14:00:28 <rosmaita> #startmeeting cinder
14:00:28 <opendevmeet> Meeting started Wed May  8 14:00:28 2024 UTC and is due to finish in 60 minutes.  The chair is rosmaita. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:28 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:28 <opendevmeet> The meeting name has been set to 'cinder'
14:00:37 <rosmaita> #topic roll call
14:00:38 <whoami-rajat> Hi
14:00:47 <rosmaita> o/
14:00:52 <Sai> o/
14:01:11 <crohmann> o/
14:01:24 <akawai> o/
14:03:06 <msaravan> Hi
14:03:13 <rosmaita> i guess we should get started
14:03:17 <ccokeke[m]> O/
14:03:22 <zaitcev> Oh. I thought jbernard would.
14:03:35 <rosmaita> #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings
14:03:43 <rosmaita> agenda ^^
14:04:03 <rosmaita> jbernard had a conflict come up, so i'm chairing the meeting for him
14:04:33 <rosmaita> looks like there are no announcements
14:04:49 <rosmaita> actually, here's one
14:05:02 <Luzi> o/
14:05:27 <rosmaita> i think i've seen this a few times, usually in cinder-tempest-plugin-lvm-multiattach
14:05:37 <rosmaita> tempest.scenario.test_instances_with_cinder_volumes.TestInstancesWithCinderVolumes.test_instances_with_cinder_volumes_on_all_compute_nodes : mount: mounting /dev/vdb on /mnt/vdb failed: Device or resource busy
14:05:56 <rosmaita> seems to be intermittent, but we should keep an eye on it in case there's a real issue
14:06:45 <rosmaita> so if you have a failure in cinder-tempest-plugin-lvm-multiattach , before rechecking, take a look and see if that's the error you are hitting
14:07:11 <rosmaita> ok, that's all the announcements
14:07:32 <rosmaita> #topic Repropose spec to introduce new backup_status field for volume
14:07:41 <rosmaita> crohmann: that's you
14:08:25 <crohmann> Yes. I reproposed this and wanted to know if you believe this is something that could be jointly worked on?
14:09:07 <crohmann> I was merged before, but not worked on or implemented.
14:09:11 <rosmaita> it's been a while since i looked at that spec
14:09:35 <rosmaita> i seem to remember that hemna had a devastating critique that came up after it was merged?
14:09:41 <rosmaita> or am i thinking of something else
14:10:28 <rosmaita> must be something else, i don't see a comment from him on the original patch
14:11:40 <rosmaita> so crohmann , when you say jointly worked on, do you mean that you are looking for someone interested in implementing this spec?
14:12:47 <crohmann> Yes, actually if this is something you cores would work on yourself. I doubt this is the kind of thing one can ever get done as a part time contributor.
14:14:22 <crohmann> De-Coupling backups from other volume status to mee seems kind of a great improvement to core of what cinder is and does
14:15:51 <rosmaita> well, we need to re-approve the spec, so that should encourage cores to re-read it and think about implementation
14:16:48 <rosmaita> my initial thought was that if it's well defined, maybe Desire would be interested in picking it up to work on
14:17:09 <rosmaita> not sure what her time commitments are, though
14:17:11 <zaitcev> The hardest part to think about is to imagine the consequences of it.
14:17:18 <zaitcev> At least for me.
14:18:03 <rosmaita> i will have to search the old meeting logs, or maybe just ping Walt ... i was sure that he had a serious objection
14:19:08 <crohmann> rosmaita: I believe you are referring to e.g. https://review.opendev.org/c/openstack/cinder-specs/+/818551 which was the former idea to introduce a whole new task status field. But that was indeed a bad idea.
14:20:21 <rosmaita> thanks ... though i thought it was more recent than 2022!
14:20:22 <crohmann> That is when we went back to the drawing board and realized that it's not about all tasks ... but backups especially that can run independently from other actions on the volume.
14:20:52 <rosmaita> ok, i clearly need to re-read this spec
14:21:27 <rosmaita> so, the situation is: spec needs to be re-approved, and we are looking for someone willing to pick it up
14:21:36 <whoami-rajat> more than the implementation i think it requires thorough testing
14:21:54 <whoami-rajat> since the volume state won't be backing-up, there are all the operations that we can perform on the volume
14:22:08 <whoami-rajat> and any one of them could break causing a regression
14:22:17 <rosmaita> we will need a full suite of tempest tests
14:22:24 <whoami-rajat> so that is the major thing to examine IMO
14:22:40 <geguileo> And we could even block processes if, for example, we delete the volume
14:23:06 <whoami-rajat> +1 for tempest tests
14:23:10 <rosmaita> sounds like a good action item would be for someone to review our current tempest backup test coverage and propose some new tests
14:23:46 <rosmaita> ok, so let's keep that in mind in reviewing the spec
14:23:55 <geguileo> I believe the tests would depend on the operations that we can think of that would break thigns
14:24:58 <crohmann> I know it's complex, but it also promises some benefits by removing interlocking of cinder and cinder-backup. But from the discussion here I believe I am right to assume this really needs your buy in ... there really is no way to just push some code for review.
14:25:35 <rosmaita> i agree about the benefits, but also with the wide opportunity to break things
14:26:24 <rosmaita> i think if you have time to code some stuff, a good place to start would be to improve the test coverage
14:26:42 <crohmann> (see my request for review :-P )
14:27:50 <rosmaita> ok, let's move on ... result of the discussion is that cores need to please review the spec
14:27:57 <rosmaita> #topic image encryption
14:28:02 <rosmaita> Luzi: that's you
14:28:24 <Luzi> yeah, the glance spec is still under review and i addressed your comments rosmaita
14:28:35 <rosmaita> just saw that, i need to re-review
14:28:42 <Luzi> do you want a spec for cinder too, now that you have looked through it?
14:28:51 <rosmaita> did i see that you  put up a patch for a new database table?
14:28:58 <rosmaita> in cinder, i mean
14:29:09 <Luzi> that was for the volume type spec
14:29:37 <rosmaita> oh, ok
14:29:53 <Luzi> that is another topic - let's focus on image encryption first
14:30:04 <rosmaita> yes, sorry for confusing things
14:30:40 <Luzi> i think it is important to also have cinder folks looking through the glance spec, because you mentioned the need for another parameter
14:31:40 <Luzi> would something like "os_encrypt_compressed" = True/False good enough?
14:32:07 <whoami-rajat> do we have a link to the spec somewhere?
14:32:17 <Luzi> https://review.opendev.org/c/openstack/glance-specs/+/915726
14:32:22 <whoami-rajat> thanks
14:35:02 <rosmaita> looking that over, i think you may need a cinder spec, but you can keep it short
14:35:12 <rosmaita> you can refer to the glance spec for the basic outline
14:35:30 <Luzi> okay I will write a spec for Cinder
14:35:48 <rosmaita> the key things for cinder will be what metadata items to look for and how creating a volume from an image will be handled
14:36:13 <rosmaita> it's probably pretty similar to what we are currently doing
14:36:14 <Luzi> yeah, I will keep that in mind
14:36:38 <rosmaita> but the problem is that we currently have a closed-loop system where cinder controls everything
14:37:06 <rosmaita> once we inject users into the system, we need to be a lot more careful about checking things
14:37:30 <Luzi> so maybe i should outline the possible workflows?
14:38:09 <whoami-rajat> "uses it to encrypt the image locally using the OpenStack client (osc) when uploading it." -- did i read this correctly? how will OSC help in encrypting the image?
14:38:41 <Luzi> what is done when cinder uses a user generated encrypted vs an image created from a Cinder LUKS-colume
14:38:44 <Luzi> volume
14:39:35 <Luzi> whoami-rajat, we want to make it easy for users and to be sure on how the encryption is done - so we aim for intagrating that into the osc
14:40:00 <rosmaita> i guess the questions are: what does cinder have to worry about in downloading a user-supplied LUKS image so that it can write it into a volume
14:40:10 <Luzi> we also had done this for the gpg-encryption
14:40:29 <rosmaita> and, is there anything new cinder needs to do when uploading a LUKS volume as an image to glance
14:40:37 <Luzi> rosmaita, yes that is what I mean
14:41:01 <rosmaita> ok, we are on the same page then ... writing that up would be helpful
14:41:04 <whoami-rajat> that seems really strange to me, is the OSC team aware about this? since i see OSC as just the CLI interface and SDK for the API requests, but yeah i will add comments to spec
14:43:02 <rosmaita> Luzi: you also have a good point about needing to fail early if there's no key manager
14:43:55 <Luzi> yeah, that is what is bugging me with the container format
14:44:30 <Luzi> maybe you could discuss this with the Glance team? We have a national holiday tomorrow - so I will not be available
14:45:02 <rosmaita> the glance team will probably have a holiday tomorrow, too
14:45:17 <Luzi> ah okay
14:45:22 <rosmaita> (also, i have a conflict with the glance meeting)
14:46:43 <rosmaita> can you explain real quickly though what the problem is with the container format?  is the idea that an operator who doesn't have barbican can not allow uploads of encrypted volumes by not including 'encrypted' in the glance container_formats config?
14:48:07 <Luzi> you can and still need to update most of the "os_encrypt_*" parameters later on - if there is no Keymanager available, an encrypted image could be uploaded all parameters set, without getting an error
14:49:50 <Luzi> and cinder or nova using images which than have a container format like qcow2 or raw - how would you handle it? if there is a check, than it would fail in cinder or nova, but not while uploading in glance
14:50:02 <Luzi> i don't think that would be a good user experience
14:50:25 <rosmaita> well, i guess the osc could check that there's a key manager endpoint available before uploading the image?
14:50:34 <rosmaita> (when you ask it to do the encryption)
14:50:43 <rosmaita> i guess it has to, anyway
14:51:19 <Luzi> yeah but that way we would still have the problem in the API...
14:51:40 <rosmaita> yeah, but you have to figure that API users at least a little know what they are doing
14:52:06 <rosmaita> right now you can put a JPEG into glance, and as long as it's container=bare, disk_format=raw, you can create a volume from it
14:53:00 <Luzi> well i think this point really needs a discussion with also the Glance and see what they would want
14:53:40 <rosmaita> ok, well it sounds like me and Rajat are committed to looking at the glance spec, so that's probably a good outcome for today
14:53:49 <Luzi> yeah thank you
14:54:19 <rosmaita> #topic review requests
14:54:46 <rosmaita> looks like crohmann needs help interpreting a failing test
14:54:57 <rosmaita> #link https://review.opendev.org/c/openstack/cinder/+/484729/comments/b6da8f16_5c9481e3
14:55:57 * whoami-rajat adding all naive comments to the spec
14:56:15 <rosmaita> the festival of reviews is next week (may 17), maybe we can make it a festival of backup reviews
14:56:25 <rosmaita> they do seem to be piling up a bit
14:56:48 <whoami-rajat> also one thing i forgot to mention in announcement is, we have M-1 next week but not sure if we had planned any deadlines for M-1 this cycle
14:57:03 <rosmaita> wow, that snuck up fast
14:57:37 <whoami-rajat> yeah, i was just trying to see if we had a midcycle-1 date there and noticed the M-1 deadline
14:57:41 <rosmaita> i know jon was working on scheduling the midcycles, guess we will be having one soon
14:57:44 <whoami-rajat> #link https://releases.openstack.org/dalmatian/schedule.html
14:58:10 <rosmaita> that means the release team will be asking for an early os-brick release
14:58:59 <rosmaita> we need to prioritize os-brick reviews: https://review.opendev.org/q/project:openstack/os-brick+status:open
14:59:04 <whoami-rajat> looks like it, maybe we can prioritize any important review
14:59:11 <whoami-rajat> in brick
14:59:40 <rosmaita> ok we are out of time for today ... please look at the agenda to follow up on the other review requests, they look reasonable
14:59:56 <rosmaita> #link https://etherpad.opendev.org/p/cinder-dalmatian-meetings
15:00:11 <rosmaita> thanks everyone ... have a productive remainder of your day
15:00:14 <whoami-rajat> thanks rosmaita !
15:00:16 <rosmaita> #endmeeting