami-rajat> looks like it, maybe we can prioritize any important review 14:59:11 <whoami-rajat> in brick 14:59:40 <rosmaita> ok we are out of time for today ... please look at the agenda to follow up on the other review requests, they look reasonable 14:59:56 <rosmaita> #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings 15:00:11 <rosmaita> thanks everyone ... have a productive remainder of your day 15:00:14 <whoami-rajat> thanks rosmaita ! 15:00:16 <rosmaita> #endmeeting