15:00:36 #startmeeting manila 15:00:37 Meeting started Thu Dec 20 15:00:36 2018 UTC and is due to finish in 60 minutes. The chair is tbarron. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:38 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:41 The meeting name has been set to 'manila' 15:00:53 ping bswartz 15:00:56 ping gouthamr 15:00:57 hello 15:01:00 ping ganso 15:01:02 o/ 15:01:04 hi ganso 15:01:14 ping xyang 15:01:32 ping toabctl 15:01:39 o/ 15:01:41 hey 15:01:49 ping erlon 15:02:01 ping tpsilva 15:02:09 ping amito 15:02:20 hi 15:02:23 ok, that's all the folks who put their names on the ping list 15:02:31 Hello all! 15:02:38 hey 15:02:43 .o/ 15:02:49 Sorry I'm late 15:02:54 Agenda: https://wiki.openstack.org/w/index.php?title=Manila/Meetings§ion=2 15:02:58 hi bswartz 15:03:02 Was replacing faulty hardware 15:03:16 we're just starting 15:03:23 #topic announcements 15:03:44 just a reminder that milestone 2 is the week of January 7 15:04:23 also, our stable branches were blocked but 15:04:33 finally https://review.openstack.org/#/c/622262/ merged 15:04:49 that's a lot of 2's 15:05:11 we're backporting it and only the change for ocata is pending 15:05:28 no controversy once people felt it was safe for stable/rocky 15:05:33 amito: :) 15:06:07 The problem at root is that even though we pin all the requirements down for stable branches OS updates occur anyways 15:06:16 and destabilize everything 15:06:30 Anyone else have announcements? 15:07:01 #topic 27 December meeting - cancel? 15:07:16 cancel 15:07:26 lots of folks are on holiday 27 December so we probably won't have quorum 15:08:01 anyone object to canceling, next meeting would be 3 January, two weeks from now 15:08:09 3 15:08:13 2 15:08:18 1 15:08:41 ok, I hear no objections and will update the manila meetings wiki accordingly 15:08:50 #topic kubecon report 15:09:03 we had several manila folks at kubecon 15:09:20 \o/ 15:09:29 In my view manila is well positioned to provide RWX storage to container orchestrators and 15:09:38 its lack of tight coupling to nova 15:09:54 which may have been a disadvantage for a nova-centric world 15:10:00 is now an advantage 15:10:09 Be that a it may (my views) 15:10:10 I 15:10:29 I'd like to hear from bswartz xyang gouthamr about kubecon 15:10:34 what should we know? 15:10:55 So there was a F2F (face to face) meeting of the storage sig on wednesday 15:11:00 o/ it was a great gathering, the largest kubecon apparently 15:11:45 There weren't too many sessions in the conference proper on storage related topics (I only went to 1) 15:11:50 xyang and bswartz presented on a few interesting topics in the storage meetups 15:12:02 But the face to face meeting was very well attended 15:12:02 SIG Storage F2F notes: https://goo.gl/HjtoBH 15:12:36 was the f2f storage sig by any chance recorded? 15:12:48 gouthamr: great notes, thanks! 15:12:50 No 15:13:08 Audio was just 1 microphone, only the presenter and people on the phone could be heard 15:13:13 No video 15:13:19 also here's a Cloud native storage whitepaper xyang contributed to: https://goo.gl/XSrL1S 15:13:20 sorry, I'm in another meeting now 15:13:27 xyang: :) 15:13:34 * gouthamr and we're going ping-ping-ping on xyang 15:14:40 The topic of Manila did not come up 15:15:12 did the topic of rwx storage for COs come up? 15:15:31 tbarron: not sure what you mean 15:15:40 rwx storage has been a thing for a long time 15:15:41 CSI support is GA in k8s 1.13 15:15:50 read write many for container orchestrators 15:16:00 Yeah CSI is GA now and the focus is on the next round of CSI-related features including improvements to snapshots 15:16:18 some of the stuff I see in the notes looks like re-doing cinder for CSI :) 15:16:31 At least for kubernetes, rwx has been supported as long as NFS has been around 15:16:46 maybe without paying attention to what we learned when going from cinder to maniila 15:16:47 There are other FS types that support rwx too -- it's not an exotic thing 15:16:52 RawBlock 15:16:56 derp 15:17:16 Raw block support is relatively new in the kubernetes world, and it's getting more stable 15:18:28 tbarron: a lot of the same problems are getting rediscovered, but there's a lot of overlap in the communities so people have seen the problems before 15:18:34 what sort of write-arbitrator does raw block have? 15:19:00 The big open question is whether the kubernetes community will find better solutions than the openstack community did or not 15:19:24 tbarron: raw block, like filsystem, can be single-attach or multi-attach 15:19:59 and if multi-attach and writable there's a need for a write-arbitrator, correct? 15:20:06 Because of the way kubernetes works, it's actually easier to provide multi-attach raw block storage than multi-attach filesystem storage 15:20:23 But in reality nearly all the solutions are single-attach 15:20:38 That's mostly because raw block support is so new 15:20:54 That's not super relevant to us in Manila though 15:22:39 well if you can use it instead of filesystems and it's faster, that would seem to be relevant 15:22:52 like no need for filesystems 15:22:56 It's typically not about speed 15:23:37 Raw block support is typically interesting because there's a wider variety of ways to do multi-attach with it than filesystems 15:23:54 And for applications that just need a bag of bits, a filesystem is just an extra layer of abstraction 15:24:13 Which is unneeded complexity, and yes, a small performance penalty 15:24:51 a bag of bits seems more like object storage :) 15:25:22 Raw block is valuable in the context of storage-oriented applications like databases and shared filesystem implementations 15:25:45 well a bag of bits is 1 object in an object store 15:26:01 A whole object does have some kind of structure to it 15:26:05 Err 15:26:11 A whole object store does have some kind of structure to it 15:26:56 ok so w.r.t. the write-arbitration question, raw block is intended for use by apps like databases that coordiante their writes from e.g. different app instances on different hosts themselves 15:27:11 Yeah 15:27:17 got it 15:27:35 Obviously if you're sharing access to a block device you need a way to coordinate between the accessors 15:27:53 and that's one thing a file system gives the apps for free 15:27:58 That's a distributed systems problem though 15:28:14 at a performance cost 15:28:36 Yeah NFS has built in locking and cache coherency protocols 15:29:27 OK, anything else on kubecon report? 15:29:48 Can't think of anything else that would be interesting to this crowd 15:30:02 I will say, Seattle has a LOT of sea food 15:30:06 :) 15:30:18 oh, yeah.. sig-openstack is going to restart meetings in January 15:30:41 meeting schedule is here: https://github.com/kubernetes/community/tree/master/sig-openstack 15:31:06 I think it will be interesting to figure what the role of manila, cinder, etc. will be for on-prem container-clouds when stuff like rook really matures 15:31:10 gouthamr: who is running those? 15:31:28 it'll be a good time to report progress on our work to shape up teh manila provisioner 15:31:36 bswartz: hodgepodge, dims 15:31:37 gouthamr: +1 15:32:15 actually, scratch that: https://github.com/kubernetes/community/tree/master/sig-openstack#leadership :) 15:32:28 gouthamr: are you the one working on that? 15:32:44 o/ 15:32:47 rook will supply storage abstractions that aren't specific to on-prem clouds ... 15:33:07 I meant the manila provisioner 15:33:09 bswartz: you mean the manila csi implementation? tbarron, vkmc have been more involved than I, but yes. 15:33:26 Okay 15:33:29 Does it have a home? 15:34:14 upstream i think it would be parallel to cinder-csi but that's one thing to nail down 15:34:26 bswartz: yes, cloud-provider-openstack 15:34:32 Link? 15:34:48 https://github.com/kubernetes/cloud-provider-openstack 15:34:53 #LINK https://github.com/kubernetes/cloud-provider-openstack 15:35:23 ^ that's where the current manila dynamic provisioner lives 15:35:31 Ah yes 15:35:32 Ty 15:35:59 (old home: https://github.com/kubernetes-incubator/external-storage) 15:36:46 Anything else on this topic today? 15:36:58 Nope 15:37:10 #topic gate issues 15:37:32 besides the stable/branch issues I mentioned we still have lots of non-voting job failures 15:37:45 I want to turn red to green 15:38:07 so will be pushing people for reviews and 15:38:20 asking some of you (you know you you are) for 15:38:24 * gouthamr waves at dims, congratulates him for the k8s community award 15:38:34 help w.r.t. the generic driver problems 15:38:46 yeah, hi dims and congrats! 15:38:46 aww thanks :) 15:39:27 That's pretty much all I have to say on this topic - thanks to those helping with reviews so far. 15:40:01 yeah, we still haven't found the real cause of the failures on the manila generic driver jobs 15:40:19 gouthamr: right, just making baby steps 15:40:36 tbarron++, yep, ty! 15:40:40 gouthamr: updated xenial service image has the same issue as the image from a year ago 15:40:53 Not bionic yet? 15:41:00 bionic image has a different, apparently earlier failure to connect to svm issue 15:41:11 doesn't get as far so far as I can tell 15:41:11 -_- 15:41:38 looks like the networking is messed up 15:41:58 bswartz: do you know if there's any reason for the service module to do that layer2 stitching 15:42:12 different for ovs, for linux bridge, etc. 15:42:14 Wait which service module are you referring to 15:42:15 nowadays? 15:42:20 Oh 15:42:35 It has to match what the cloud is using IIRC 15:42:39 did we do that because neutron didn't have an api for what we needed to do? 15:42:46 That too 15:43:04 maybe we can do everything with neutron then 15:43:07 The code to do the horrible network backdoor exists because neutron didn't support what we needed years back 15:43:33 The option to use linuxbridge or ovs is because the horrible backdoor has to be compatible with what neutron is doing 15:43:34 bswartz: which is? 15:44:04 I'm thinking maybe nowadays we can get rid of the horrible backdoor 15:44:07 ganso: a way to SSH from the m-shr service to the service VM 15:44:25 bswartz: and what's new in neutron that could allow us to accomplish that without the backdoor? 15:44:36 since we have to debug this issue anyways 15:44:37 Assuming the service VM could be on a neutron network with no routers 15:44:58 ganso: I'm not aware of any changes in neutron 15:45:03 bswartz: are you thinking about using something equivalent to "ip netns exec ssh" ? 15:45:18 It sounds like tbarron may know of some new development I haven't heard of yet 15:45:29 ganso: that won't work 15:45:37 bswartz: I don't know but I'm hoping ... 15:46:19 tbarron: without help from nova this is a very hard problem to solve 15:46:48 we should be able to boot up an svm with two nics, one on the tenant net and one on a net that manila share is also on 15:47:18 tbarron: there is an option for that 15:47:29 tbarron: it is called "connect_to_tenant_network" 15:47:32 "connect to tenant network" or something? 15:47:39 gouthamr: yep 15:47:48 ^ yes! that's how we solved the recent problem with the grad student :) 15:48:01 why isn't that the default? 15:48:14 Security issues maybe? 15:48:19 gouthamr: it doesn't solve the current gate problem, I already tried that 15:48:51 bswartz: true, but the manila service network can be secured 15:48:51 gouthamr: I mean, it doesn't solve because the driver will still try to use the 10.254.0.x network port to access the share server 15:49:15 ganso: that might be fixable 15:49:41 tbarron: but then it would need a different route. The driver cannot access the tenant's network by default 15:49:49 tbarron: creating the backdoor there isn't an option 15:50:44 connect_share_server_to_tenant_network 15:50:54 ^ This? 15:50:57 bswartz: yes 15:51:58 if the share server has two faces, one on the tenant's net (and that's wehere its export location is published) and one back to manila-share-with-driver ... 15:52:18 We should consider these alternatives and try to changes the defaults to something more likely to work 15:52:35 tbarron: actually, we kinda already have the means to fix it with that admin plugin network we added back in 2015 15:52:39 yeah, that's what I wanted everyone to agree to ^^ 15:52:46 what bswartz said 15:52:50 tbarron: it would have a simpler connection to the driver 15:53:03 Originally when we were designing this, all the options looked bad to us, and we were hoping that neutron or nova would change to make the situation better 15:53:22 Unfortunately other priorities took over, and we never pushed for the improvements needed 15:54:05 ok, let's pursue this more outside of this meeting 15:54:06 I could see the admin network stuff helping here 15:54:14 But the security implications make me shiver 15:54:31 bswartz: and it is hardly feasible in the gate 15:54:35 You really have to trust those service VMs if you go down that path 15:54:54 bswartz: because we would need the host with 2 network interfaces to create a provider network 15:55:26 bswartz: i wonder if we can mitigate that with security rules, they work a lot better than when this stuff was developed 15:55:32 bswartz: the admin network we create for testing is fake 15:55:55 ganso: well we'd need a real one 15:56:16 Maybe we should schedule a breakout meeting to delve into this problem 15:56:21 +1 15:56:32 It still need a champion to drive it though 15:56:37 also, can we have bug triage/bug squash soon-ish? 15:56:47 we haven't looked at them in a while 15:56:54 gouthamr: well we're out of time today 15:57:26 tbarron: yeah, not today.. but i wanted us to visit them in a separate meeting as we agreed to during PTG 15:57:27 :) 15:57:36 sure 15:57:56 let's talk about breakout meetings for 5 min in #openstack-manila 15:58:00 #topic our work 15:58:14 Is anyone aware of any new nova features that could serve as a channel of communication from m-shr to the service VM? 15:58:18 Please review the access-rule-priortity review 15:58:31 https://review.openstack.org/#/c/572283/ 15:58:39 thanks to toabctl and ganso for reviewing 15:58:47 lately 15:59:17 bswartz: I'm not, but let's explore 15:59:44 ok, let's continue briefly in #openstack-manila 15:59:48 Thanks everyone!! 16:00:02 #endmeeting