13:00:22 #startmeeting image_encryption 13:00:23 Meeting started Mon Jun 8 13:00:22 2020 UTC and is due to finish in 60 minutes. The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:00:24 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:00:27 The meeting name has been set to 'image_encryption' 13:00:33 #topic Roll Call 13:01:11 hi! 13:01:18 hi fungi 13:02:37 \o 13:02:50 hi redrobot 13:02:57 Hi Luzi! 13:03:59 lets start 13:04:02 #topic Barbican Consumer API Update 13:04:35 Not much of an update. We discussed the missing microversino bits during PTG 13:05:00 I do want to make sure y'all are still planning to use openstacksdk as the client? 13:05:03 how was the PTG redrobot? (Unfortunately) I had to hold a lecture at a kind of college Thursday and Friday afternoon 13:05:41 PTG was good! 13:05:51 We had 9 folks attend throught our 1/2 day 13:05:58 here are the etherpad notes we took: 13:06:01 #link https://etherpad.opendev.org/p/victoria-ptg-barbican 13:06:39 (apologies for being late) 13:06:46 Hi rosmaita! 13:07:00 hello 13:07:11 So yeah, we're still planning on adding the Secret Consumers to openstacksdk first (as opposed to python-barbicanclient) 13:07:26 good thing you are here rosmaita 13:07:38 is cinder using openstacksdk? 13:07:42 no 13:07:51 (or was that a requirement from nova?) 13:07:54 ah damn... 13:08:13 i doubt that glance is using openstacksdk 13:08:16 glance doesn't either 13:08:21 (what you said) 13:08:29 that's been a bone of contention recently, yeah 13:08:41 Hmm... so would python-barbicanclient support make more sense? 13:08:57 it would for us 13:09:45 rosmaita do you know if that would go for glance too? 13:09:48 redrobot: this is sort of what i was talking about during the security sig session with user-facing sdks vs service-to-service sdks 13:09:58 yes, almost certainly 13:10:36 fungi: yes, what is the status of openstacksdk in terms of design philosophy? my understanding was that it is "opinionated", though i may be confusing it with something else 13:10:39 then having the secret consumers in the python-barbicanclient definitly would be the way to go 13:10:49 fungi, yeah, makes sense. 13:10:56 yes, it's really a service API 13:10:58 Ok, I'll bring this up in the Barbican meeting tomorrow. 13:11:05 I'm sure it will not be a problem. 13:11:06 rosmaita: it has an opinionated layer, a generalization layer and a raw api access layer, so you can choose 13:11:10 and the REST API will exist for users who want to use it 13:11:15 i try to be there tomorrow to :) 13:11:30 fungi: ok, thanks 13:11:36 the "opinionated" layer in openstacksdk is basically the old shade lib 13:12:04 the layer beneath it is more like what the traditional python client libs provided 13:12:25 and then the layer beneath that is essentially a direct access to the rest api 13:13:06 what i want as a service is simple client access that the target service maintains and has tested to work correctly 13:13:08 but it lets you mix and match calls, like get a keystone token via a high-level call and then use it in direct api calls 13:14:28 i want to say the openstacksdk maintainers did recently add all the traditional python client lib core reviewers to their core team, to make it easier for each team to maintain their own bits 13:14:51 * fungi checks 13:16:51 hrm, nope, not all of them, but the core review team for it is up around 25 folks now 13:17:22 anyway, i know they're happy to add more folks if they're interested in maintaining support for specific projects 13:18:41 #topic Image Encryption Specs/WIP 13:19:23 two weeks ago i updated the glance spec and rebased the WIP patch 13:20:48 i will ping abhishekk to take a look into it 13:21:37 nothing more from my side so far 13:22:18 are there any questions concerning specs / wip-patches? 13:23:14 #topic Open Discussion 13:23:16 i owe you some reviews, will work on that this week 13:23:30 or are there some other questions / topics you want to discuss? 13:23:56 during one of the ptg sessions for the openstack technical committee, it was suggested that the community might benefit from a brief summary of how far along this effort is 13:24:14 maybe even just a paragraph to the openstack-discuss ml 13:24:31 that's a good idea 13:24:41 like which specs are proposed, which are implemented, what's still on the roadmap 13:24:49 could include a reminder of the pop-up meeting, too 13:24:59 exactly, opportunity to advertise more broadly 13:25:19 (they didn't just single out this effort, it was basically all the pop-up teams) 13:25:39 maybe once a cycle or so would be a reasonable cadence 13:25:41 how should this be handled? as an email to the mailing list? 13:26:00 yeah, to the openstack-discuss ml would be simplest 13:26:15 okay 13:26:47 mainly because it reminds folks where help is still needed 13:27:03 and improves chances of (eventual) success 13:27:35 i hope so :) 13:28:14 i will send out a mail soon 13:28:16 btw rosmaita does a bug report exist for the 1GB encrypted volume size probleme exist? 13:28:17 it could be very brief, and there's no rush on it 13:29:12 Luzi: probably, i can look 13:30:44 i would like to add my findings for the volume-> image->volume case - maybe it will help 13:31:29 i think this might be it: https://bugs.launchpad.net/cinder/+bug/1720885 13:31:29 Launchpad bug 1720885 in Cinder "Out of space when migrating encrypted volume between two LVM backends" [High,In progress] - Assigned to Yeshwanth Allampati (yeshwanth-allampati) 13:32:06 thank you 13:33:43 anything else you would like to talk about? 13:34:25 nothing on my end 13:34:48 nope 13:34:49 ok, thank you for joining and have a nice week :) 13:34:54 you too! 13:35:00 #endmeeting image_encryption