CinderVictoriaPTGSummary
Contents
- 1 Introduction
- 2 Tuesday 02 June: Current Cinder Issues
- 3 Wednesday 03 June: Third Party Drivers
- 3.1 recordings
- 3.2 Bug: Fail to extend attached volume using generic NFS driver
- 3.3 Improvement proposal for LVM volume driver, direct attached storage via cinder
- 3.4 Ceph iSCSI driver
- 3.5 Remove volume driver abc classes
- 3.6 Backup Driver issues
- 3.7 Backporting 'supported' status
- 3.8 Keeping 'unsupported' drivers in-tree
- 3.9 Ussuri Development Cycle Retrospective for Driver Developers
- 3.10 Broken RBD live migration
- 4 Thursday 04 June: Cinder Improvements
- 5 Friday 05 June 2020: XP & TCB (cross-project and taking care of business)
- 5.1 recordings
- 5.2 Cinder/Glance creating image from volume with Ceph
- 5.3 Make cinder store of glance compatible with multiple stores
- 5.4 Gate job for glance cinder store
- 5.5 Glance image co-location
- 5.6 Refresh connection_info
- 5.7 Dynamic front-end QoS
- 5.8 Victoria spec review
- 5.9 Technical debt
- 5.10 Cycle Priorities and Schedule
Introduction
This page contains a summary of the subjects covered during the Cinder project sessions at the Victoria PTG, held virtually June 2-5, 2020.
This document aims to give a summary of each session. More context is available on the cinder PTG etherpad:
The sessions were recorded, so to get all the details of any discussion, you can watch/listen to the recording. Links to the recordings are located at appropriate places below.
Tuesday 02 June: Current Cinder Issues
recordings
- chapter 1: https://www.youtube.com/watch?v=5IE2pvRYMbc
- chapter 2: https://www.youtube.com/watch?v=Q68m2Kx8Jxk
Discuss the security issue when an attached volume exposes host information to non-admins
Discussion led by whoami-rajat
This was about https://bugs.launchpad.net/cinder/+bug/1740950 and Related-Bug: https://bugs.launchpad.net/cinder/+bug/1736773
The compute host is leaked in the volume-detail response, and also in the REST Attachments API.
We've already agreed that the volume-detail response will only display the host when called in an administrative context (the API response is already allowed to have a null value there, so there is no API change).
For the Attachments API response, need to do some research to see whether this field is needed and in what contexts. Doesn't look like Nova needs it, doesn't look like any of our os-brick connectors are using it, but on the other hand, the info has been available in the response so long that we need to be careful, because something could be using it. We have to be careful about what info is left out of the response, because if it's too restricted, the caller won't be able to connect to the backend.
Conclusions
- short term, need to get policies in place to govern this
- open issue: the proposal was to keep the default behavior, but that continues to allow the leakage of compute host name; would probably be better to have a more restrictive policy (since we don't believe that any services depend on it), and then operators can adjust the policies to allow users who have use cases that need this info to see it
- ACTION - whoami-rajat to continue working on this
Sizing encrypted volumes
Discussion led by eharney and enriquetaso
Quotas!!!
Discussion led by rosmaita
(The team adjourned early so that the Cinder core security team could review the patches and plan for rolling out the changes for the bugfix for Launchpad Bug #1823200, which would become public the next day.)
Wednesday 03 June: Third Party Drivers
recordings
- chapter 1: https://www.youtube.com/watch?v=u2y4OUcDzEg
- chapter 2: https://www.youtube.com/watch?v=n01JA4jlKV4
Bug: Fail to extend attached volume using generic NFS driver
Discussion led by lseki
Improvement proposal for LVM volume driver, direct attached storage via cinder
The proposer wasn't available, but we discussed the issue anyway.
Ceph iSCSI driver
Discussion led by hemna
Remove volume driver abc classes
Discussion led by eharney
Backup Driver issues
Discussion led by Shatadru
Backporting 'supported' status
Keeping 'unsupported' drivers in-tree
Ussuri Development Cycle Retrospective for Driver Developers
Broken RBD live migration
This wasn't actually a discussion, someone left a question on the etherpad and Gorka answered it.
Thursday 04 June: Cinder Improvements
recordings
- chapter 1: https://www.youtube.com/watch?v=dx4G1agJI2k
- chapter 2: https://www.youtube.com/watch?v=ppo4GFIGYZE
Recent Security Issues
Quick discussion of OSSN-0086, which was announced yesterday.
Reviewing our reviewing strategies
Discussion led by eharney
Interop WG interlude
Looking at type annotation
Discussion led by eharney
Cinderclient CLI usability issue
Discussion led by rosmaita
OpenStack Client tangent
Because we were talking about working on the cinderclient, the question came up: what about the openstackclient? Since Jay is on the TC, and the TC is thinking about the unified client issue, we talked about this a bit.
Community Goals
Ussuri Development Cycle Retrospective
(We adjourned early for the Virtual Happy Hour, which was not recorded.)
Friday 05 June 2020: XP & TCB (cross-project and taking care of business)
recordings
- chapter 1 (meeting with Glance team): https://www.youtube.com/watch?v=omFGbmE8SYQ
- chapter 2: https://www.youtube.com/watch?v=AuFcGTG6P64
- chapter 3: https://www.youtube.com/watch?v=eEfVWNCZmWw
Cinder/Glance creating image from volume with Ceph
Discussion led by abhishekk
Make cinder store of glance compatible with multiple stores
Disucssion led by abhishekk
Gate job for glance cinder store
Discussion led by whoami-rajat
Glance image co-location
Discussion led by jokke_
Refresh connection_info
Discussion led by eharney (lyarwood couldn't be here)
DR operations and broken volume connections
Related topic introduced by sfernand