15:00:49 <tbarron> #startmeeting manila
15:00:49 <openstack> Meeting started Thu Feb 28 15:00:49 2019 UTC and is due to finish in 60 minutes.  The chair is tbarron. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:50 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:52 <openstack> The meeting name has been set to 'manila'
15:00:56 <amito> o/ hey
15:00:57 <bswartz> .o/
15:01:01 <ganso> hello
15:01:03 <carlos_silva> hi
15:01:08 <bswartz> I'm back from traveling
15:01:22 <tbarron> bswartz: welcome back!
15:01:24 <dviroel_> o/
15:01:30 <tbarron> carlos_silva: welcome
15:01:47 <tbarron> dviroel_: hello!  not sure I've seen you here before
15:01:58 <lseki> hello
15:02:07 <erlon> hey
15:02:16 <tbarron> ping gouthamr xyang toabctl ganso tpsilva
15:02:23 <tbarron> lseki: welcome!
15:02:34 <tbarron> lseki: and thanks for patches
15:02:35 <lseki> tbarron: thank you!
15:02:50 <carlos_silva> tbarron: thank you :)
15:03:02 <tbarron> agenda: https://wiki.openstack.org/wiki/Manila/Meetings#Next_meeting
15:03:09 * tbarron waits a couple minutes
15:03:24 <dviroel_> tbarron: actually it is my second time.
15:03:26 <erlon> tbarron, dviroel_ has joined our team!
15:03:37 <tbarron> dviroel_: that's great!
15:04:03 <vkmc> o/
15:04:10 <tbarron> o/
15:04:16 <tbarron> \o
15:04:18 <vkmc> bswartz, wb, thanks for the review in the tls patch :)
15:04:58 <tbarron> ok let's get started
15:05:07 <tbarron> #topic announcements
15:05:27 <tbarron> The TC election has started.
15:05:44 <tbarron> unfort we don't have bswartz as a candidate this time
15:05:53 * tbarron nudges him for next time
15:05:57 <tbarron> BUT
15:06:15 <tbarron> we have till 5 March to vote
15:06:30 <tbarron> #link http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003227.html
15:06:39 <tbarron> Please vote if you are eligible.
15:07:17 <tbarron> Participation is valuable for its own sake.
15:07:59 <gouthamr> o/
15:08:01 <tbarron> In that healthy participation helps keep Open Stack with open governance vital.
15:08:07 <amito> gouthamr: hey!
15:08:09 <tbarron> gouthamr: \o
15:08:32 <tbarron> Next: Forum submission topic deadline is next Friday.
15:08:43 <tbarron> I intend to submit after our meeting next week.
15:08:53 <tbarron> We have a brainstorming etherpad here:
15:09:08 <tbarron> #link http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003059.html
15:09:20 <tbarron> oh that's the email saying where it is
15:09:27 <tbarron> just follow the links
15:09:36 <tbarron> so far I'
15:09:49 <tbarron> so far I'm the only one who has put anything on that etherpad
15:10:20 <tbarron> Finally, feature freeze is 7 March - one week from today
15:10:25 <amito> tbarron: do we have an etherpad for the PTG as well?
15:10:30 <tbarron> that's also client library change
15:10:38 <tbarron> amito: not yet, I'll post it
15:10:59 <tbarron> stein schedule again is:
15:11:06 <tbarron> #link https://releases.openstack.org/stein/schedule.html
15:11:35 <tbarron> amito, all: we will be at PTG and at summit we will have onboarding and project status and Forum sessions for manila
15:11:51 <tbarron> if you will be there and want to help with these ping me
15:12:21 <tbarron> Any questions/comments on these announcments?  Any other announcements?
15:12:52 <tbarron> #topic Tracking our work
15:13:09 <tbarron> #link https://wiki.openstack.org/wiki/Manila/SteinCycle
15:13:40 <tbarron> in light of feature freeze, the most important thing to do is reviews on the manage with multi-tenancy work
15:13:56 <tbarron> #link https://review.openstack.org/#/q/topic:bp/manage-unmanage-with-share-servers+(status:open+OR+status:merged)
15:14:25 <tbarron> i've been reviewing and goutham has done some good review work here as well I think as toabctl
15:14:30 <tbarron> but we need more eyes!
15:14:50 <tbarron> This is a significant change for manila and we want to merge it.
15:15:04 <tbarron> Thanks to ganso and his team for their great work.
15:15:05 <ganso> indeed, the closer we get to feature freeze, the riskier it is to have our gate broken, as other projects such as cinder, nova, neutron, etc may merge changes that break our gate
15:15:37 <tbarron> All that said, there are probably things that more review eyes will see and that we should fix up.
15:15:50 <tbarron> So please review.
15:15:52 <ganso> so, the best thing is to do reviews as soon as possible while our gate is stable, so we don't have to fix things in the last minute, risking not being able to merge the features that are ready now waiting for review
15:16:14 <tbarron> Don't think "oh I can't review that whole thing" -- do what you can
15:16:32 <tbarron> Don't think - oh I'm not a core, etc. etc.
15:16:41 <bswartz> Gah, gerrit crashed my browser
15:16:59 <tbarron> Don't say: oh my browser crashed, I can't review :)
15:17:07 <tbarron> ok, nuf said
15:17:12 <bswartz> Press "Open All" at your own risk
15:17:18 <lseki> lol
15:17:24 <gouthamr> ganso crashed your browser
15:17:32 <tbarron> What else is vital for next week's deadline?
15:18:28 <tbarron> vkmc: how goes the uswgi stuff?
15:18:50 <vkmc> it's going well, I'm currently working on a bug that was spotted yesterday
15:18:55 <vkmc> #link https://bugs.launchpad.net/manila/+bug/1818081
15:18:56 <openstack> Launchpad bug 1818081 in Manila "Problem using version specific endpoints when deploying with uWSGI" [High,New] - Assigned to Victoria Martinez de la Cruz (vkmc)
15:19:06 <vkmc> hopefully this unblocks cephfs gate
15:19:15 <gouthamr> o/ vkmc: https://review.openstack.org/#/c/639805/
15:19:18 <vkmc> thanks gouthamr for getting to the bottom of it
15:19:30 <vkmc> aaaand fixing it
15:19:35 <vkmc> :D
15:19:39 <tbarron> yeah this is an interesting story about our test coverage
15:19:46 <gouthamr> :D sorry, bothered me quite a bit
15:19:46 <tbarron> why is this a cephfs only issue?
15:20:05 <tbarron> what does uswgi have to do with the cephfs back end?
15:20:16 <vkmc> we need that one and also, to unblock the third party cis, we would need to update the version of the client they are using... not sure how we can do that
15:20:45 <vkmc> I'll let gouthamr address this one since he found that
15:21:14 <gouthamr> i actually don't know about this client incompatibility
15:21:28 <gouthamr> did we introduce something in the client that breaks third party CIs?'
15:21:41 <vkmc> no, I was referring to tbarron's question
15:21:48 <gouthamr> ohh
15:22:27 <tbarron> i think the third party  failures we saw are a separate issue that we need to investigate but
15:22:31 <gouthamr> yeah, all of our first party drivers run some version of a regex to remove tests that don't pertain to the manila-share service
15:22:45 <tbarron> yeah, talk about that one ^^
15:23:06 <gouthamr> ganso observed we're only running 7 tests (out 500+?) on the container driver
15:23:18 <tbarron> no wonder it's so reliable
15:23:19 <ganso> gouthamr: I already enabled the full regex on the core manage/unmanage patch
15:23:34 <ganso> gouthamr: and it added something like 5 minutes to the job
15:23:37 <gouthamr> the container driver is not feature complete, it should be running more than 7 tetss
15:23:41 <ganso> from 43 to 48 IIRC
15:23:41 <gouthamr> tests*
15:24:03 <gouthamr> ganso: nice, good, are you specifying a regex at all
15:24:20 <ganso> gouthamr: no, it is picking up the default now
15:24:23 <ganso> manila_tempest_tests.api
15:25:10 <gouthamr> ganso: good stuff... my current thought is we don't care about the 5-10 min losses to run the full test suite against these driverd
15:25:49 <tbarron> anyways because we had those regexes there were tests that would have failed on other back ends than cephfs with uwsgi
15:26:01 <tbarron> gouthamr: why does uwsgi cause those tests to fail?
15:26:51 <gouthamr> oh, when deploying with uwsgi we have a proxy, and the proxy path shows up in the URLs
15:27:09 <tbarron> so it's not uwsgi, it's that theres a proxy involved?
15:27:28 <gouthamr> and there's code in the manila API to only accept either /v1/xyzzy or /v2/xyzzy as the URL paths, and no proxy components
15:28:02 <gouthamr> i suspect we will have further issues here, besides the ones that vkmc and i have already addressed
15:28:08 <gouthamr> tbarron: yes
15:28:48 <gouthamr> the other issues could be in the object links ('href') or pagination, either of which we currently don't test with tempest
15:28:51 <tbarron> so we can treat these as bugs but i want to get enough of this stuff fixed by next week that the uwsgi changes can merge
15:29:15 <tbarron> so folks please prioritize these reviews
15:29:20 <gouthamr> yes, unless the uwsgi change is breaking some gate, i think it can merge
15:29:36 <tbarron> amito: you've done some good work on the openstack sdk
15:29:39 <vkmc> yeah, that fix you submitted should fix ceph gates
15:29:45 <amito> tbarron: thanks :)
15:29:50 <amito> tbarron: hope it gets reviewed soon
15:29:56 <tbarron> amito: do you know if the feature deadline freeze applied to it?
15:29:59 <vkmc> and third parties needs to be fixed by updating the python-manilaclient version
15:30:23 <gouthamr> vkmc: i still don't get that part
15:30:31 <amito> tbarron: I don't think so, gouthamr - you said they don't have a release, right?
15:30:39 <vkmc> in non third parties we are using python-manilaclient==1.26.1.dev7
15:30:50 <tbarron> amito: i think that's right, just checking ...
15:30:56 <vkmc> in third parties we are using python-manilaclient==1.26
15:31:09 <amito> tbarron: I still need to complete some unit-tests though
15:31:32 <tbarron> amito: kk
15:31:33 <vkmc> and there is a recent fix we merged in the client that fix how we resolve urls
15:31:51 <gouthamr> oh!
15:31:54 <vkmc> devstack fails if we try to deploy manila with uwsgi and without that client side fix
15:32:04 <gouthamr> ouch, yes :(
15:32:12 <vkmc> #link https://review.openstack.org/#/c/634345/
15:32:17 <vkmc> this is the fix I'm talking about
15:32:32 <tbarron> vkmc: will this be fixed if we release a new client to pypi?
15:32:39 <vkmc> tbarron, yes
15:32:44 <gouthamr> +1
15:32:59 <tbarron> gouthamr: vkmc: k, we'll propose that asap
15:33:07 <vkmc> assuming third party ci's update their client version if we release a new client to pypi
15:33:07 <tosky> tbarron: you need to release one next week anyway
15:33:18 <tbarron> anything else we need to get into the client?
15:33:25 <gouthamr> vkmc: don't think they need to update anything
15:33:25 <vkmc> nope, that's all
15:33:25 <tbarron> tosky: ack
15:33:32 <vkmc> gouthamr, cool
15:33:54 <gouthamr> they're not using the LIBS_FROM_GIT devstack var, which makes them get python-manilaclient from pypi
15:34:05 <vkmc> <vkmc> nope, that's all  <- last famous words... I want to see that ci go green with gouthamr patch
15:34:26 <tbarron> i'll propose the release today then.  If anyone thinks of something else that we need in the client let me know but I don't see outstanding reveiws.
15:34:56 <tbarron> oh
15:35:05 <tbarron> manage-unmange for share servers :)
15:35:11 <tbarron> ganso must be sleeping
15:35:17 <ganso> I'm here
15:35:23 * bswartz gets his large trout ready
15:35:23 <tbarron> because he's been working all night
15:35:42 <ganso> lol
15:35:45 <tbarron> ganso smells fishy now
15:36:44 <tbarron> ganso are you running libs_from_git in netapp ci for python-manilaclient in order to get your patch?
15:37:01 <ganso> tbarron: we don't run netapp-ci on python-manilaclient
15:37:09 <ganso> tbarron: and tempest doesn't need python-manilaclient
15:37:14 <tbarron> ganso: ack
15:37:45 <tbarron> vkmc: gouthamr ^^ then why does their 3rd party CI fail with uswgi?
15:38:21 <tbarron> I think we'll take this one to #openstack-manila -
15:38:41 <gouthamr> http://13.56.179.158/logs/38/631338/18/upstream-check/manila-cDOT-no-ss/bc0a2a2/logs/devstacklog.txt.gz#_2019-02-25_17_02_00_926
15:38:47 <vkmc> ganso, devstack needs it
15:38:47 <tbarron> we need to get the manage share servers stuff and the uwsgi stuff merged, let's review and figure out how to do it.
15:38:56 <gouthamr> http://13.56.179.158/logs/38/631338/18/upstream-check/manila-cDOT-no-ss/bc0a2a2/logs/local.conf.txt.gz
15:39:03 <gouthamr> same problem as vkmc mentioned
15:39:13 <ganso> I was looking at the wrong patch <facepalm/>
15:39:24 <gouthamr> i see "LIBS_FROM_GIT="
15:39:37 <ganso> we could trigger run netapp-ci there just in case it is a random failure
15:40:08 <tbarron> so netapp CI can add the uwsgi patch additionally and we'll know that pypi will work for 3rd parties
15:40:18 <tbarron> when we publish to pypi
15:40:31 <tbarron> after the manage pythonclient patch merges
15:41:03 <tbarron> #topic bugs
15:41:07 <tbarron> jgrosso you are up
15:41:10 <jgrosso> YAY!
15:41:15 <jgrosso> :)
15:41:22 <gouthamr> jgrosso: welcome back!
15:41:41 <jgrosso> thanks !! PTO for ever very rusty
15:42:11 <jgrosso> https://etherpad.openstack.org/p/manila-bug-triage-pad
15:42:27 <jgrosso> We have a section called NEW
15:42:55 <jgrosso> I am trying to triage these as soon as they come in
15:43:07 <vkmc> true history ^
15:43:10 <tbarron> jgrosso++
15:43:27 <vkmc> I saw him triaging my wsgi bug 3 minutes after I reported it
15:43:28 <openstack> bug 3 in mono (Ubuntu) "Custom information for each translation team" [Undecided,Fix committed] https://launchpad.net/bugs/3
15:43:30 <vkmc> jgrosso++
15:44:35 <jgrosso> so I am going to try and get all new bugs set with Importance
15:44:43 <jgrosso> first if there is nothing there
15:45:36 <jgrosso> can some explain this bug
15:45:48 <jgrosso> https://bugs.launchpad.net/manila/+bug/1816486
15:45:50 <openstack> Launchpad bug 1816486 in Manila " Allow configuring availability_zones in share types" [Undecided,New]
15:46:03 <gouthamr> ooh, doc bug
15:46:08 <tbarron> another good thing if it's obvious is low hanging fruit b/c we have a bunch of outreachy folks interested in picking these up
15:46:21 <vkmc> tbarron++
15:46:32 <gouthamr> thanks jgrosso, that was a tracker for me to go add docs, will probably get to it after milestone 3
15:46:50 <jgrosso> ok
15:47:01 <gouthamr> jgrosso: i'll modify the title to say [Doc] in the title
15:47:13 <jgrosso> https://bugs.launchpad.net/manila/+bug/1817316
15:47:14 <openstack> Launchpad bug 1817316 in Manila "security service password is stored in plaintext" [Undecided,New]
15:47:28 <tbarron> jgrosso: when you see DOCIMPACT like that at the top it's auto-generated b/c someone put a tag in their mainline commit ...
15:47:38 <jgrosso> tbarron: got it
15:47:43 <tbarron> jgrosso: this is an interesting one
15:47:47 <tbarron> reported by SAP
15:48:06 <tbarron> and I asked about it some this morning
15:48:08 <jgrosso> plaintext just scares me
15:48:18 <jgrosso> when attached to password
15:48:28 <tbarron> well it's plaintext only visible to cloud admins, not to cloud users
15:48:39 <vkmc> not the best combination, I agree
15:48:41 <tbarron> but SAP security auditors still don't like that
15:48:53 <tbarron> and I bet govt auditors too
15:49:02 <jgrosso> yeah I bet not
15:49:14 <tbarron> so I asked whether any projects are using barbican to protect these secrets yet
15:49:27 <tbarron> asked via our downstream openstack security team
15:49:38 <tbarron> so far it appears not
15:49:46 <tbarron> but I think this should be a PTG topic
15:49:58 <tbarron> anyone know of any projects doing this?
15:50:34 <bswartz> We could do a better job of handling secrets like the ones in security services
15:50:47 <tbarron> I wonder if we should add this as a potential cross-project forum session
15:50:54 <bswartz> At the time the feature was added, there wasn't a facility to make that easy
15:51:00 <tbarron> I don't think the issue is at all unique to manila
15:51:43 <tbarron> any project that stores passwords for external storage, external network equipment, external security/identity services, etc.
15:51:52 <tbarron> s/passwords/credentials/
15:52:00 <tbarron> would have this kind of issue
15:52:09 <tbarron> probably we should ask not WWCD
15:52:15 <tbarron> what would Cinder do?
15:52:19 <tbarron> but WWKD
15:52:22 <tbarron> keystone
15:52:49 <tbarron> keystone allows one to use LDAP etc. as back end right?
15:53:20 <bswartz> Ultimately what manila does is slighly unique and there are real security risks
15:53:33 <bswartz> But there should be a generalized way to avoid the worst of those risks, and we should take advantage of it
15:53:44 <tbarron> bswartz:+1
15:54:05 <tbarron> so let's find out the best practice as a baseline and go from there
15:54:08 <bswartz> One issue early in the life of OpenStack was that no project wanted to depends on any other project because it created deployment complexity
15:54:29 <gouthamr> i feel we can remove password if present, technically it's not in the API
15:54:32 <bswartz> Now perhaps there's a well-accepted thing we can depend on
15:54:42 <tbarron> bswartz: well we can try to do encryption with a plugin maybe
15:54:53 <gouthamr> i.e, the NetApp backend is storing it in its driver-specific "backend_details" field
15:55:36 <bswartz> tbarron: it's not our core strength, we'd either do a poor job, or waste a lot of time duplicated work others have done in order to do a good job
15:55:52 <bswartz> duplicating
15:56:10 <jgrosso> tbarron: Have we had a deep bug scrub recently for the manila upstream bugs?
15:56:12 <gouthamr> i.e, whatever we're going to implement, we've to figure out if a backend wants to store a secret in teh database... so, if a backend's currently doing that, we can just remove it from the API response citing security impact
15:56:16 <tbarron> bswartz: agree and that's why I want to find out if there's a best practice in some other project already
15:56:23 <tbarron> jgrosso: no
15:56:34 <tbarron> jgrosso: that's why we hired you :)
15:56:46 <jgrosso> good so I would like to have one :)
15:56:46 * tbarron is joking, jgrosso was hired for many jobs
15:56:55 <gouthamr> jgrosso: +100 :)
15:57:11 <tbarron> jgrosso: consider yourself fully deputized to drive it
15:57:23 <jgrosso> can we all agree on an hour meeting to go through some of these bugs ?
15:57:33 <jgrosso> I will try an organize them the best I can
15:57:40 <jgrosso> before said meeting
15:57:54 <dviroel_> 0,
15:58:06 <tbarron> jgrosso: so just propose it on openstack-discuss with [manila] at front of $subject
15:58:17 <jgrosso> I shall :)
15:58:36 <tbarron> jgrosso: make sure to do it early in the morning east coast time so gouthamr has to get up early
15:58:49 <jgrosso> also have not touched storyboard but did get a sandbox
15:59:04 <jgrosso> tbarron: yeah we can get that slacker up early ;)
15:59:12 * gouthamr sigh, trout coffee
15:59:29 <tbarron> time check
15:59:57 <tbarron> if there's anything else for today please take it to #openstack-manila
16:00:06 <ganso> tbarron: I do
16:00:10 <tbarron> Thanks everyone!  We're making some good progress.
16:00:11 <ganso> tbarron: will discuss there
16:00:18 <tbarron> ganso: thanks
16:00:21 <tbarron> #endmeeting