#openstack-meeting log

16:03:25 <DuncanT-> #startmeeting Cinder
16:03:26 <openstack> Meeting started Wed Jul 30 16:03:25 2014 UTC and is due to finish in 60 minutes.  The chair is DuncanT-. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:03:27 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:03:29 <jgriffith> sweet
16:03:30 <openstack> The meeting name has been set to 'cinder'
16:03:33 <jgriffith> hope
16:03:56 <rushiagr> o/
16:04:03 <DuncanT-> #topic cinder client
16:04:27 <jgriffith> subject says it all :)
16:04:34 <jungleboyj> Hey guys, sorry I am late.
16:04:42 * jungleboyj is getting beaten up today.
16:05:34 <jgriffith> anybody have anything on cinderclient?
16:05:35 <DuncanT-> jungleboyj: Try importing _, that'll get you beaten up less ;-)
16:05:49 <jungleboyj> DuncanT-: :-p
16:06:12 <asselin> hi
16:06:15 <DuncanT-> jgriffith: Just looking at the open reviews... Quite a few there
16:06:16 <jgriffith> I'm just asking folks to take a look today at things that want in the tag
16:06:33 <xyang1> I have a patch in cinderclient.  what do I need to do?
16:06:34 <jungleboyj> jgriffith: I have something for Cinderclient.
16:06:39 <DuncanT-> https://review.openstack.org/#/c/104056/ I'd quite like, will review now, it already has one +2
16:07:46 <jungleboyj> I would like https://review.openstack.org/107512 and https://review.openstack.org/107153 to get in if possible.
16:08:18 <bswartz> hey sorry I'm late
16:08:40 <jgriffith> jungleboyj: DuncanT- none of those look awful
16:08:43 <DuncanT-> https://review.openstack.org/#/c/107153/ I don't want to see land. I *like* seeing the token in debug mode, it is really handy
16:08:57 <jgriffith> the token one is the only one I question
16:09:00 <xyang1> I have this in cinderclient: https://review.openstack.org/#/c/104743/, but it depends on https://review.openstack.org/#/c/104732/
16:09:01 <jgriffith> ha!
16:09:03 <winston-d_> DuncanT-: +1000!
16:09:06 <jgriffith> lag lag lag
16:09:23 <jgriffith> IMO debug output isn't designed to be "easy" to read :)
16:09:27 <DuncanT-> xyang1: We don't land client changes until the server changes are in
16:09:34 <jgriffith> not sure I get the security concern... jungleboyj
16:09:36 <jgriffith> ?
16:09:42 <navneet> xyang1: blocked by jgriffith till your server code lands
16:09:49 <xyang1> DuncanT-: yes, that makes sense
16:10:03 <jgriffith> yeah... please mark client changes that depend on server side changes as WIP
16:10:06 <xyang1> navneet: sure, I see that
16:10:09 <jungleboyj> Was raised internally here.  Shouldn't have passwords coming back in debug or the tokens from keystone.
16:10:11 <jgriffith> that should just be standard practice
16:10:19 <jungleboyj> Nova has already made that change.
16:10:20 <jgriffith> jungleboyj: it's not a password
16:10:31 <DuncanT-> jungleboyj: Why not?
16:10:31 <winston-d_> jungleboyj: token should be fine
16:10:35 <jgriffith> jungleboyj: it's a token which expires, and it's "your" token
16:10:43 <xyang1> jgriffith: can you remove your WIP so I can mark it?  thanks
16:10:55 <jgriffith> xyang1: sure... also we can both mark it :)
16:11:17 <hemna> yo
16:11:28 <winston-d_> jungleboyj: see the comment for similar change: https://review.openstack.org/#/c/109808/
16:11:29 <jgriffith> I think we'll pass on the token one.... at least for today and circle back after this tag
16:11:30 <xyang1> jgriffith: having your WIP looks like you want to block the server side change as well:).  that's why I prefer you remove it
16:11:34 <jungleboyj> It also make the debug output a lot easier to read jgriffith
16:11:50 <jgriffith> xyang1: well... maybe I do :)
16:11:52 <jgriffith> just kidding
16:12:26 <xyang1> jgriffith: that's exactly what I'm trying to figure out:)
16:12:32 <DuncanT-> jungleboyj: I use the curl in the debug info all the time, loosing it would be really, really incovenient
16:12:34 <xyang1> jgriffith: I marked it as WIP now
16:12:39 <hemna> I'm with DuncanT-, I like seeing the keystone token in the debug output
16:12:43 <winston-d_> jungleboyj: masking passwd is OK, but token is debug mode really is useful for me.
16:12:52 <jgriffith> xyang1: saw that.. tahkns
16:13:10 <rushiagr> easier to read +1, but if some people prefer seeing the token, I won't go for removing it. Maybe something like <first 10 chars of token>[TOKEN TRUNCATED]<last 10 chars of token> works ? :)
16:13:32 <xyang1> jgriffith: thanks
16:13:34 <DuncanT-> rushiagr: Then there's no point having the token in there at all
16:13:34 <navneet> winston-d_: can someone not use keys and certificate to figure out some info?
16:13:48 <hemna> rushiagr, but if you actually use the token outside for curl calls, then truncating it makes it useless.
16:13:52 <jungleboyj> DuncanT-: Ok, so, the main complain internally was with regards to the password being displayed and the fact that it can be put in a log file and reused.
16:13:55 <navneet> just guessing security cocerns
16:14:07 <rushiagr> DuncanT-: oh, I see
16:14:11 <DuncanT-> jungleboyj: Why are you keeping client log files like that?
16:14:20 <jungleboyj> DuncanT-: winston-d_ If I scope it down to that are you ok and if the token comes back around again we areaddress.
16:14:31 <jgriffith> Ok... I don't want to spend 20 minutes on this if we can avoid it :(
16:14:42 * hemna zips it.
16:14:42 <jungleboyj> DuncanT-: I am not, but our consumers are worried about a security issue.
16:14:44 <DuncanT-> jungleboyj:  Removing the password is ok I guess...
16:14:46 <jgriffith> I think there are valid justifications for leaving it as is
16:14:47 <rushiagr> I thought someone just 'sees' it for confirmation or something. Anyways, lets move on
16:14:51 <jgriffith> at least for this week
16:15:04 <jgriffith> and making debug output "easier" to read is nice
16:15:06 <jgriffith> but...
16:15:08 <winston-d_> jungleboyj: +1 for masking passwd, please leave token alone.
16:15:09 <guitarzan> dang, I I shouldn't have missed this
16:15:20 <jungleboyj> jgriffith: ^^ You ok with that?
16:15:21 <guitarzan> +2 for leaving token alone
16:15:24 <jgriffith> jungleboyj: you could always add a debug level
16:15:44 <jgriffith> jungleboyj: sorry... ok with what?
16:15:51 <jgriffith> masking passwd but leaving token alone?
16:15:57 <jungleboyj> jgriffith: Yes
16:15:59 <jgriffith> ^^ for sure
16:16:04 <hemna> +1
16:16:15 <jgriffith> although I myself have needed that in debug output :(
16:16:27 <jungleboyj> jgriffith: Ok, I will redo the patch and scope it that way.
16:16:34 <jgriffith> ie my creds were jacked up and I didn't know it until I ran with debug... but whatevs
16:17:02 <jgriffith> again, I think there are plenty of "real" fixes and additions that should take priority for the next push to pypi (tomorrow)
16:17:10 <jgriffith> this certainly isn't on my list right now
16:17:26 <jgriffith> we'll push another releas I promise :)
16:17:27 <jungleboyj> jgriffith: When will the next push be after that?
16:17:41 <jgriffith> jungleboyj: when I feel like it ;)
16:17:46 <jgriffith> jungleboyj: probably next milestone
16:17:52 <DuncanT-> Shall we say get fixes reviewed and in before midnight jgriffith's time or they miss the cut?
16:17:54 <jungleboyj> jgriffith: Ok.  Fair enough.
16:17:58 <rushiagr> +1. I see a majority for non-removal of tokens, for now
16:18:05 <jgriffith> DuncanT-: that's what I'm sayin :)
16:18:28 <DuncanT-> Shout on the channel if you want something specific reviewed
16:18:34 <jgriffith> Ok... this see if we can move to the second of the 7 topics
16:18:41 <jgriffith> if you do the math we're going to have a problem :)
16:18:48 <DuncanT-> #topic Inheritance model change
16:18:56 <jgriffith> 18 minutes per topic * 7 = screwed
16:19:03 <navneet> Lol
16:19:11 <jgriffith> So thanks for folks that started looking at these
16:19:11 <DuncanT-> jgriffith: Get on with it then
16:19:27 <jgriffith> I've spun these around a number of times now based on input etc
16:19:30 <hemna> jgriffith, so did you see my review comments last night
16:19:34 <hemna> wrt the db object?
16:19:40 <jgriffith> I did and responded in disagreeement
16:19:44 <hemna> ok
16:19:48 <hemna> haven't seen it yet...
16:19:49 <jgriffith> hemna: including the grep that shows where it's used in other places :)
16:20:03 <hemna> gah, ok.  I blame chrome's search.
16:20:05 <jgriffith> arguing over where people want it to live aside
16:20:15 <jgriffith> I'd really like to get this moving along if we could
16:20:30 <eharney> i've casually looked over the code a bit, it seems reasonable to me so far.  Will take a closer look
16:20:33 <jgriffith> it keeps falling out of date but most of all we need to make sure it gets good time in test
16:20:41 <jgriffith> eharney: thanks!
16:20:50 <thingee> jgriffith: perhaps it would help to set a goal of when we would like it in by. That would give enough time for it be tested in the gate, etc
16:20:51 <jgriffith> iser and iet are the big sticking points
16:21:03 <jgriffith> DuncanT-: I'll have to look at your concern about volume_group
16:21:20 <jgriffith> should work since it passed the gate which uses "stack-volumes" instead of def "cinder-volumes"
16:21:27 <jgriffith> but I may not follow exactly what you noticed
16:21:48 <jgriffith> thingee: yeah
16:21:50 <DuncanT-> jgriffith: Look at the sample conf change.... the option is no longer in the sample conf at all
16:21:50 <jgriffith> good idea
16:21:52 <hemna> any way we could pull the db object out of these classes?
16:21:57 <jgriffith> I'd like it in last week please ;)
16:22:11 <jgriffith> hemna: Why are you fighting this?
16:22:28 <thingee> how about we aim for friday?
16:22:29 <jgriffith> hemna: If there's a concern/issue I'm open
16:22:30 <hemna> Just thinking how we can get it back into brick.
16:22:32 <jgriffith> thingee: +1
16:22:41 <jgriffith> hemna: I dont' think it belongs in brick at all
16:23:07 <hemna> the target classes would be a good fit IMO
16:23:14 <thingee> DuncanT-: you mind setting that action? get this patch in by friday https://review.openstack.org/#/c/105923/
16:23:23 <jgriffith> as I said yesterday... I can't see a case where another project in OpenStack is attaching Targets to Volumes
16:23:33 <DuncanT-> #action get this patch in by friday https://review.openstack.org/#/c/105923
16:23:47 <hemna> ok cool.  I'll move on.  Just wanted to float the idea.
16:24:07 <thingee> next item?
16:24:14 <DuncanT-> #topic CGs
16:24:27 <xyang1> jgriffith: can we set a date for this one as well:)?  https://review.openstack.org/#/c/104732/
16:25:29 <jgriffith> xyang1: we should have a cut off probably
16:25:34 <hemna> xyang1, so what's holding it up now?   just need more reviews ?
16:25:41 <xyang1> I had some discussion with naveet on the CG patch.  just want to bring it up here so that we are on the same page
16:25:44 <jgriffith> xyang1: I'm a bit unconvinced of a few things
16:25:57 <xyang1> jgriffith: go ahead
16:26:12 <jgriffith> well... I fear we're going down the wrong path with some of these features
16:26:22 <navneet> xyang1: I saw the spec and so my comments are late for discussion
16:26:22 <jgriffith> especially after asking for input from folks on the operators ML
16:27:10 <jgriffith> http://lists.openstack.org/pipermail/openstack-operators/2014-July/004789.html
16:27:21 <navneet> xyang1: but would be good if some core guy looked at them as well
16:27:39 <jgriffith> anyway....
16:27:48 <jgriffith> Just needs reviewers
16:27:56 <jgriffith> and testers more importantly
16:28:39 <winston-d_> the scheduler part of CG patch looks fine now after two iterations
16:28:43 <DuncanT-> I've been looking at it, it feels like an ugly change with a hard to use interface, but I also can't come up with any better suggestions :-( Has anybody else tried to develop a working driver for it? I don't know much about backend interfaces for this sort of thing
16:28:46 <xyang1> jgriffith: I'll have to read the email thread.  can you give a quick summary here?  you are saying users don't want replication and cg?
16:28:49 <jgriffith> I'm unconvinced that for CG or for Replciation that the whole API tarck and cross backend approach is worth while
16:29:00 <Arkady_Kanevsky> do we want to expose a new create call which creates all volumes in CG?
16:29:27 <navneet> jgriffith: +1...I feel same too
16:29:29 <DuncanT-> Arkady_Kanevsky: Bulk operations are hard
16:29:41 <DuncanT-> Arkady_Kanevsky: From a rollback PoV
16:29:59 <navneet> jgriffith: do you think cg implements that currently?
16:30:11 <navneet> cross backend approach
16:30:18 <Arkady_Kanevsky> It is hard to ensure that volumes creates in CG are on the back end tha tcan take CG snapshot. Thus offloading it to backend (driver) will be almost impossible)
16:30:41 <xyang1> jgriffith, DuncanT-: so now you don't think any of these features should land at all
16:31:05 <DuncanT-> xyang1: I think it should land, personally, I can see the use
16:31:22 <DuncanT-> xyang1: I'm asking if anybody has tried to write a driver for your design yet?
16:31:50 <xyang1> DuncanT-: I see blueprints on ceph and IBM driver already
16:31:52 <navneet> xyang1: not us...but it should not be difficult as per driver api
16:32:01 <thingee> DuncanT-: I think it would be good for new features like this to have a supporting driver. much like what jgriffith was doing with the new connector work + LVM
16:32:03 <hemna> Arkady_Kanevsky, the backends can do snapshots today, I'm not sure how CG complicates it that much, other that coordinating the snapshots for the backends in the CG.
16:32:03 <xyang1> DuncanT-: we are also looking at it internally
16:32:14 <DuncanT-> xyang1: I'll look at those blueprints, thanks
16:32:32 <thingee> DuncanT-: it'll expose issues in your design of actually trying to use it
16:32:42 <DuncanT-> xyang1: I'm not saying don't merge, I'm saying 'get feedback from the people writing the drivers'
16:32:45 <xyang1> thingee: I have a lvm implementation.  It is just that the quiesce call needs to wait
16:32:59 <Arkady_Kanevsky> OK. I iwll comment in review
16:33:04 <thingee> xyang1: got a link?
16:33:21 <xyang1> thingee: https://review.openstack.org/#/c/104732/
16:33:25 <thingee> thanks
16:33:35 <DuncanT-> thingee: I have a (hacky) dm module that I'm trying to code up the driver support for.... it is feeling clunky, but it might just be me
16:34:07 <thingee> xyang1: oh I see. I missed that was in the initial patch
16:34:42 <thingee> so we have a couple of people unsure of the approach.
16:34:48 <xyang1> DuncanT-: https://blueprints.launchpad.net/cinder/+spec/consistency-groups,  you can see the dependency blueprints for other drivers here
16:35:15 <thingee> xyang1: how do you feel about the approach with the feedback you have?
16:35:30 <xyang1> thingee: which one?  from naveet?
16:35:38 <thingee> xyang1: jgriffith and DuncanT-
16:35:42 <thingee> I'm unsure of navneet
16:35:45 <thingee> 's feedback
16:36:19 <navneet> thingee: on the review page if you want to have a look
16:36:24 <xyang1> jgriffith, DuncanT-: I'm not sure what your feedback is.  what is the alternative?
16:36:33 <DuncanT-> I'm only having issues at the detail level, not the whole approach, and it might be me.... short on time to spend on it, hense the lack of negative reviews
16:37:07 <navneet> DuncanT-: bigger question is if the community is ok wih the design and approach?
16:37:24 <jungleboyj> 23 minute warning
16:37:38 <DuncanT-> navneet: Are you ok with it?
16:37:43 <xyang1> thingee: jgriffit1 seems to have concerns not just for cg, bug also volume replication
16:37:50 <xyang1> but
16:37:59 <thingee> ok, lets move on, but it looks like the overall feedback from people paying attention the design doesn't seem positive. and jgriffit1 you mentioned the operators list being unsure of the usage of it.
16:38:01 <DuncanT-> navneet: There's no point being 'not ok' without details
16:38:11 <navneet> DuncanT-: not sure...it does not seem like a general approach
16:38:19 <DuncanT-> I'll read the operator's mailing list thread
16:38:26 <navneet> DuncanT-: details on the review page
16:38:31 <xyang1> thingee: the spec was thoroughly reviewed and approved
16:38:33 <hemna> I'm reading through the thread now
16:38:33 <DuncanT-> navneet: I'll read your review
16:38:33 <thingee> DuncanT-: from navneet's comments it doesn't appear so. Honestly I haven't really taken a look at it myself to really weigh in.
16:38:53 <thingee> xyang1: lets take this offline after the replication walk through meeting
16:38:59 <DuncanT-> #action Duncan to read all the current feedback and summarise by tomorrow
16:39:04 <thingee> I want to understand why people changed their mind from the approved spec.
16:39:18 <xyang1> thingee: ok, thanks
16:39:20 <thingee> DuncanT-: I think interested parties should all do that :)
16:39:25 <thingee> next topic?
16:39:27 <navneet> thingee: yeah thats not good...sorry I did not read the spec
16:39:30 <winston-d_> xyang1's patch and approach looks OK to me.  I've also read operator thread, couldn't come up with better idea so far.
16:39:43 <DuncanT-> #topic Hitachi driver
16:39:49 <saguchi> hi
16:40:04 <saguchi> I'm code submitter of hitachi driver
16:40:14 <winston-d_> saguchi: hi
16:40:15 <hemna> howdy saguchi
16:40:23 <saguchi> Nice to meeting you.
16:40:35 <joa> hey
16:40:35 <saguchi> I would like you to review my driver. I've updated it in accordance with hemna's comment.
16:40:44 <hemna> thanks for adding the test results.   I haven't looked at them yet today
16:40:46 <xyang1> winston-d_: thanks for all your reviews!
16:41:10 <thingee> saguchi: thanks for the submission. we got about 8 drivers submitted that want the same thing. it looks like you're targeted for juno though
16:41:31 <thingee> saguchi: was there anything else you wanted to mention?
16:41:36 <saguchi> and want to know if there are any requirement or not.   Will my driver be merged by just passing reiview.
16:41:46 <DuncanT-> I've just spotted a minor rootwrap filter issue
16:41:52 <hemna> thingee, the cert results were missing, and they are up on the review now.
16:42:00 <DuncanT-> saguchi: Passing review merges it
16:42:11 <DuncanT-> saguchi: Have you got a CI setup ready to go?
16:42:13 <saguchi> DuncanT-: understood
16:42:32 <jgriffit1> astrawman alternatives https://review.openstack.org/#/c/109774/
16:42:32 <saguchi> As for CI, I'm working on this with steven.
16:42:57 <hemna> saguchi, awesome
16:42:58 <saguchi> I think you've talked with steven about Hitachi CI by email.
16:43:16 <DuncanT-> saguchi: Yes, I've got him on my list, thanks
16:44:02 <saguchi> DuncanT-: Please put your review comment about rootwrap. And I wil update based on it.
16:44:10 <hemna> jgriffit1, so that's solid fire to solid fire replication yes?
16:44:16 <jgriffith> hemna: yes
16:44:17 <atan8> Hi Duncan, on the call with Steve S. He's waiting for Service account approval
16:44:25 <thingee> ok, thanks saguchi and apologies on the review taking time. We're low on reviewers, and it's definitely appreciated if you help with reviews on other approved blue prints to help us get to drivers. next topic?
16:44:26 <jgriffith> sorry... I have interenet again, not sure how long it will last
16:44:28 <DuncanT-> saguchi: Done
16:44:35 <atan8> Set up for CI is in progress.
16:44:57 <joa> CI nightmare :(
16:44:58 <DuncanT-> #topic replication
16:44:58 <hemna> saguchi, I'll look at your driver again today.
16:45:05 <ronenkat> Hi
16:45:09 <thingee> we have a walk through today with ronenkat
16:45:20 <ronenkat> Replication for driver owner at the top of the hour, everyone is invited.... details on the Cinder meeting page...
16:45:32 <hemna> jgriffit1, so we could do basically the same thing with our drivers.   we could do 3par -> 3par replication with just driver changes
16:45:45 <jgriffith> hemna: that's sort of my point
16:46:03 <jgriffith> hemna: yeah
16:46:04 <ronenkat> (Thats all from my side)
16:46:04 <hemna> do operators want to replicate from a solidfire to a 3par ?
16:46:22 <hemna> or maybe lvm -> solidfire ?
16:46:25 <jgriffith> hemna: people would probably love it if it was "good"
16:46:38 <jgriffith> hemna: they don't want it if it's crap (ie dd over wire)
16:46:42 <hemna> yah
16:47:05 <hemna> that's pretty much what I thought as well.
16:47:05 <DuncanT-> I think that is a massive undertaking, and would need developing and testing out-of-tree for a good long time
16:47:19 <jgriffith> DuncanT-: +1
16:47:36 <jgriffith> But really that's a real "value add" from Cinder
16:47:43 <jgriffith> wrapping vendor calls is... meh
16:47:51 <DuncanT-> I'd love to work on it.
16:48:00 <DuncanT-> Not sure if my management would approve
16:48:06 <thingee> I would think we would also want to see two supporting drivers, separate vendors really showing this working.
16:48:14 <hemna> yah I think it would be pretty amazing if it worked well
16:48:15 <jgriffith> action... DuncanT- implements cross platform rep this week-end :)
16:48:33 <joa> that's what I'd call speed :p
16:48:34 <DuncanT-> Looking at core value add ideas might be a good chat for the meetup?
16:48:40 <thingee> jgriffith: not enough whiskey in the world to help DuncanT- with that.
16:48:45 <hemna> DuncanT-, +1
16:48:50 <jgriffith> thingee: LOL
16:48:52 <jgriffith> DuncanT-: +1
16:49:05 <thingee> thingee: +1
16:49:10 <DuncanT-> Damn it, now I'm busy thinking about how it could work! You're all bad people!
16:49:19 <jgriffith> I just wanted to throw out that sometimes devs implement things that make no sense to end users
16:49:21 <hemna> :)
16:49:26 <jgriffith> I'd like to be better about that
16:49:38 <jgriffith> by users I mean OS Operators
16:49:42 <DuncanT-> So, what do we do about the existing replication patch?
16:49:49 <jgriffith> we're lucky to have DuncanT- and thingee representing some of that community here
16:50:08 <jgriffith> DuncanT-: I dunno... I'm not proposing anything necessarily
16:50:14 <ronenkat> DuncanT-: reviews would be nice...:-)
16:50:26 <jgriffith> DuncanT-: I just wanted to have everybody think about the long term implications
16:50:34 <jgriffith> and what we're delivering vs what people need/want
16:50:53 <DuncanT-> ronenkat: I'm in the 'I don't underatnd this enough to review it' camp.... maybe your call will help
16:51:13 <jgriffith> also I've said before complex features for the sake of complex vedors or exposing one feature in a specific vendors product don't seem worthwhile
16:51:20 <navneet> thingee 's session about what is Cinder may again be required for new guys
16:51:51 <ronenkat> jgriffith: DRBD will help with cross vendor replication
16:51:59 <jgriffith> anyway... I'm also a fan of start small and grow
16:52:02 <DuncanT-> #topic SecureNFS
16:52:07 <joa> jgriffith: I think no one with common sense would see the benefit for cinder of a vendor-specific feature.
16:52:16 <thingee> bswartz: ^
16:52:19 <jgriffith> ronenkat: ummm... dunno about that
16:52:28 <glenng> bswartz: Are you going to speak on this?
16:52:33 <jgriffith> joa: You'd be surprised ;)
16:52:45 <bswartz> okay so I'm virtual glenng today
16:52:46 <DuncanT-> bswartz????
16:52:50 <joa> jgriffith: maybe my definition of common-sense is a bit too narrow then :p
16:52:58 <jgriffith> joa: LOL
16:53:12 <bswartz> as many of you know we're changing the NFS drivers to create files as 0660 instead of 0666 to reduce the security risk
16:53:37 <bswartz> however a number of users will have a broken configuration on upgrade if they don't make changes to their NFS environment
16:54:00 <jgriffith> bswartz: that was my next question :)
16:54:13 <bswartz> so we're thinking that we will make the new driver config flag a REQUIRED option and forces users to select either the old or the new bahaviour
16:54:17 <hemna> bswartz, well everyone reads documentation right ?
16:54:35 <joa> *haem*
16:54:50 <jgriffith> bswartz: that might be reasonable
16:54:51 <bswartz> rather than simply defaulting to the old behaviour (which is less secure) or defaulting to the new behaviour (which will break people who don't read release notes)
16:55:02 <jungleboyj> hemna: What are you smoking?
16:55:03 <eharney> that seems almost as broken to me, upgrade path is still not smooth enough to just work...
16:55:05 <jgriffith> bswartz: is there a way to determine "if existing use x; else use y"
16:55:09 <hemna> jungleboyj, :P
16:55:31 <jungleboyj> hemna: Please share
16:55:34 <jgriffith> dynamic detection would be much better IMO
16:55:35 <bswartz> jgriffith: I would love it if we could detect whether it's a new install vs and upgrade
16:55:42 <glenng> jgriffith: Too many variables for automation. Plus, NFS Server side changes are required to be secure.
16:55:47 <bswartz> so far we haven't come up with a way that works more than 90% of the time
16:55:50 <jgriffith> bswartz: so what's Cinder actually managing here?  Nothing?
16:55:59 <hemna> jungleboyj, ask jgriffit1.  CO is where it's legal :P
16:56:03 <jgriffith> bswartz: Oh... 90%
16:56:13 <DuncanT-> bswartz: ls -l all the files, and if they are 600 use the new behaviour, otherwise spam the logs and fall back?
16:56:14 <jgriffith> That's better than I thought you were going to say :)
16:56:24 <bswartz> the idea is that it's more user friendly to force a choice than to pick a bad default
16:56:29 <jgriffith> bswartz: any thoughts on an upgrade helper script?
16:56:32 <eharney> i kinda like Duncan's idea there...
16:56:47 <jungleboyj> hemna: You had to go there, didn't you?  :-)
16:56:49 <hemna> eharney, +1  I'm with you on this one.
16:56:56 <jgriffith> DuncanT-: it's a descent first try IMO
16:56:56 <DuncanT-> Make that the config option 'auto' and make that the default?
16:57:06 <eharney> forcing a choice doesn't seem viable to me as it just breaks upgrades... i don't think we ever do that...
16:57:07 <bswartz> DuncanT-: that will screw up in the 10% case
16:57:10 <glenng> DuncanT: Think about multi Cinder nodes where some have volumes and some don't. Then you end up with mixed behavior.
16:57:11 <jgriffith> although I still wonder if we could provide a clever "upgrade" script
16:57:11 <jungleboyj> DuncanT-: That sounds reasonable.
16:57:14 <navneet> DuncanT-: what if the share has files not managed by cinder?
16:57:20 <DuncanT-> bswartz: What is the 10% case?
16:57:29 <bswartz> the problem is that the things that need to be changed are outside the control of cinder
16:57:36 <jgriffith> navneet: Cinder should know what it's managing shouldn't it? :)
16:57:43 <DuncanT-> navneet: Then you'll get the old behaviour and screaming in the logs... that is better than breakage
16:57:49 <bswartz> we're aware of a lot of scenarios where stuff only works because of the 0666 permissions
16:57:50 <jgriffith> and thus the flaw in the entire design IMO
16:57:55 <hemna> we should still default to the old behavior and config option to the new way.   then folks can upgrade cinder and not be broken.  when they read the release notes, they do what they need to and then bump the config option to use the new perms.
16:57:57 <navneet> jgriffith: cant gurantee for all nfs vendors..
16:58:04 <DuncanT-> navneet: You can set the config option to something other than auto and the screaming stops
16:58:08 <bswartz> DuncanT-: that would be multibackend upgrade scenarios where some backends think they're new installs
16:58:11 <jgriffith> navneet: got ya
16:58:13 <thingee> 2 minute warning!
16:58:30 <jgriffith> we could just drop NFS support if that's better?
16:58:39 <glenng> Now, now...
16:58:42 <hemna> right after we drop FC support.
16:58:42 * bswartz glares at jgriffith
16:58:49 <DuncanT-> I'm just going to inject my point here: Please see and review https://review.openstack.org/#/q/project:openstack/cinder+comment:code_cleanup_batching+-status:merged,n,z - it is cleanup merge week!
16:58:51 <jgriffith> bswartz: you can't reach me from there
16:59:27 <bswartz> so I'm hearing that adding a new required option with no default isn't an acceptable option?
16:59:36 <DuncanT-> bswartz: Having an 'auto' where you get the old, insecure behaviour (and log spamming) in 10% of cases is fine
16:59:41 <jgriffith> bswartz: I'm not sure
16:59:52 <jgriffith> bswartz: It's a better option than breaking everyone
16:59:58 <jgriffith> bswartz: but not as good as dynamic fix
17:00:07 <DuncanT-> bswartz: Anybody who really cares will see the logs and/or the docs and change the default
17:00:12 <bswartz> what about simply defaulting to the existing behavior?
17:00:19 <jgriffith> I don't think the question is whether to go that route or not, but if there's any possible way to do something better
17:00:24 <hemna> bswartz, that's what I suggested earlier.
17:00:29 <bswartz> that won't break anyone, but people who don't read the docs may have insecure systems
17:00:33 <eharney> bswartz: probably a good first step, really.
17:00:39 <jgriffith> bswartz: hemna the problem with that is we "never" fix the underlying issue that way
17:00:51 <jgriffith> people use defaults, despite what we'd like to tell ourselves
17:00:56 <navneet> hemna: for people who dont read docs we scream in logs
17:00:59 <jgriffith> upgrade or new install
17:01:04 * joa nods, agreeing with jgriffith
17:01:04 <eharney> so you have it yell into the logs for Juno and then have it break stuff in K
17:01:12 <DuncanT-> Auto guess that in a few cases goes with the old behaviour unnecessarily shoudl be fine...
17:01:14 <bswartz> jgriffith: do you know a way to reliably determine a new install?
17:01:16 <bswartz> that would solve all of this
17:01:27 <jgriffith> bswartz: wait.... isn't there info in Cinder DB regarding shares at all?
17:01:35 <bswartz> you mean volumes?
17:01:37 <hemna> well screaming in the log may help some folks
17:01:39 <jgriffith> bswartz: In other words... if DB empty, use new settings
17:01:41 <navneet> jgriffith: not permissions
17:01:43 <jgriffith> bswartz: else use old
17:01:47 <hemna> and for people that don't read and don't look at the logs....do we even care?
17:01:49 <jgriffith> navneet: no, not perms
17:01:50 <bswartz> jgriffith: can drivers simply read the DB like that?
17:01:54 <jgriffith> don't care aobut that
17:02:06 <bswartz> It might require a cinder core change
17:02:09 <jgriffith> bswartz: I'd make it part of *somethign* else
17:02:19 <bswartz> so the manager would have to tell the driver "this is a new install"
17:02:20 <DuncanT-> Time
17:02:21 <jgriffith> back to the helper script idea
17:02:23 <navneet> jgriffith: driver reading DB is not secure somebody told me...not rcommended
17:02:36 <jgriffith> bswartz: I'm saying set that higher up
17:02:53 <hemna> why not just puke a message in the log and say the old way is deprecated. provide a config option to allow the user to force the new perms.
17:03:05 <hemna> then in a release or 2, we remove the old deprecated way.
17:03:29 <jgriffith> hemna: you just kick the can
17:03:32 <eharney> seems reasonable to me
17:03:35 <jgriffith> hemna: you still break upgrades
17:03:36 <bswartz> jgriffith: I'd like to hear more
17:03:39 <hemna> and in between if we can find a mechanism for doing the auto discovery, done.
17:03:41 <jgriffith> you just told them you're going to break them
17:03:46 <bswartz> about your idea for "higher up"
17:03:52 <arnaud> could you guys switch to #openstack-cinder?
17:03:55 <jgriffith> bswartz: yeah... let's chat in #cinder
17:03:57 <bswartz> if you have something in mind it might be perfect
17:03:58 <hemna> better to tell them you are going to break them in the future, then breaking them now.
17:04:05 <bswartz> arnaud: sorry for running over
17:04:14 <hemna> dunno, just trying to find a reasonable compromise.
17:05:01 <DuncanT-> #endmeeting