14:00:08 #startmeeting trove 14:00:08 Meeting started Wed Jan 16 14:00:08 2019 UTC and is due to finish in 60 minutes. The chair is dkrol. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:09 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:11 The meeting name has been set to 'trove' 14:00:16 Hello 14:01:53 hi 14:02:00 Hello 14:02:59 Is there Anyone else? 14:03:58 Bartosz is going :) 14:10:50 Hello 14:11:18 Hello 14:11:28 Can we start? 14:11:47 Hi 14:11:59 Cezary and Marcin are on the board 14:12:03 Let's start! 14:12:14 hi 14:12:33 yeah, lets move on 14:12:34 Ok 14:12:53 #topic upgrade pre check 14:14:05 I made another change 14:14:14 I hope it is ready now 14:14:32 Could you check it? 14:14:40 I already voted +2 14:14:54 It looks good to me 14:14:55 dkrol: I will do that soon 14:15:05 Yes, thank you 14:15:13 thanks for working on that 14:15:16 I need another one :) 14:16:06 And we can close another wide goal 14:16:07 be of good cheer :) 14:16:23 Good job Dariusz 14:16:29 Nice to see some progress in the project 14:16:44 Ok 14:16:48 Let's move on 14:17:52 #topic documentation 14:18:45 nothing changed from the last meeting 14:19:03 I've made review of Cezary document 14:19:29 And I gave some small comments on etherhub 14:19:42 ok, many thanks 14:19:50 Generally it looks very nice 14:19:59 it might trigger further work :) 14:20:38 I'm thinking if we could link to other parts of trove documentation we could save some time 14:21:14 what do you mean exactly? 14:21:23 provide cross-references? 14:21:47 You are showing how to create trove instance, database and user 14:22:09 This is described in the existing docs 14:22:19 I've added link in my comments 14:22:25 Please take a look 14:22:47 I suppose we can move on 14:23:04 #topic security of message bus 14:23:10 ok, thanks, but then we likely have to verify those specific parts of the documentation 14:23:48 Yes, but it is better to enhance existing docs than to copy 14:24:33 true, although more time consuming 14:25:06 Otherwise we will have too many overlapping docs 14:25:29 Ok 14:25:35 Another topic 14:25:54 I wanted to start discussion about rabbitmq and security 14:26:18 As it is related to your discussion from the summit 14:27:11 It turned out that there was already some effort to encrypt communication between guest agents and control plane with guest agent specific keys 14:27:27 #link https://www.youtube.com/watch?v=dzvcKlt3Lx8 14:27:27 This has been implemented in ocata 14:28:11 Exactly 14:28:20 Did you have time to watch it? 14:28:29 dkrol: Partialy 14:29:16 I think it is a very important video and we all should watch it :) 14:29:18 But not carefully enough to start intelligent discussion regarding this issue 14:29:28 dkrol: Agree 14:29:42 It seems that security concerns have been solved 14:30:03 But there is another issue regarding ddos attacks on mq 14:30:21 And we should investigate it more 14:30:37 a little bit advanced topic 14:30:48 My understanding of the root cause is there is no throttling in rabbimq 14:30:50 dkrol: are you going start working on this topic? 14:31:15 I need more understanding first 14:31:24 we should start from any blueprint or spec to more evaluate this topic 14:31:29 I see 14:31:45 Regarding recurity I think there is no reason to implement Octavia way 14:32:38 except Octavia, is there any project with similar use case to ours? 14:32:40 The only aspect is potential ddos attack 14:33:02 I'm not sure 14:33:12 does it really matters in a private cloud? 14:33:41 matter* 14:33:45 This topic came up in my recent talk with a Sweden company who would like to use trove in a public cloud 14:33:57 ah, ok 14:34:06 Also ovh had this concern 14:34:31 some messages queue implementations allows to configure quota on specific topic 14:34:33 I think it is very important for the project 14:35:02 not sure how it is in Rabbit, but maybe it would solve ddos issues 14:35:03 It would be interesting to know if we can switch rabbitmq to such a mq 14:35:03 yeah, security in terms of cloud is in fact among top concerns 14:35:22 Al 14:35:40 Another thing from the presentation is guest agent upgrade 14:36:19 It can be done with standard data store upgrade operation - I didn't think about it before 14:37:28 But if it works we should focus on it too much right know 14:37:38 Should not :) 14:38:24 Guest agent upgrade was another imports thing from the summit as far as I remember 14:38:57 Ok, anyway I think the video is worth watching 14:39:39 This is everything I have for this week 14:39:49 Anything from your side? 14:43:09 If not then we can finish earlier 14:44:32 Nothing from my side 14:44:35 Thanks for meeting 14:44:50 Ok, 14:44:55 Thanks for coming 14:45:00 Thanks guys 14:45:06 #endmeeting