#openstack-meeting log

13:00:35 <mhen> #startmeeting image_encryption
13:00:36 <openstack> Meeting started Mon Nov 25 13:00:35 2019 UTC and is due to finish in 60 minutes.  The chair is mhen. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:37 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:39 <openstack> The meeting name has been set to 'image_encryption'
13:00:59 <mhen> #topic Roll Call
13:01:55 <redrobot> o\
13:01:56 <redrobot> \o
13:02:12 <mhen> redrobot, hey :)
13:04:31 <mhen> so, I'm stepping in for Luzi today due to her being on a business trip
13:05:15 <moguimar> o/
13:05:24 <mhen> hi moguimar
13:05:33 <moguimar> hi
13:06:17 <mhen> #topic Summit Roundup
13:06:56 <mhen> I haven't been able to, but Luzi attended the summit
13:08:02 <fungi> i even got to talk to her about nova specs for a few minutes
13:08:54 <mhen> she had a talk with someone from the Nova team (I don't have all the details sorry), and turned out Nova would prefer having ephemeral storage encryption using native LUKS first, before implementing image encryption
13:09:47 <fungi> do they already have work in progress toward ephemeral disk encryption?
13:10:00 <mhen> afaik, they don't
13:10:11 <mhen> but don't quote me on that
13:10:35 <fungi> yeah, i know you're getting that info second-hand
13:10:50 <mhen> they do have ephemeral disk encryption for LVM backend but that's not helpful for productive setups
13:11:03 <mhen> even then that's not native LUKS at all
13:11:12 <mhen> in contrast to Cinder
13:11:24 <fungi> just wondering if it was a case of prioritizing against other in-progress encryption work, or that they felt image encryption didn't make sense until ephemeral disks are encrypted?
13:11:42 <mhen> the latter
13:12:44 <fungi> i would be interested to hear more of the logic there. it sounds like two tangentially-related features to me, so i have a hard time believing they would block work which has volunteers waiting for something nobody is working on
13:13:35 <mhen> we are currently considering primarily pushing the work forward for Glance and Cinder for now, since we can't stem any additional workload currently (i.e. implementing native LUKS)
13:13:55 <fungi> understandably
13:15:13 <mhen> so we could provide the Glance specification with a library base implementation and Cinder as its first 'consumer' implementation
13:15:36 <fungi> and that covers the case for boot-from-volume i guess?
13:15:43 <mhen> it does
13:17:02 <mhen> we think this would be the best way moving forward without blocking more progress than necessary
13:17:41 <fungi> that sounds like a reasonable plan to me too
13:20:05 <mhen> redrobot, moguimar, any objection from your side about shifting the focus more towards Glance and Cinder implementation for now, postponing the Nova part?
13:21:33 <redrobot> mhen, no objections here
13:24:08 <mhen> good, then we'll do just that :)
13:24:36 <mhen> let's move on
13:24:42 <mhen> #topic Open Discussion
13:24:50 <mhen> anything else to discuss?
13:26:39 <fungi> i'll try to get more details from nova folks on their position regarding the spec reproposal, though that may not be until next week depending on how many of them are on holiday
13:28:23 <mhen> fungi, that's great; thanks for your support! Let's keep track of this in the regular meeting.
13:29:10 <fungi> sounds good
13:30:09 <mhen> luckily, the Nova implementation is a modular part that can easily be left out for now and can be added at any point in the future, in my opinion
13:35:27 <mhen> okay then, thanks for joining this week and see you next monday!
13:35:45 <mhen> #endmeeting image_encryption