Monday, 2019-12-02

« Sunday, 2019-12-01 Index Tuesday, 2019-12-03 »
*** bbowen has joined #openstack-meeting00:00
*** slaweq has quit IRC00:02
*** slaweq has joined #openstack-meeting00:10
*** slaweq has quit IRC00:15
*** ociuhandu has joined #openstack-meeting00:19
*** jamesmcarthur has joined #openstack-meeting00:20
*** slaweq has joined #openstack-meeting00:21
*** jamesmcarthur has quit IRC00:26
*** ociuhandu has quit IRC00:26
*** armax has joined #openstack-meeting00:36
*** armax has quit IRC00:40
*** jamesmcarthur has joined #openstack-meeting00:58
*** jamesmcarthur has quit IRC01:17
*** ijw has quit IRC01:21
*** ijw has joined #openstack-meeting01:25
*** armax has joined #openstack-meeting01:28
*** ociuhandu has joined #openstack-meeting01:29
*** ijw has quit IRC01:30
*** ijw has joined #openstack-meeting01:30
*** ijw_ has joined #openstack-meeting01:33
*** armax has quit IRC01:33
*** ociuhandu has quit IRC01:34
*** ijw has quit IRC01:37
*** ociuhandu has joined #openstack-meeting01:59
*** slaweq has quit IRC02:02
*** ociuhandu has quit IRC02:03
*** ociuhandu has joined #openstack-meeting02:04
*** ociuhandu has quit IRC02:09
*** armax has joined #openstack-meeting02:14
*** armax has quit IRC02:20
*** yaawang has quit IRC02:24
*** yaawang has joined #openstack-meeting02:33
*** armax has joined #openstack-meeting02:51
*** ociuhandu has joined #openstack-meeting02:51
*** ociuhandu has quit IRC02:53
*** ociuhandu has joined #openstack-meeting02:55
*** armax has quit IRC02:56
*** armax has joined #openstack-meeting02:58
*** ociuhandu has quit IRC03:03
*** armax has quit IRC03:05
*** apetrich has quit IRC03:08
*** ricolin has joined #openstack-meeting03:47
*** davee_ has joined #openstack-meeting04:03
*** ociuhandu has joined #openstack-meeting04:03
*** davee___ has quit IRC04:04
*** ociuhandu has quit IRC04:08
*** baojg has quit IRC04:16
*** baojg has joined #openstack-meeting04:17
*** Lucas_Gray has joined #openstack-meeting04:17
*** e0ne has joined #openstack-meeting04:46
*** Lucas_Gray has quit IRC05:08
*** vishalmanchanda has joined #openstack-meeting05:14
*** lbragstad_ has joined #openstack-meeting05:21
*** lbragstad has quit IRC05:24
*** ociuhandu has joined #openstack-meeting05:30
*** ociuhandu has quit IRC05:36
*** links has joined #openstack-meeting05:39
*** jamesmcarthur has joined #openstack-meeting05:46
*** jamesmcarthur has quit IRC05:50
*** ijw has joined #openstack-meeting05:56
*** ijw_ has quit IRC05:59
*** Luzi has joined #openstack-meeting06:06
*** e0ne has quit IRC06:32
*** pcaruana has joined #openstack-meeting06:32
*** e0ne has joined #openstack-meeting06:32
*** e0ne has quit IRC06:50
*** ralonsoh has joined #openstack-meeting06:51
*** belmoreira has joined #openstack-meeting06:53
*** ircuser-1 has quit IRC06:55
*** belmoreira has quit IRC06:56
*** ociuhandu has joined #openstack-meeting07:01
*** ociuhandu has quit IRC07:05
*** slaweq has joined #openstack-meeting07:08
*** slaweq has quit IRC07:37
*** slaweq has joined #openstack-meeting07:40
*** ijw_ has joined #openstack-meeting07:45
*** ijw has quit IRC07:47
*** apetrich has joined #openstack-meeting07:52
*** tesseract has joined #openstack-meeting08:14
*** ijw_ has quit IRC08:24
*** tssurya has joined #openstack-meeting08:31
*** rpittau|afk is now known as rpittau08:31
*** rsimai has joined #openstack-meeting08:43
*** ttx has quit IRC08:50
*** ttx has joined #openstack-meeting08:50
*** ociuhandu has joined #openstack-meeting08:55
*** ociuhandu has quit IRC08:56
*** ociuhandu has joined #openstack-meeting08:57
*** trident has quit IRC09:07
*** trident has joined #openstack-meeting09:09
*** e0ne has joined #openstack-meeting09:10
*** yaawang has quit IRC09:53
*** ociuhandu has quit IRC10:04
*** yaawang has joined #openstack-meeting10:12
*** lpetrut has joined #openstack-meeting10:13
*** ociuhandu has joined #openstack-meeting10:28
*** ralonsoh has quit IRC11:01
*** ralonsoh has joined #openstack-meeting11:03
*** ociuhandu has quit IRC11:16
*** ociuhandu has joined #openstack-meeting11:17
*** ociuhandu has quit IRC11:26
*** ociuhandu has joined #openstack-meeting11:26
*** tssurya has quit IRC11:29
*** Lucas_Gray has joined #openstack-meeting11:43
*** ociuhandu has quit IRC11:43
*** ociuhandu has joined #openstack-meeting11:45
*** raildo has joined #openstack-meeting11:46
*** ociuhandu has quit IRC11:50
*** rfolco has joined #openstack-meeting12:09
*** ociuhandu has joined #openstack-meeting12:24
*** ociuhandu has quit IRC12:29
*** rh-jelabarre has joined #openstack-meeting12:59
Luzi#startmeeting image_encryption13:00
openstackMeeting started Mon Dec  2 13:00:32 2019 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.13:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.13:00
*** openstack changes topic to " (Meeting topic: image_encryption)"13:00
openstackThe meeting name has been set to 'image_encryption'13:00
Luzi#topic Roll Call13:00
*** openstack changes topic to "Roll Call (Meeting topic: image_encryption)"13:00
fungiwelcome back, Luzi!13:00
Luzihi and thank you fungi13:00
redroboto/13:01
*** mhen has joined #openstack-meeting13:01
mheno/13:02
Luzilets wait a few more minutes for other people13:02
Luziit seems no one else wants to show up13:05
Luzi#topic Barbican Consumer API Update13:05
*** openstack changes topic to "Barbican Consumer API Update (Meeting topic: image_encryption)"13:05
Luziredrobot, are there news from the Barbican side?13:05
redrobotMornin'  ... no news on our end that I can think of.13:06
Luziokay thank you :)13:06
Luzi#topic Image Encryption Specs13:07
*** openstack changes topic to "Image Encryption Specs (Meeting topic: image_encryption)"13:07
Luzii started updating the glance spec according to the conclusions from the ptg13:08
*** rh-jelabarre has quit IRC13:08
*** rh-jelabarre has joined #openstack-meeting13:08
fungilast week it came up that the nova team wants to hold off implementing local image encryption support until they have working luks support for ephemeral disks13:11
fungii was curious to understand the reasons behind that, so followed up with some nova reviewers in #openstack-nova on it13:11
fungithis is because nova's local storage for instances uses the ephemeral disk mechanism to boot the image, and to be able to boot an encrypted image natively qemu only supports luks, not the pgp encryption previously implemented for nova's ephemeral disks13:11
fungiso without that prerequisite, images would end up decrypted onto the host's filesystem, eliminating the benefit of encrypting them elsewhere13:12
*** efried_pto is now known as efried13:13
fungigiven their objection, i agree focusing on the boot-from-volume case is reasonable for now, because nova can hand off luks-encrypted cinder volumes to qemu just fine13:13
mhenfungi, I believe this only applies when you use 'use_cow_images' flag in Nova config13:14
*** jamesmcarthur has joined #openstack-meeting13:15
Luzii think its difficult because we are talking about images and mean images at different stages or so (hard to say in english without knowing a proper word))13:15
fungihowever, lacking copy-on-write support means a substantial amount of additional disk used on the host, so i can see why they wouldn't want to give up cow13:16
Luzifungi, as far as i know from mdbooth that still would be a problem even with LUKS encrypted ephemeral storage, because libvirt/nova is not able to write on encrypted cow13:17
Luzibut yes it is the same outcoming. We will postpone the nova implementation and thus abandon the spec.13:18
fungioh, got it. so no cow at all for encrypted local storage instances, needs luks support for ephemeral disk mechanism to support booting them without decrypting13:19
fungii get what you mean about stages/phases. i think the nova team wants to be able to avoid exposing images unencrypted on the host first because that's the most precarious/dangerous place for sensitive data (what with hypervisor breakout bugs and the like)13:19
Luzifungi, yes. That's a valid reason from the nova side.13:20
fungiso they're more worried about leaking image content on the hypervisor host than elsewhere in the chain13:20
Luziit would just make no sense to protect the image everywhere and then have it plain on the compute host13:22
fungiyes13:24
Luzido we need another to reshape the scope of the pop-up-team or should we just wait and hope nova would implement ephemeral storage encryption :D13:24
fungithat's an open question, i don't have the answer unfortunately13:25
fungii suspect getting the boot-from-volume case solved first might at least increase interest from others in working on the missing pieces to do the same in nova local storage13:25
Luzifungi, you are right - i think we can leave it as it is right now - it is only mentioned in the disband criteria13:27
Luzi#topic Open Discussion13:28
*** openstack changes topic to "Open Discussion (Meeting topic: image_encryption)"13:28
Luziare there any other topics you would like to discuss?13:28
fungii don't have any13:29
*** ociuhandu has joined #openstack-meeting13:30
Luzithank you all for joining this meeting today :)13:30
Luzi#endmeeting image_encryption13:30
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"13:30
openstackMeeting ended Mon Dec  2 13:30:44 2019 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)13:30
openstackMinutes:        http://eavesdrop.openstack.org/meetings/image_encryption/2019/image_encryption.2019-12-02-13.00.html13:30
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/image_encryption/2019/image_encryption.2019-12-02-13.00.txt13:30
openstackLog:            http://eavesdrop.openstack.org/meetings/image_encryption/2019/image_encryption.2019-12-02-13.00.log.html13:30
fungithanks for chairing, Luzi!13:30
*** jamesmcarthur has quit IRC13:35
*** ociuhandu has quit IRC13:55
*** ociuhandu has joined #openstack-meeting13:55
*** jroll has quit IRC13:57
*** jroll has joined #openstack-meeting13:59
*** vishalmanchanda has quit IRC14:10
*** ociuhandu has quit IRC14:10
*** jamesmcarthur has joined #openstack-meeting14:17
*** haleyb|away is now known as haleyb14:17
*** ociuhandu has joined #openstack-meeting14:22
*** lbragstad_ is now known as lbragstad14:22
*** eharney has joined #openstack-meeting14:23
*** zaneb has joined #openstack-meeting14:32
*** munimeha1 has joined #openstack-meeting14:35
*** mriedem has joined #openstack-meeting14:48
*** jamesmcarthur has quit IRC14:49
*** jamesmcarthur has joined #openstack-meeting15:03
*** ociuhandu has quit IRC15:14
*** ociuhandu has joined #openstack-meeting15:15
*** links has quit IRC15:18
*** ociuhandu has quit IRC15:21
*** ociuhandu has joined #openstack-meeting15:32
*** artom has joined #openstack-meeting15:37
*** Luzi has quit IRC15:38
*** ociuhandu has quit IRC15:38
*** ociuhandu has joined #openstack-meeting15:39
*** diablo_rojo has joined #openstack-meeting15:43
*** diablo_rojo has quit IRC15:44
*** diablo_rojo has joined #openstack-meeting15:44
*** ociuhandu has quit IRC15:44
*** ociuhandu has joined #openstack-meeting15:48
*** Lucas_Gray has quit IRC15:48
*** Lucas_Gray has joined #openstack-meeting15:53
*** Lucas_Gray has quit IRC15:54
*** macz has joined #openstack-meeting15:58
*** eharney has quit IRC15:59
*** dtrainor has quit IRC16:00
*** ociuhandu has quit IRC16:01
*** armax has joined #openstack-meeting16:05
*** dtrainor has joined #openstack-meeting16:10
*** ociuhandu has joined #openstack-meeting16:15
*** ociuhandu has quit IRC16:19
*** Lucas_Gray has joined #openstack-meeting16:20
*** heikkine has joined #openstack-meeting16:23
*** jamesmcarthur has quit IRC16:24
*** jamesmcarthur has joined #openstack-meeting16:26
*** gyee has joined #openstack-meeting16:29
*** lbragsta_ has joined #openstack-meeting16:36
*** gyee has quit IRC16:36
*** rpittau is now known as rpittau|afk16:38
*** gyee has joined #openstack-meeting16:51
*** trident has quit IRC16:51
*** trident has joined #openstack-meeting16:53
*** eharney has joined #openstack-meeting16:57
*** Lucas_Gray has quit IRC17:09
*** Lucas_Gray has joined #openstack-meeting17:13
*** ijw has joined #openstack-meeting17:15
*** SWDevAngel has joined #openstack-meeting17:18
*** Lucas_Gray has quit IRC17:23
*** macz has quit IRC17:32
*** e0ne has quit IRC17:36
*** lbragsta_ has quit IRC17:44
*** dmacpher has quit IRC17:49
*** dmacpher has joined #openstack-meeting17:49
*** macz has joined #openstack-meeting17:52
*** ijw has quit IRC18:17
*** vishalmanchanda has joined #openstack-meeting18:18
*** ricolin has quit IRC18:22
*** macz has quit IRC18:23
*** macz has joined #openstack-meeting18:27
*** macz has quit IRC18:27
*** macz has joined #openstack-meeting18:28
*** igordc has joined #openstack-meeting18:45
*** lpetrut has quit IRC19:00
*** macz has quit IRC19:01
*** ijw has joined #openstack-meeting19:05
*** e0ne has joined #openstack-meeting19:14
*** e0ne has quit IRC19:19
*** jamesmcarthur has quit IRC19:19
*** macz has joined #openstack-meeting19:33
*** tesseract has quit IRC19:49
*** zbitter has joined #openstack-meeting19:53
*** donnyd_ has joined #openstack-meeting19:54
*** persia_ has joined #openstack-meeting19:56
*** tinwood_ has joined #openstack-meeting19:56
*** mugsie_ has joined #openstack-meeting19:56
*** ijw_ has joined #openstack-meeting19:57
*** macz has quit IRC20:02
*** ijw has quit IRC20:02
*** zaneb has quit IRC20:02
*** ralonsoh has quit IRC20:02
*** rsimai has quit IRC20:02
*** pcaruana has quit IRC20:02
*** brault has quit IRC20:02
*** Roamer` has quit IRC20:02
*** gibi has quit IRC20:02
*** tinwood has quit IRC20:02
*** persia has quit IRC20:02
*** mugsie has quit IRC20:02
*** johanssone has quit IRC20:02
*** donnyd has quit IRC20:02
*** clarkb has quit IRC20:02
*** cmurphy has quit IRC20:02
*** donnyd_ is now known as donnyd20:02
*** zbitter is now known as zaneb20:02
*** johanssone has joined #openstack-meeting20:03
*** clarkb has joined #openstack-meeting20:03
*** ralonsoh has joined #openstack-meeting20:04
*** cmurphy has joined #openstack-meeting20:05
*** pcaruana has joined #openstack-meeting20:05
*** gyee has quit IRC20:09
*** diablo_rojo has quit IRC20:14
*** munimeha1 has quit IRC20:20
*** ralonsoh has quit IRC20:20
*** macz has joined #openstack-meeting20:31
*** SWDevAngel has quit IRC20:36
*** gyee has joined #openstack-meeting20:36
*** ayoung has joined #openstack-meeting20:55
*** raildo has quit IRC21:01
*** eharney has quit IRC21:06
*** mattw4 has joined #openstack-meeting21:13
*** diablo_rojo has joined #openstack-meeting21:17
*** slaweq has quit IRC21:48
*** ykatabam has joined #openstack-meeting21:54
*** rcernin has joined #openstack-meeting21:57
*** mugsie_ is now known as mugsie21:59
*** rcernin has quit IRC21:59
*** slaweq has joined #openstack-meeting22:08
*** pcaruana has quit IRC22:11
*** slaweq has quit IRC22:13
*** eharney has joined #openstack-meeting22:13
*** vishalmanchanda has quit IRC22:21
*** rh-jelabarre has quit IRC22:44
*** rcernin has joined #openstack-meeting22:57
*** Adri2000 has quit IRC23:12
*** diablo_rojo has quit IRC23:40
*** diablo_rojo has joined #openstack-meeting23:42
*** diablo_rojo has quit IRC23:47
*** mriedem has quit IRC23:54
« Sunday, 2019-12-01 Index Tuesday, 2019-12-03 »

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!