Thursday, 2020-06-04

« Wednesday, 2020-06-03 Index Friday, 2020-06-05 »
*** goldyfruit has joined #openstack-glance00:59
*** jv|afk has quit IRC01:01
*** Liang__ has joined #openstack-glance01:08
*** Liang__ is now known as LiangFang01:09
*** goldyfruit has quit IRC01:17
*** gyee has quit IRC01:26
*** rcernin has quit IRC01:27
*** rcernin has joined #openstack-glance01:30
*** rcernin has quit IRC02:37
*** rcernin has joined #openstack-glance03:30
*** rcernin has quit IRC03:31
*** rcernin has joined #openstack-glance03:37
*** LiangFang has quit IRC04:04
*** Liang__ has joined #openstack-glance04:05
*** Liang__ has quit IRC04:23
*** Liang__ has joined #openstack-glance04:23
*** evrardjp has quit IRC04:33
*** evrardjp has joined #openstack-glance04:33
*** ratailor has joined #openstack-glance05:06
*** Liang__ has quit IRC05:15
*** Liang__ has joined #openstack-glance05:16
*** udesale has joined #openstack-glance05:36
*** belmoreira has joined #openstack-glance06:12
*** ratailor has quit IRC06:43
*** ratailor has joined #openstack-glance06:44
*** Liang__ has quit IRC07:12
*** rcernin has quit IRC07:15
*** rcernin has joined #openstack-glance07:20
*** rcernin has quit IRC07:21
*** rcernin has joined #openstack-glance07:21
*** m75abrams has joined #openstack-glance07:25
*** rcernin has quit IRC07:41
*** jawad_axd has joined #openstack-glance07:48
*** jmlowe has quit IRC07:54
*** jmlowe has joined #openstack-glance07:56
*** rcernin has joined #openstack-glance08:05
*** rcernin has quit IRC08:09
*** tkajinam has quit IRC08:48
*** priteau has joined #openstack-glance08:57
*** Liang__ has joined #openstack-glance09:25
*** rcernin has joined #openstack-glance09:31
*** rcernin has quit IRC09:36
*** udesale has quit IRC09:39
*** udesale has joined #openstack-glance09:49
*** Liang__ has quit IRC10:31
*** udesale_ has joined #openstack-glance11:08
*** udesale has quit IRC11:11
*** donnyd_ has quit IRC11:33
*** donnyd_ has joined #openstack-glance11:34
*** donnyd_ has quit IRC11:34
*** donnyd_ has joined #openstack-glance11:36
*** donnyd_ has quit IRC11:36
*** TobbeCN has joined #openstack-glance11:37
*** donnyd_ has joined #openstack-glance11:42
*** donnyd_ is now known as donnyd11:44
*** TobbeCN has quit IRC12:07
*** benj_- has joined #openstack-glance12:36
*** zzzeek has quit IRC12:36
*** abhishekk has quit IRC12:36
*** udesale_ has quit IRC12:36
*** mvkr has quit IRC12:36
*** kukacz_ has quit IRC12:36
*** zigo has quit IRC12:36
*** benj_ has quit IRC12:36
*** tonyb has quit IRC12:36
*** benj_- is now known as benj_12:36
*** mvkr has joined #openstack-glance12:37
*** zzzeek has joined #openstack-glance12:38
*** zigo_ has joined #openstack-glance12:45
*** m75abrams has quit IRC12:47
*** dosaboy has quit IRC12:50
*** dosaboy has joined #openstack-glance12:51
*** tkajinam has joined #openstack-glance13:02
*** Liang__ has joined #openstack-glance13:32
*** ratailor has quit IRC13:58
*** abhishekk has joined #openstack-glance14:11
*** gyee has joined #openstack-glance14:46
*** jawad_axd has quit IRC14:52
*** jawad_axd has joined #openstack-glance14:54
abhishekksmcginnis, when you get time, kindly have a look at https://review.opendev.org/73339514:59
*** Luzi has joined #openstack-glance15:05
*** Luzi has quit IRC15:05
smcginnisabhishekk: Will do!15:06
abhishekksmcginnis, thank you15:06
*** lpetrut has joined #openstack-glance15:48
*** lpetrut has quit IRC16:03
*** rcernin has joined #openstack-glance16:03
*** tkajinam has quit IRC16:05
*** rcernin has quit IRC16:08
*** Liang__ has quit IRC16:12
*** jv|afk has joined #openstack-glance16:40
*** priteau has quit IRC16:49
jokke_rosmaita: you around?17:38
rosmaitajokke_: what's up?17:50
*** jv|afk has quit IRC17:51
jokke_The encrypted NFS thingie17:52
jokke_rosmaita: I just added comment on the review. But quick is that only issue with nfs backend?17:52
jokke_And how can we figure out if the volume type is going to be encrypted befre we create it?17:53
rosmaitaI think you can set the volume_type used when you configure the cinder store17:54
rosmaitaso we need to doc that you should never use an encrypted type with cinder store with NFS backend17:54
rosmaitaso this fix is to catch something that shouldn't have been allowed, and in a properly configured deployment, will never happen17:55
rosmaita(at least that's my understanding)17:55
rosmaitaas far as is that the only issue with nfs backend ... only thing we know of ATM17:56
jokke_oh, there is indeed volume type in there17:56
rosmaitai should've flagged that on the review17:56
jokke_rosmaita: so what's the problem there?17:56
*** jawad_axd has quit IRC17:57
jokke_We can get details of the volume type via cinderclient, right? So we can detect this already at startup and prevent the store even initializing if we know it doesn't work17:57
jokke_I just want to avoid us a) needing to create dummy test volume on startup to make that happen b) give the user impression the cinder store is available when it's in fact unusable17:58
rosmaitaright17:58
rosmaitai think you could do that at startup, but would probably still need the check in this patch17:59
jokke_we should raise BadStoreConfiguration at startup if it's encrypted nfs volume (or any other volume type we know will cause issues and be unusable)17:59
rosmaitabecause the volume_type properties could change cinder-side18:00
jokke_yeah, I see that being possible problem. Just wanted to understand what's going on here as there is no bug and the commit message just says "this should not be done"18:01
jokke_So trying t understand what's the problem and what all we need to take into consideration18:01
rosmaitayeah, it has something to do with the way NFS encryption is done that i'm not completely clear on18:02
rosmaitalet me check with eharney18:02
rosmaitahe explained it to me last week, but i am having trouble articulating what exactly the problem is18:02
jokke_kk18:04
jokke_It's a good to harden for sure, lets just not do it in a way that gives sucky user experience18:05
rosmaitaok, so as far as the volume-type goes -- you can tell if it's encrypted, but can't tell whether the backend is NFS or not18:09
rosmaitaso checking it up front really isn't an option18:09
jokke_so we need to create dummy volume every time we start to check that18:09
rosmaitabut we do need to document a warning, probably18:09
jokke_Or we can just say encrypted volumes are not supported as glance store18:10
whoami-rajatrosmaita, jokke_ that logic has a problem. if we don't supply the volume type and the default type on cinder end is encrypted then no way on glance store to detect it's encrypted18:10
jokke_whoami-rajat: so there is no way to get volume type info of default type?18:11
whoami-rajatalso what brian said that got me to write the code after the os brick connection to know it's the nfs driver18:11
whoami-rajathmm. i think we can with a command18:12
whoami-rajat /v3/{project_id}/types/default18:13
whoami-rajatyeah we've an API18:13
jokke_whoami-rajat: cool so we can get the info18:13
whoami-rajatbut again knowing it's an NFS backend problem stays18:13
rosmaitajokke_: the problem isn't encrypted volumes, it's encrypted on nfs -- for fibre/iSCSI, you have dm-crypt as like a transparent layer in front of the block device; with nfs you have to go through qemu18:14
abhishekkso there is no way to know at the glance service start what backend driver cinder is using, right?18:16
rosmaitai think not, a volume_type can be tied to multiple backends18:17
jokke_ohh christ18:17
whoami-rajatrosmaita, not at one time18:17
rosmaitayep18:17
whoami-rajatIIUC18:17
rosmaitawhoami-rajat: i thought the schedule figures it out18:17
jokke_so we can eiher have qemu running in the conroller, just not accept any encrypted volumes as store or have shitty user experience when someone screws up the config18:18
whoami-rajatrosmaita, we provide volume_backend_name in the volume type to tag it to a backend ?18:18
rosmaitayeah, but that's not required18:19
whoami-rajatjokke_, glance_store creates the volume18:19
whoami-rajatrosmaita, yeah, it will then go to the scheduler if it isn't defined. right18:19
rosmaitaok18:19
jokke_That's actually even worse than it constantly failing. Tht means it can sporadically fail and you just try again and suddenly it works18:20
whoami-rajatit should work until a volume type is provided18:21
whoami-rajati think we've gotten off track with the point it can be assigned to any backend18:21
whoami-rajatthe backend doesn't make it encrypted18:22
whoami-rajatthe volume type does18:22
rosmaitajokke_: you've got to figure that the cinder admin will know how to configure a volume_type properly18:22
rosmaitaso the glance admin just needs to ask for an appropriate one18:22
rosmaitaor let triple-o set it up correctly :)18:22
abhishekk:D18:22
jokke_Maybe it's better I just don't say anything18:24
jokke_So why are we not going through qemu then and just make it work18:26
abhishekk+118:27
abhishekkeither refuse all the encrypted volumes or make it work for nfs as well18:28
jokke_Now, i need food before our sessions starts. BBL18:29
whoami-rajatit will be a feature and take time to make it work for consuming APIs to support encrypted volumes. i think if anyone's interested can work on it but until then to avoid unwanted behavior from glance_store it's best to block it.18:30
rosmaitawell, you could just not support encrypted volume_types in glance_store ... it doesn't really make sense anyway, i don't think, because what the user gets out of glance is always unencrypted18:34
abhishekkbut jokke_ really has a point18:37
rosmaitawhich one?18:38
abhishekkit will be of no use if NFS used as a cinder backend with encrypted volumes and glance is using cinder18:38
abhishekkthen that store is of no use18:38
rosmaitaright, so that would be an immediate indicator that something isn't working18:39
whoami-rajatwe can create an uncrypted volume type for the nfs backend and set that in glance_store18:40
abhishekkusing cinder_volume_type config option?18:41
whoami-rajatyep18:41
rosmaitai think we are overcomplicating things -- this is a special case18:42
rosmaitayou'd figure if an operator wants to use the cinder backend for glance_store, they should know a bit about cinder18:42
rosmaitaso i think let the operator configure the cinder_volume_type as they see fit18:42
whoami-rajatrosmaita++ and we're just blocking it temporarily to avoid weird behavior until someone dedicately works on it and makes it work18:42
abhishekkwhoami-rajat, that someone and sometime never happens :D18:43
whoami-rajatabhishekk, you mean someone working on it?18:44
abhishekkwhoami-rajat, nope, I am saying that we choosing this way hoping that someone will fix it with better approach latter18:44
abhishekkthat someone never finds time to fix these kind of things18:45
rosmaitawell, it would be an added feature18:45
rosmaitaif someone really wants it they can implement it18:45
rosmaitathis check is there just in case18:46
whoami-rajatif we don't want this check then it's fine by me but if someone ends up getting weirdly behaving image-volumes then cinder isn't to blame, we tried :P18:47
abhishekkOk18:48
*** goldyfruit has joined #openstack-glance18:50
*** m75abrams has joined #openstack-glance19:04
*** goldyfruit has quit IRC19:05
openstackgerritMerged openstack/glance master: Exclude http store if --all-stores specified for import/copy operation  https://review.opendev.org/73339519:10
openstackgerritAbhishek Kekane proposed openstack/glance stable/ussuri: Exclude http store if --all-stores specified for import/copy operation  https://review.opendev.org/73368319:12
*** belmoreira has quit IRC19:12
*** jv|afk has joined #openstack-glance20:01
*** rcernin has joined #openstack-glance20:05
whoami-rajatabhishekk, around?20:08
abhishekkwhoami-rajat, yes20:08
openstackgerritRajat Dhasmana proposed openstack/glance_store master: Don't allow image creation with encrypted nfs volumes  https://review.opendev.org/73250620:08
whoami-rajatabhishekk, ^ updated with test20:08
abhishekkwhoami-rajat, thanks20:08
whoami-rajatnp20:09
whoami-rajatwill finally go to sleep now :P goodnight!20:09
*** rcernin has quit IRC20:10
abhishekkgood night whoami-rajat20:10
abhishekksleep well :d20:10
whoami-rajatabhishekk, also JFYI try catch is used because testtools (our base class) doesn't support self.assertRaises with context manager (like unittest does), also i saw it used in swift store tests so i don't think it's a problem20:11
whoami-rajatabhishekk, thanks!20:11
abhishekkwhoami-rajat, ack20:11
*** jv|afk has quit IRC20:25
*** jv|afk has joined #openstack-glance20:48
abhishekkhttps://meetpad.opendev.org/glance-victoria-ptg20:52
abhishekkwe will be starting today's discussion in 10 minutes20:52
*** gyee has quit IRC20:55
*** gyee has joined #openstack-glance20:57
*** rcernin has joined #openstack-glance22:06
*** rcernin has quit IRC22:11
*** rajinir has quit IRC22:35
*** CeeMac has quit IRC22:35
*** nicolasbock has quit IRC22:36
*** vkmc has quit IRC22:36
*** rajivmucheli has quit IRC22:36
*** mnaser has quit IRC22:36
*** donnyd has quit IRC22:36
*** NobodyCam has quit IRC22:36
*** gregwork has quit IRC22:36
*** mnasiadka has quit IRC22:37
*** gagehugo has quit IRC22:37
*** TheJulia has quit IRC22:37
*** NobodyCam has joined #openstack-glance22:37
*** gagehugo has joined #openstack-glance22:37
*** gmann has quit IRC22:37
*** wxy has quit IRC22:37
*** CeeMac has joined #openstack-glance22:37
*** rm_work has quit IRC22:38
*** rajinir has joined #openstack-glance22:38
*** wxy has joined #openstack-glance22:38
*** vkmc has joined #openstack-glance22:38
*** gregwork has joined #openstack-glance22:39
*** gmann has joined #openstack-glance22:39
*** mnasiadka has joined #openstack-glance22:40
*** mnaser has joined #openstack-glance22:41
*** donnyd has joined #openstack-glance22:41
*** TheJulia has joined #openstack-glance22:42
*** nicolasbock has joined #openstack-glance22:42
*** rcernin has joined #openstack-glance22:47
*** rm_work has joined #openstack-glance22:51
*** m75abrams has quit IRC22:53
*** tkajinam has joined #openstack-glance22:56
*** gyee has quit IRC23:46
*** rcernin has quit IRC23:49
« Wednesday, 2020-06-03 Index Friday, 2020-06-05 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!