#openstack-meeting log

13:00:22 <Luzi> #startmeeting image_encryption
13:00:23 <openstack> Meeting started Mon Jun  8 13:00:22 2020 UTC and is due to finish in 60 minutes.  The chair is Luzi. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:00:24 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:00:27 <openstack> The meeting name has been set to 'image_encryption'
13:00:33 <Luzi> #topic Roll Call
13:01:11 <fungi> hi!
13:01:18 <Luzi> hi fungi
13:02:37 <redrobot> \o
13:02:50 <Luzi> hi redrobot
13:02:57 <redrobot> Hi Luzi!
13:03:59 <Luzi> lets start
13:04:02 <Luzi> #topic Barbican Consumer API Update
13:04:35 <redrobot> Not much of an update.  We discussed the missing microversino bits during PTG
13:05:00 <redrobot> I do want to make sure y'all are still planning to use openstacksdk as the client?
13:05:03 <Luzi> how was the PTG redrobot? (Unfortunately) I had to hold a lecture at a kind of college Thursday and Friday afternoon
13:05:41 <redrobot> PTG was good!
13:05:51 <redrobot> We had 9 folks attend throught our 1/2 day
13:05:58 <redrobot> here are the etherpad notes we took:
13:06:01 <redrobot> #link https://etherpad.opendev.org/p/victoria-ptg-barbican
13:06:39 <rosmaita> (apologies for being late)
13:06:46 <redrobot> Hi rosmaita!
13:07:00 <rosmaita> hello
13:07:11 <redrobot> So yeah, we're still planning on adding the Secret Consumers to openstacksdk first (as opposed to python-barbicanclient)
13:07:26 <Luzi> good thing you are here rosmaita
13:07:38 <Luzi> is cinder using openstacksdk?
13:07:42 <rosmaita> no
13:07:51 <Luzi> (or was that a requirement from nova?)
13:07:54 <Luzi> ah damn...
13:08:13 <Luzi> i doubt that glance is using openstacksdk
13:08:16 <rosmaita> glance doesn't either
13:08:21 <rosmaita> (what you said)
13:08:29 <fungi> that's been a bone of contention recently, yeah
13:08:41 <redrobot> Hmm... so would python-barbicanclient support make more sense?
13:08:57 <rosmaita> it would for us
13:09:45 <Luzi> rosmaita do you know if that would go for glance too?
13:09:48 <fungi> redrobot: this is sort of what i was talking about during the security sig session with user-facing sdks vs service-to-service sdks
13:09:58 <rosmaita> yes, almost certainly
13:10:36 <rosmaita> fungi: yes, what is the status of openstacksdk in terms of design philosophy? my understanding was that it is "opinionated", though i may be confusing it with something else
13:10:39 <Luzi> then having the secret consumers in the  python-barbicanclient definitly would be the way to go
13:10:49 <redrobot> fungi, yeah, makes sense.
13:10:56 <rosmaita> yes, it's really a service API
13:10:58 <redrobot> Ok, I'll bring this up in the Barbican meeting tomorrow.
13:11:05 <redrobot> I'm sure it will not be a problem.
13:11:06 <fungi> rosmaita: it has an opinionated layer, a generalization layer and a raw api access layer, so you can choose
13:11:10 <rosmaita> and the REST API will exist for users who want to use it
13:11:15 <Luzi> i try to be there tomorrow to :)
13:11:30 <rosmaita> fungi: ok, thanks
13:11:36 <fungi> the "opinionated" layer in openstacksdk is basically the old shade lib
13:12:04 <fungi> the layer beneath it is more like what the traditional python client libs provided
13:12:25 <fungi> and then the layer beneath that is essentially a direct access to the rest api
13:13:06 <rosmaita> what i want as a service is simple client access that the target service maintains and has tested to work correctly
13:13:08 <fungi> but it lets you mix and match calls, like get a keystone token via a high-level call and then use it in direct api calls
13:14:28 <fungi> i want to say the openstacksdk maintainers did recently add all the traditional python client lib core reviewers to their core team, to make it easier for each team to maintain their own bits
13:14:51 * fungi checks
13:16:51 <fungi> hrm, nope, not all of them, but the core review team for it is up around 25 folks now
13:17:22 <fungi> anyway, i know they're happy to add more folks if they're interested in maintaining support for specific projects
13:18:41 <Luzi> #topic Image Encryption Specs/WIP
13:19:23 <Luzi> two weeks ago i updated the glance spec and rebased the WIP patch
13:20:48 <Luzi> i will ping abhishekk to take a look into it
13:21:37 <Luzi> nothing more from my side so far
13:22:18 <Luzi> are there any questions concerning specs / wip-patches?
13:23:14 <Luzi> #topic Open Discussion
13:23:16 <rosmaita> i owe you some reviews, will work on that this week
13:23:30 <Luzi> or are there some other questions / topics you want to discuss?
13:23:56 <fungi> during one of the ptg sessions for the openstack technical committee, it was suggested that the community might benefit from a brief summary of how far along this effort is
13:24:14 <fungi> maybe even just a paragraph to the openstack-discuss ml
13:24:31 <rosmaita> that's a good idea
13:24:41 <fungi> like which specs are proposed, which are implemented, what's still on the roadmap
13:24:49 <rosmaita> could include a reminder of the pop-up meeting, too
13:24:59 <fungi> exactly, opportunity to advertise more broadly
13:25:19 <fungi> (they didn't just single out this effort, it was basically all the pop-up teams)
13:25:39 <fungi> maybe once a cycle or so would be a reasonable cadence
13:25:41 <Luzi> how should this be handled? as an email to the mailing list?
13:26:00 <fungi> yeah, to the openstack-discuss ml would be simplest
13:26:15 <Luzi> okay
13:26:47 <fungi> mainly because it reminds folks where help is still needed
13:27:03 <fungi> and improves chances of (eventual) success
13:27:35 <Luzi> i hope so :)
13:28:14 <Luzi> i will send out a mail soon
13:28:16 <Luzi> btw rosmaita does a bug report exist for the 1GB encrypted volume size probleme exist?
13:28:17 <fungi> it could be very brief, and there's no rush on it
13:29:12 <rosmaita> Luzi: probably, i can look
13:30:44 <Luzi> i would like to add my findings for the volume-> image->volume case - maybe it will help
13:31:29 <rosmaita> i think this might be it: https://bugs.launchpad.net/cinder/+bug/1720885
13:31:29 <openstack> Launchpad bug 1720885 in Cinder "Out of space when migrating encrypted volume between two LVM backends" [High,In progress] - Assigned to Yeshwanth Allampati (yeshwanth-allampati)
13:32:06 <Luzi> thank you
13:33:43 <Luzi> anything else you would like to talk about?
13:34:25 <fungi> nothing on my end
13:34:48 <rosmaita> nope
13:34:49 <Luzi> ok, thank you for joining and have a nice week :)
13:34:54 <rosmaita> you too!
13:35:00 <Luzi> #endmeeting image_encryption