►
From YouTube: Ceph Developer Monthly 2021-06-02
A
All
right,
let
me
go
ahead
and
get
started,
so
the
first
topic
is
around
respectful
and
that's
particular
failure
conditions.
A
B
Okay,
so
the
issue
is
when
we
have
a
big
feeling
and
unfound
object
is
found
during
mcfeeling
we
enter
backfill
unfound
state.
This
is
pg
and.
B
But
still
there
is
yet
another
case
when
the
the
crash
is
possible,
but
another
issue
is
this:
that
actually
right
now.
B
B
B
Find
this
object
in
its
listing,
so
it's
since
everything
is
okay
and
then
zpg
enters
a
clean
state.
C
It
seems
like
there
are
sort
of
two
roads
to
go
down.
If
I'm
understanding
this
correctly,
like
I
mean
clearly
master
shouldn't
crash
right,
but
you
could
imagine
continuing
with
the
old
behavior
where,
if
the
ocd
restarts
we
sort
of
forget
that
the
object
was
unreadable
and
had
an
eio
and
then,
if
we
try
to
read
it
again
or
we
scrub,
then
it
appears
it's
unfound
again.
B
B
I
don't
know
what
we
want
actually
to
fix
this.
How
we
want
to
fix,
probably
some
can
provide
some
more
yeah.
D
Certainly
for
the
older
versions,
I
think
the
right
answer
is
to
shore
up
the
existing
behavior
don't
crash,
but
don't
try
to
fix
it
either
per
se
scroll
we'll
catch
it
later
and
that's
good
enough
well
sort
of
for
master,
though
we
now
have
the
capacity
to
write
down
things
that
are
in
the
missing
set
so
plausibly.
We
could
add
a
message
to
the
back
full
process
that
forcibly
adds
things
to
the
missing
set
on
replicas.
D
So
when
we
do
a
backfill
read
if
we
get
back,
if
we
learn
during
that
process,
further
ratio
coded
pool
that
some
replica
doesn't
have
a
copy
or
the
primary
doesn't
for
a
replicated
pool.
We
can
add
that
to
the
missing
set
and
wait
for
that
to
be
done
before
before
letting
glass
backfill
advance,
which
would
give
us
the
state
required
to
ensure
we
don't
forget
it
later.
D
That
would
also
give
us
the
right,
primitive.
I
think,
for
dealing
with
this
and
spread
as
well.
When
we
find
one
of
these
objects
isn't
where
it
should
be
or
is
unreadable,
we
can
add
it
to
the
missing
cell,
the
relevant
osd
and
continue
on
that
way.
It'll
give
us
sort
of
a
baseline
piece
of
state
to
deal
with
these
things
in
general,.
C
D
C
That's
not
just
backfill
right,
it's
if,
if
there's
it's
essentially.
C
A
C
With
the
cf
flag
and
the
object
info
t.
A
A
E
I
maybe
missed
the
initial
part
of
this
discussion,
a
few
minutes
late,
but
so
nicola
from
what
I'm
understanding
from
your
latest
test
results.
Is
that
with
the
patch
that
you
applied
on
nautilus,
the
same
test
that
is
failing
in
master
is
not
failing
in
nautilus,
so
everything
seems
just
fine,
with
nautilus,
even
with
file
store
right.
B
F
B
B
We
do
not
lost
this
state
when
a
non-primary
is
restarted
anyway.
We
still
lost
it
when,
when
the
primary
osd
is
restarted,
so
it's
kind
of
a
partial
fix,
but
yes
to
just
if
it
was
not
clear
from
the
context
we
actually.
One
of
the
issue
was
that
the
state,
this
information
about
unfound
date
was
lost
and
another
that
there
was
some
crashes
on
on
the
master
on
purpose,
not
use
branches,
and
I
think
they
are
related
to
refactoring
of
the.
E
So
yeah,
I
think
in
general,
sam
I'd
like
to
hear
your
opinion
too.
The
idea
of
maintaining
backfills
in
flight
for
anything
but
the
primary
which
which
mercola
is
essentially
manually,
backboarding,
which
you
had
in
your
refactor,
seems
right
to
me
and
that's
probably
why
that's
fixing
the
problem
and
nautilus
with
the
test
that
mikola
has
and
if,
if
that
is
valid,
then
even
the
other
patch
which
he
was
talking
about
the
crash
and
master.
E
That
is
a
follow-up
of
of
that
right,
because
you're
expecting
that
backfills
in
flight
and
the
recovering
set
are
not
the
same
except
the
only
change
is
the
primary
can
have
something
which
is
which
is
preventing
it
from
being
the
same.
So
those
two,
those
two
changes
are
currently
with
this
particular
patch
that
he's
talking
about
are
same
in
master
and
nautilus,
but
there
seems
to
be
something
extra
or
like
something
missing
in
master,
because
of
which
we
see
that
other
crash
that
he
saw
while
running
that
test.
B
Yeah,
actually,
I
I
don't
know
yet,
for
example,
what
is
the
actual
cause
of
the
rush?
It
looks
like
probably
well.
D
E
Saying
yeah:
that's
what
I
was
trying
to
see
and
even
maybe
worth
looking
at,
why
master
is
crashing
versus
nautilus
is
not
crashing,
because
this
test
seems
pretty
controlled
like
this
is
just
one
pg
and
we
should
probably
look
at
why
the
same
crash
does
yeah
just
comparing
and
yeah
it's
worth
mentioning
that
this
is
only
happening
in
file
store.
I
have
no
idea
why,
because
it's
not
happening
one.
B
Of
my,
I
have
not
yet
confirmed
this,
but
my
current
assumption
that
the
file
store
is
faster
when
restarting,
and
it
happens
only
when
so
osd
is
stopped,
tiering
happens
and
it
enters
backfilling
state
and
when
it's
still
in
backfilling
state.
B
E
Yeah
sure
yeah,
what
I'm
just
trying
to
say
is
that
maybe
compare
that
that
same
test
that
you're
running
in
file
that
same
test,
that
is
passing
on
nautilus
and
compare
the
same
test
on
master
and
see
what
the
difference
in
code
path
is.
Why
is
master
crashing
that
that
could
give
us
a
rough
idea
about?
You
know
whether
there
was
something
missing
or
there's
some.
You
know:
invariant,
that's
being
broken
somewhere.
E
A
The
other
aspect
of
this
that
I
think
we
wanted
to
discuss,
was
how
we
can
get
better
coverage
for
these
kinds
of
cases,
because
these,
if
this
kind
of
thing
was
being
turned
up
by
the
existing
error
injection
tests,.
D
If
we
get
better
or
better
implementations
of
these
error
cases,
we
could
do
something
like
have.
The
error
injection
suites
deliberately
keep
a
set
of
objects
with
at
least
one
broken
copy
and
poke
at
the
relevant
osds
to
keep
that
count
where
it
should
be.
The
osds
would
then
have
a
really
high
chance
of
encountering.
One
of
these
broken
objects
being
forced
to
deal
with
it
in
self-test
radars.
C
Why
not
yeah
I
mean
it
seems
like
the
the
air
injection
that
I'm
familiar
with
right
now
is
transient
like
it's
an
asoc
command
that
has
some
state
and
if
you
restart
it'll
forget
whatever
like
it
seems
like.
If
we
have
a
persistent
thing
where
we
say
this
object
on
this
osd
should
get
eio
yeah,
and
then
we
go
to
randomly
poked
objects.
That
way,
then
we'll
be
much
more
likely
to
hit
them
when
we
start
moving
data
around.
D
G
A
Right,
if
we
add
that
as
like
a
and
I'm
inside
command
or
something
and
then
or
controlled
it
in
two
dollars,
you're
in
a
test,
script
good,
be
sure
that
we
weren't
corrupting
too
many
copies.
C
D
D
I
mean
we
can
you
can
parse
the
cluster
log,
but
we
can
make
sure
that
we
put
notifications
or
fix
events
in
there,
but
that
should
exist
anyway.
I
think
it's
a
good
notification
to
scrub.
C
C
A
H
Cool
yeah,
so
this
is
a
feature
that
we've
been
planning.
Marcus
has
done
some
design
work
around
it
and
we've
got
interest
from
some
developers
at
flipkart
that
want
to
help
out.
So
we
wanted
to
get
marcus
and
them
and
then
a
call
marcus.
H
C
I
Sorry,
can
you
hear
me
yep
yep,
let's
see
I
I
certainly
can
can
talk
about
it
for
a
bit
I've
gotten
outlined
in
some
stuff,
if
that's
useful
or
I'm
not
quite
sure
how
to
incorporate
an
ether
pad
into
this.
I
Yeah,
no,
I
haven't
messed
around
much
with
etherpad.
I'm
sorry,
but
let's
see
what
I
can
do
is
I
can
share
my
screen
somehow.
Let's
try
that.
I
I
Apparently
this
has
changed
a
bit.
Okay,
can
you
see
something
yeah?
Okay?
So
perhaps
that's
not
the
right
thing,
but.
I
Okay,
so
anyway,
that
was
kind
of
an
outline
of
what
I
wanted
to
talk
about.
So
there's
about
four
main
kinds
of
aws:
rados
rgw
s3,
encryption.
First
kind
of
encryption
is
a
client-side
encryption
and
that's
where
all
of
the
encryption
decryption
and
key
management
happens
on
the
client
side.
That's
that's
a
feature
that
aws
sdk
and
that
doesn't
have
any
implications
whatsoever
for
the
server
second
kind
of
encryption
is
called
sse
dash
c
and
that's
where
the
client
provides
the
key.
I
So
so
there's
logic
on
the
server
side
to
handle
actually
decrypting
encrypting
the
object,
but
the
key
is
provided
by
the
client,
and
that
means
the
client
is
responsible
for
managing
that
key
and
has
access
to
that
key.
I
The
third
kind
of
encryption
that
that's,
that
that's
in
s3,
is
sse
kms
and
in
that
scheme
there's
a
kms,
that's
that's
that's
shared
between
the
client
and
and
the
server
and
a
client
is
responsible
for
creating
the
keys
in
the
kms
and
then
the
server
handles
fetching
a
key
and
using
it
to
to
encrypt
objects.
I
And
then
the
final
kind
of
encryption
is
sse
s3
and
that's
where
it
works
very
much
like
ssc
kms
except
the
server
is
also
responsible
for
creating
and
and
deleting
keys,
and
so
it's
completely
transparent
to
the
client.
The
client
doesn't
really
see
much
of
anything.
I
I
I
The
right
way
to
think
about
tokens
with
vault
is
that
tokens
are
basically
like
kerberos
tickets.
They
they
have
a
short
lifetime
and
you
want
to
get
a
new
one,
every
so
often
there's
at
least
20
different
ways
in
vault
to
get
tokens
and
that
that
would
mean
a
lot
of
code.
If
you
were
going
to
try
to
support
all
of
those
directly
and
so
the
right
way
to,
I
think,
to
manage
vault
tokens.
I
Is
you
run
an
instance
of
alt
agent
and
you
make
it
responsible
for
renewing
tokens
or
getting
a
new
token
as
necessary?
All
of
the
codes
in
fault
agent,
and
it's
it's
easy
to
use
it
transparently.
So
there's
there's,
there's
no
reason
inside
of
ceph
to
manage
that
vault
tokens,
except
for
in
terms
of
using
the
vault
agent
last
last
thing
that
vault
provides,
which
is
very
useful
for
seth.
I
I
They
don't
ever
have
to
come
outside
of
the
vault
and
the
way
that
works
is
that
when
you're
encrypting
a
ceph
object,
you
create
a
key,
and
then
you
ship
it
off
to
fault
agent,
and
you
ask
it
to
encrypt
it
under
a
key,
that's
stored
inside
a
vault
and
what
you
get
back
is
an
encrypted
string
that
you
can
store
with
the
object,
and
that
means
at
that
point
you
have
an
encrypted
object
and
you
have
an
encrypted
key
and
in
order
to
decrypt
that
object,
you
have
to
go
back
and
present
the
encrypted
key
to
vault.
I
Ask
it
to
decrypt
that
and
then
you
can
use
that
to
decrypt
the
actual
object
cool
thing
about
that
is.
That
makes
key
rotation
very
simple,
because
key
rotation
basically
consists
of
of
inside
a
vault.
You
asked
you
can
ask
it
to
take
one
of
these
transit
secrets
and
create
a
new
key
version,
and
at
that
point,
whenever
you're
creating
a
new
object,
you're
going
to
get
it
encrypted
under
the
new
key
and
vault
keeps
the
old
key
around
under
the
under
a
different
key
version
number.
I
I
You
can
be
as
lazy
as
you
want
about
that.
I
I
think
in
the
context
of
stuff
that
might
be.
That
might
actually
be
a
choice
about
how
you
would
like
to
do
that.
I
I
I
So,
in
terms
of
the
self
implementation
there's,
a
couple
of
things
that
have
has
to
happen
it's
most
most
of
the
complexity
is
going
to
be
taking
the
existing
stuff
code
and
and
teaching
it
that
you've
got
this
two
different,
these
two
different
notions
of
talking
to
the
kms,
and
so
that
means
in
the
configuration
you're
going
to
want
a
parallel
set
of
of
configuration
options
to
name
the
ss3,
the
sse
s3
stuff.
I
I
Obviously,
if,
if
f
is
expected
to
manage
keys,
it's
going
to
need
to
support,
creating
keys
and
and
deleting
keys
when
a
bucket's
removed
key
rotation
is,
is
something
where
you
probably
want
to
have
configuration
options
to
deter
to
control
that
when
and
how
often
you
rotate
keys
and
you
might
like
manual
control
options
to
be
able
to
administer
that
as
well.
I
I
That
is
pretty
much
most
of
what
I
have.
I
can
talk
a
little
bit
about
the
places
in
the
code
where
I
think
things
need
to
happen.
I
don't
know
if
that's
a
particular
interest
to
people
here
now,.
H
I
No,
no
encrypt
encryption
is
the
the
thing
that
actually
controls
whether
the
encryption
happens
or
not,
is
the
app
attributes
that
are
set
in
the
object
at
the
time
that
you
do
a
put
object,
but
what
you
can
do
with
policy
is
you
can
require
that
those
encryption
parameters
actually
be
there?
I
think
you
can
actually
set
you.
Can
you
can
set
or
require
that
particular
values
be
provided
for
the
encryption
also,
so
that
means
you
can
create
a
bucket
that
has
to
have
has
to
have
everything
encrypted
inside
of
it.
G
I
That
was
not
it
either.
I
know
I've
got
this
somewhere.
H
G
I
Yeah
yeah,
oh
oh.
K
I
think
I
I
think
I
I
disagree
with
that.
If
you
look
at
the
aws
s3
api,
if
put
bucket
policy,
is
enforced,
then
put
bucket
encryption
policies
enforced
then,
for
every
request
put
request
which
comes
with
a
header
which
says
that
if
you
want
server
side
encryption
only
then
it
encrypts
with
the
sc
s3
created
a
key.
K
However,
if
that
header
is
missing,
then
it
stores
the
that
object
in
an
unencrypted
without
encrypting
that
object.
K
But
if
you
want
all
the
objects
in
that
bucket
to
be
encrypted
all
the
time,
then
you
have
to
set
another
policy
on
the
bucket,
which
says
that
deny
unencrypted,
uploads
and
deny
the
I
think,
some
header
specific
header.
There
are
two
such
things
which
have
to
be
specified,
so
these
two
policies
have
to
be
then
enforced.
Only
then
all
the
objects
which
come
you
know
if
the
header
of
server
side
encryption
is
missing.
Then
the
then
this
server
throws
an
error
that
you
better
mention.
The
header.
K
K
K
I
Header
yeah,
so
these
are
the
notes
that
I
I
had
apparently
there's
an
encryption
parameter
that
you
can
specify
that
will
get
you
some
information
about
how
the
encryption
is
working
and
there's
apparently
a
put
bucket
encryption
that
controls
part
of
this
logic.
I
I
So
this
may
actually
be
a
different,
a
different
string
or
that
that's
that's
not
the
same
as
a
policy
document.
I
H
Yeah
most
of
our
policy
is
just
x,
adders
on
the
bucket
metadata.
H
H
So
priya
prasad
about
the
vault
parts
specifically,
is
there
anything
that
marcus
talked
about
that
isn't
compatible
with
the
way
that
you're
using
it.
K
No,
actually,
I
I
think
marcus
mentioned
something
about
came
up
when
to
use
gamer
versus
when
to
use
world,
so
I
was
a
little
confused.
What
I
was
thinking
from
sscs3
point
of
view
is
that
I
don't
think
ceph
will,
like
you
know,
ever,
have
its
own
kms
kind
of
thing,
so
it
will
always
talk
to
some
world
it
be.
It
came
a
barbican
or
you
know
the
hashicorp
with
which
it
is
already
integrated,
three
of
them.
K
So
at
the
back
end
we
have
any
of
these
three
kms
and
in
the
but
to
the
client.
We
say
that,
yes,
we
support
ss3
and,
depending
upon
what
type
of
kms
server
is
there
at
the
back
end.
It
would,
you
know,
have
all
those
policies
and
everything
and
generate
do
the
key
management
with
that
type
of
kms.
So
that
was
my
understanding.
I
Okay,
if
you're
specifying
the
km
kms,
if
you're
using
vault,
for
instance,
one
of
the
parameters
for
vault
is
which
one
is
it
it's
the
default
prefix
and
that
basically
names
which
part
of
the
the
vault
namespace
you're
using
for
sse
s3.
That
needs
to
be
a
different
string
than
what
you're
using
for
kms,
because
you
don't
want
users
to
be
interacting
with
the
the
secrets
that
seth
is
managing.
I
I
K
That
that
that
is
agreed,
that
is
okay,
so
the
customer
has
no
clue
of
the
key
ids
or
the
name
space.
I
think
the
prefix,
I
think
what
you
say
right.
K
K
Correct,
that's
true,
so
it's
a
complete
different
sort
of
a
name
space
altogether.
You
know
it's
multitenant.
One
of
them
would
be
this
ceph
and
maybe
other
other
customers
could
use.
Okay.
I
I
K
I
K
K
I
K
K
So,
in
some
sense,
if
I
understand
correctly
like
we
will
have
like
you
know,
two
sets
of
apis
or
interface,
one
would
be
which
would
do
all
the
key
management.
So
maybe
we
would
need
some
different
type
of
rados
gateway
admin.
Key
management,
sub
commands
which
would
be
required
to
you
know,
set
up
the
keys
that
if
you
want
to
create
a
pool
of
keys
or
do
you
want
to
create
a
separate
key
for
every
bucket?
I
Key
rotations,
I
I
don't
think
there's
any
necessity
to
do
that.
I
think
that
the
from
the
radius
uw
admin
standpoint.
I
think
that
I
think
that
the.
I
I
I
mean
that's
that's
what
the
transit
coding
for
sse
kms
does
today.
I
think
we
want
to
that's.
That's
probably
the
only
form
of
of
encryption
that
we
want
to
carry
forward.
So
I'm
thinking
this
is
going
to
look
like
just
the
vault
transit
encoding.
I
My
thinking
is
that
if
you
just
want
to
use
bucket
encryption,
you
just
turn
it
on
and
you
don't
interact
with
the
radius
admin
command
at
all.
When,
when
it's,
when
you
turn
it
on
the
next
time,
staff
stores
an
object,
it
goes
out
and
sees
that
the
key
exists
in
in
vault
and
if
it
doesn't,
it
creates
a
bucket
key
automatically,
and
when
you
delete
the
bucket,
it
would
just
go
out
and
always
try
to
delete
the
key
that
should
belong
to
that
bucket.
I
There
is.
There
is
one
other
thing
that
I
should
mention
about
the
the
naming
of
the
key
that
you
put
in
vault.
I
You
don't
want
to
name
that
after
the
bucket
name,
because
the
bucket
name
could
change.
If
you
rename
the
bucket
see,
the
key
keys
should
be
named
based
on
the
bucket's
uuid,
which
does
or
that
some
part
of
the
bucket
name
part
that
does
not.
That
cannot.
K
Change:
okay,
the
key
name,
I'm
noting
it
down
in
the
notepad,
so
the
key
name
should
be
based
on
the
bucket
uuid.
That's
a
good
point,
however.
Like
you
know,
we
would
need
some
sort
of
a
rado
skateboard
command
for
the
key
rotation
and
wrapping
right
or
do
you
think
you
want
to
do
it
automatically?
K
I
I
At
the
the
very
least,
there
should
be
a
radius
admin
command
that
you
can
ask
it
to
force
key
rotation
that
that's.
That
seems
like
a
good
basic
starting
point.
I
think
it
would
probably
be
desirable
to
have
the
ability
to
say
rotate
keys
once
a
month
or
something
like
that.
There's
probably
a
distinction.
H
I
There's
there's
a
couple
of
ways
to
handle
this.
When,
when
you
encrypt
an
object,
you
would
be
storing
an
attribute
that
contains
that
basically
contains
the
encrypted
key.
It
also
contains
the
key
version
number
and
the
key
version
numbers
could
be
easily
parsed
out
of
that.
I
The
very
simplest
way
to
do
the
key
rotation
is
just
always,
you
know,
encrypt
new
objects
and
don't
bother
to
go
back
and
and
try
to
re
rewrap
old
keys.
But
if
you
want
to
rewrap
old
keys,
you
need
to
iterate
through,
I
think,
probably
the
simplest
way
to
do.
That
is
just
iterate
through
all
the
objects
in
a
bucket,
and
just
just
you
know,
get
the
attributes
one
by
one
and
and
re-wrap
the
attributes.
I
I
K
Marcus,
do
we
plan
to
store
the
kkks
in
some
different
in
somewhere
or
we
will
have
to
go
through
all
the
buckets
which
have
the
policy
enforced
and
fetch
the
kek
and
then
to
issue
a
key.
I
Rotation
like,
like
I
said,
the
key,
the
the
key
rotation
is
really
two
parts
to
just
create
a
new
key.
The
only
thing
you
have
to
go
talk
to
is
vault.
You
don't
have
to
do
anything
else
to
re-wrap
all
the
keys
in
a
bucket
you
have
to
you,
have
to
crawl
through
the
bucket
and
find
all
the
objects
encrypted
with
that
or.
K
I
was
not
talking
about
that.
I
will
if
we
have
to
do
automatic
key
kk
rotation,
the.
K
I
If
you
derive
the
key
name
off
the
bucket
name,
you
don't
need
to
you.
Don't
need
to
store
that
anywhere.
Okay,.
K
No,
I
mean
okay,
so
I
think
if
we
have
to
do
automatic
key
rotation,
the
key
rotation
we
will
be
going
through
all
the
say,
there's
an
automatic
key
rotation
after
every
60
days,
then
we
go
to
all
the
buckets
which
have
the
policy
encryption,
enforced
and
and
then,
like
you
know,
create
the
based
on
the
uuid,
create
the
kkk
name
and
call
call
the
wall
to
rotate
those
keys
right.
That's
what
you're
saying.
I
K
I
M
You
marcus,
do
you
think,
an
implementation
where
we
bring
support
for
the
three
apis
which
allows
clients
to
opt
in
for
encryption.
You
know
the
put
get
and
delete
bucket
encryption
apis.
M
Along
with
you
know,
a
support
for
sse
s3,
which
would
you
know
like
say,
use
the
bucket
marker,
which
is
unique
as
the
key
id
and
have
an
option
to
talk
to
any
vault
of
choice.
Whether
the
word
of
choice
would
be.
You
know
something
very
modular
and
we
could
have
multiple
implementations.
You
know
added
later,
but
we
could
start
with
one
of
the
implementations
say
something
like
you
know,
hashicorp
vault
and
which
will
have
you
know
some
of
the
safeguards
that
you
mentioned.
M
Like
you
know
they,
if
a
bucket
you
know,
and
can
it
can
be
a
mixed
bucket
wherein
it
could
host.
You
know,
objects
which
are
unencrypted
which
are
encrypted
using
sse
s3.
M
Then
it
should
not
share
the
key
name
space
with
you
know
the
ones
that
are
used
specified
by
the
customers
themselves
and
have
just
one
such
implementation.
On
top
of
the
existing
kms
infra,
that's
already
there
in
the
master
branch.
Does
that
you
know
sound
like
that's.
M
M
That's
something
that
we'd
like
to
kind
of
have
and
yeah.
We
are
kind
of
working
on
the
implementation,
I'm
not
sure
if
there
already
exists
an
implementation
somewhere
in
a
private
branch
or
a
repo
that
we
could
look
up,
or
this
is
something
that
has
to
be
created
afresh.
I
I've
got
the
bare
beginnings,
but
not
very
much
code.
I
I.
I
don't
think
this
this.
This
doesn't
look
to
me
like
it's
going
to
be
a
very
complicated
project,
so
I
don't
think
it's
going
to
be
that
hard
to
do.
M
I
Yeah,
no,
it
should
be
sharing
a
lot
of
most
of
its
code
with
the
kms
stuff.
I
I
think
the
most
challenging
part
is
gonna,
be
figuring
out
how
to
reorganize
the
the
kms
logic
enough
to
basically
make
it
configurable
between
these.
The
sharing
the
same
code
with
both
the
ssc
s3
case
and
the
sse
kms.
I
I
There's
a
bunch
of
places
in
the
kms
code,
where
it's
looking
for
like
rgw
crib
fault,
adder
and
rgw
vault
prefix
directly,
and
that's
going
to
need
to
be
configurable,
so
that
can
either
look
for
rgw,
vault,
prefix
or
rgw
s3
sse
vault.
M
G
K
I
think
there's
one
question
marcus,
which
I
had
was.
I
think,
your
the
the
kms
logic,
which
is
which
interacts
with
the
three
different
types
of
kms's
that
is
k-map
and
malt
and
everything
is
there
in
the
master
branch.
Do
you
have
any
plans
to
backport
it
to
nautilus.
I
Well,
I
think
a
lot
of
this
in
barbara
kent.
The
only
part,
that's
probably
the
two
things
that
might
not
be
in
nautilus
today,
the
kmip
stuff
might
not
be
there
and
the
transit
stuff
might
not
be
there.
I
think
there
were
plans
to
backport
both
of
those,
but
I'm
not
quite
sure
where
that's
at.
K
So
in
an
actual
you'll
not
be
back
putting.
M
M
H
If
you
guys
could
really
use
it
on
nautilus,
then
we
could
revisit
that
and
discuss
it.
I'll
try
to
find
the
back
port
pr.
A
We're
trying
to
close
out
the
final
last
release
pretty
soon,
I'm
not
sure
if
it
makes
sense
to
to
continue
backwards
there.
If
this
is
a
larger
feature,.
G
G
H
H
H
A
H
H
To
start
work
is
just
the
put
bucket
encryption
apis
themselves
and
then
maybe
next
week
in
the
refactoring
call,
we
can
go
over
the
next.
H
M
I
Yeah,
that
sounds
fine
to
me.
Probably
what
I
I
will
go
probably
do
next.
The
interesting
piece
to
me,
I
guess,
is
the
the
how
to
interact
with
vault
to
create
and
delete
keys.
That's
probably
the
next
probably
the
next
piece
I'll.
E
A
All
right
thanks
folks,
I
think
we
can
move
on
to
the
next
topics
then
related
to
the
manager.
A
First,
one
is
about
self-interpreters
and
continuing
to
occasionally
run
into
these
new
bugs
and
this
time
due
to
dependencies
of
dependencies
or
maybe
dependencies
of
dependencies
in
the
case
for
far
down
the
chain,
what
we
can
control
directly.
A
A
A
Yeah
we
talked
about
some
of
these
in
the
previous
cdm
as
well,
like
the
maybe
a
shorter
term,
like
keeping
things
within
the
same
host
with
multiple
processes.
Ernesto
had
a
couple
suggestions
on
the
mailing
list
as
well.
That
might
be
perhaps
short
term
workarounds.
C
I
mean
I'm
I'm
hesitant
to
go
down
the
process
route
because
it
will
make
the
intro
module
communication
so
much
more
expensive.
A
C
I
think
those
would,
although
we're
also
this,
is
like
after
making
a
rest
call.
So
maybe
an
extra
hop
isn't
such
a
big
deal,
but
I'm
also
just
worried
that
going
down
that
road
is
like
a
significant
investment
in
infrastructure.
C
I'm
trying
to
figure
what's
like
if
there
are
well
look,
it
seems
like
there's
like
there's,
maybe
a
midterm
like
a
short
to
midterm,
fix
and
then
there's
like
the
long
term
strategy,
and
there
was
one
reference
at
the
end
of
this
thread.
I
think
of
there's
some
new
multi,
isolated,
sub-interpreters,
that's
experimental,
but
maybe
we'll
develop
further.
A
Term,
possibly
if
those
caveats
are
resolved,
then
it's
usable
for
everything.
I
think
that
I'm
not
sure
how
how
it's
going
to
develop.
I
guess,
but
we
could
kind
of
try
to
try
to
focus
on
a
short-term
solution
that
works
for
the
next
year
or
two
and
see
where
that
goes.
That's
kind
of
what
I'm
thinking.
C
Because,
if,
if
we
don't
need
to,
if
we
aren't
yeah,
if
we
just
need
a
short
to
medium
term
solution
that
I
wonder
if
the
simplest
would
be
just
combining
everything
back
under
a
single
interpreter
again
yep,
that's
that
is
efficient.
It's
relatively
simple.
I
think
the
only
real
challenge
is.
We
have
to
make
sure
we
only
have
one
user
of
cherry
pie,
but
that
doesn't
seem
like
it
would
be
that
hard
to
fix.
C
O
Yeah,
I
don't
know
because
I
think
one
of
the
reasons
for
this
isolated
mod.
Well,
some
interpreters,
it's
about
performance,
and
I'm
not
sure.
If
that
my
I
mean
running,
everything
from
a
single
interpreter
could
have
some
involve
some
bottlenecks
in
terms
of
performance.
N
C
N
A
K
C
I
was
gonna
ask
if
there
was
like
an
immediate
bug
like
what
is
the
latest
symptom
of
this
that
we
have?
Is
there
like
a?
C
A
Might
be
worth
trying
it
out
and
just
seeing
if
everything
breaks
horribly,
because
if
it
does,
it
might
be
longer
to
fix
right.
C
O
So
one
of
the
questions,
the
the
offending
module-
is
this
numpy
right,
okay,
and
since
it's
been
used
for
by
the
this
prediction,
local
only
the
local
one,
okay-
and
also
you
mentioned
sebastian
the
kubernetes
client.
It
is
that
drunk
from
the
uranus
events
or.
N
And
I
I
don't
think
that
we
can
avoid
it.
We
we
could
try
mocking
the
numpy,
the
the
websocket
library
within
the
kubernetes
client,
but.
O
Yeah
I
was
asking
because
I
was
checking
that
it's
prediction
module
and
it
seems
like
the
well.
It
was
just
the
first
impression
right.
The
mbs
module
number
is
only
used
in
the
pre-processing
states,
so
maybe
it's
not
needed
in
in
the
running
module.
It's
only
during
some
states
or
something
so
maybe
it
can
be
imported
in
that
function
and
we
avoid
importing
that
as
a
global,
the
states
that
that
might
not
be
the
case.
A
Yeah
yeah,
I
think
we
could
definitely
avoid
it
in
this
fiction.
I
think
it's
also
used
in
the
models
itself,
which
are
kind
of
sort
of
pickle
files.
I
believe
so
it
might
be
a
little
more
complex
to
get
rid
of
it
there,
but
it's
not
as
like
a
straight
necessity.
C
Yeah,
it
might
be
worth
mentioning,
although
it
probably
won't
change
the
dependency,
but
karen
is
in
the
process
of
refactoring
that
code,
so
that
there's
all
the
dis
prediction
stuff
is
in
a
standalone
python
module
and
that
we
can
then
consume
so
that
code's
gonna
move
out
of
the
manager
proper,
but
it'll
still
depend
on
numpy.
C
C
A
Yeah
so
about
the
major
catching.
J
That
so
well,
I've
answered
to
two
sides
on
the
epr,
but
he
suggested
that
in
the
validation
to
the
polio,
sd
demand
by
this
epoch-
and
maybe
I
need
some
info
about
the
rate
of
how
this
hosting
map
changes.
So
if
it
changes
a
lot,
we
this
validation
strategy
might
not
be
that
good.
C
C
C
If,
if
we
move
away,
I
mean
I'm
attracted
to
the
idea
of
just
holding
on
to
the
last
object
that
we
had
indefinitely
until
and
we're
using
it
if
the
epic
hasn't
changed,
because
there's
only
one
of
every
type
of
thing,
though,
like
the
memory
that
we
would
consume
to
be
bounded,
we
could
even
discard,
if,
like
on
the
manager
side,
we
see
that
the
epic
updated.
We
could
throw
out
the
cache
copy,
since
we
throw
it
out
again
later
anyway.
So
it
would
be
a
short
usage
of
memory.
C
I
don't
think
that
doesn't
seem
like
the
memory
usage
would
be
that
significant
and
because
then
you
don't
have
to
worry
about
correctness
on
the
side
of
the
manager
modules.
They
don't
have
to
concern
themselves
with
the
idea
that
they
might
get
something
that
isn't
out
of
date,
so
that
isn't
all
the
way
up
to
date,
which
in
like
the
case
of
like
the
balancer
module,
I
could
imagine
being
problematic
and
like
the
pg
autoscaler,
would
possibly
get
confused
if
it
had
stale
information.
C
I
had
it
seems
like
that.
The
downside,
the
main
problem
with
that
is
that
you
can't
you
can't
tell
if
one
of
the
callers
one
of
the
manager
modules
went
and
like
modified
the
object,
and
then
you
return.
The
root
pi
object
again
to
some
other
caller
and
they
see
the
modified
data
it
sticks
around.
But
I
was
thinking
that
we
could
introduce
a
have
a
debug
option
that
will
basically
regenerate
every
call
it'll
regenerate
the
object,
but
in
the
debug
mode,
it'll
compare
it
to
the
cached
version.
A
C
C
There
wouldn't
be
a
way
to
like
tell
if
they
did
by
accident
like
if
they
actually
called
a
pop
or
like
did
an
array
or
assignment
or
something
I
don't
know.
O
Yeah
the
issue
here
is
that
what
where
is
covered
is
that
the
deep
copy
python
deep
copy
is
not
efficient,
so
it's
even
faster
to
serialize
and
visualize
from
json
and
or
well.
It's
typical
right
from.
O
A
That's
that's
the
test.
O
We
were
also
exploring
using
immutables.
The
other
thing
is
that
yeah
python
is
just
the
opposite
of
a
language
supporting
in
new
towers,
so
pereira
was
trying
that,
and
we
were
well
explained
there
is
an
immutable
class.
Basically,
it's
a
really
simple
thing
to
just
override
the
setters
in
the.
O
Basic
shed
objects,
so
you
need
to
go
through
all
the
objects
basically
and
that
more
or
less
end
up
in
the
same
thing
as
doing
a
d
copy
right.
So
then
we
explore
the
copy
and
write
things.
So
you
just
modify
the
copy.
The
thing
when
there
is
an
actual
modification
and
well
it's
not
a
necessity.
The
alternative
is
just
to
basically
create
a
new
table
by
overwriting
the
set
attribute
methods
and
then
maybe
discovered.
O
A
C
O
I
think
historically,
it's
been
the
aussie
map.
I
think
that
there's
been
a
lot
of
issues
there
right
and
also
when
the
network
stats
were
added.
There
were
some
issues
with
with
that.
One
too
there's
a
long
list
of
trackers.
I
just
collect
a
few
ones
yeah,
but
I
guess
those
probably
will
be
the
hardest
ones
using
map
and
pj
map
yeah
yeah
apart.
O
Yeah
time
taking
for
pi
formatter
to
generate
the
python
object,
there
might
be
to
be
some
contention
in
the
finisher
bread
when
that
happened.
So
something
like
that
that
was
that
the
last
tracker
that
you
faced
there
it's
basically
includes
a
description
of
the
queue
of
your
length
of
the
finisher
under
some
large
cluster.
O
O
C
A
Yeah,
there's
only
a
few
modules
that
use
it.
So
I
think
that
progress
in
the
insights
module
are
the
ones
to
fix
there
or
are
you
fixing
those?
I
think
the
rest
are
actually
more
time-based
updates
already
or
using
apps
that
are
very
small,
like
the
health
map
or.
A
Yeah,
I
guess
I
think
we
fixed
that
there
was
like
a
kind
of
train
to
pinpoint
and
only
extract
the
actual
data
that
the
module
needs
from
the
these
maps.
So
it
doesn't
need
to
serialize,
like
all
the
network
ping
times
and
everything
from
all
the
osds
when
it
responds
like
up
and
down
status.
C
Yep,
it's
it's
really
easy
to
add
targeted,
get
calls
on
in
the
c
plus
manager
code
instead
of
dumping.
The
whole
map
just
dump
just
the
thing
you
need
both
if
you
can
narrow
down
like
either
like
specific
things
that
you're
always
pulling
out
of
the
whole
steam
app
or
subsets,
and
that's
a
pretty
quick
to
implement
in
sequels
plus.
E
Yeah,
I
think
we
did
something
similar
earlier
for
at
least
the
networking
time
stuff
and
the
balancer
and
the
progress
module.
There
was
a
whole
cleanup.
We
did
for
the
the
stuff
that
we
were
dumping
only
dump
the
stuff
that
we
need,
but
maybe
there
are
other
places
as
well
ernesto.
What
are
the
recent
bottlenecks
that
you're
seeing
any
particular
modules
that
are
being
a
problem
right
now
earlier?
I
know
the
progress
and
the
network
stuff
was
the
problem.
O
F
F
A
A
F
And
I
think
the
problem
is
how
what
the
surface
of
the
the
public
interface
we
need
to
tackle.
If
it
is
very
large
we
we
should.
We
probably
should
leverage
the
existing
pi
for
matter,
because
that's
what
we
already
have
using
the
formatted
infrastructure.
But
if
the
surface
is
very
small,
we
could
just
leverage
the
the
python
object
or
sorry
simple
object
and
exposed
minimal
interface
exposed
to
the
python
python
code
and
wrap
it
around
with
a
python
python.
O
O
Yeah,
so
people
are
assisting
then
exposing
directly.
The
binary
data
kind
of.
C
C
F
C
Yeah,
I
don't
know,
I
think,
regardless
of
whether
we
go
down
that
road
or
not
like
still
having
this
basic
capability
to
like
hold
on
to
the
big
json
dump
that
we
generate
and
reuse
it.
It's
going
to
be
useful.
F
How
about
exposing
a
json
dump
for
the
object
which
is
interested
by
by
python
code,
the
pinpoint
if
we,
if
we,
for
example,
if
if
the
python
code
is
interesting,
a
certain
feature
or
sorry,
a
certain
property
of
a
crash
map,
we
could.
We
could
just
expose
an
interface
like
dump
and
it
will
that's
very
if
method
will
call
into
oh,
we
will
use
python
type
formatter
to
dump
that
very
structure
on
demand.
F
C
Kind
of
what
I
was
suggesting
with,
I
think,
at
least,
if
I'm
understanding
it
properly,
that's
what
I
was
suggesting
with
extending
get
to
include
whatever
more
narrow
field
instead
of
dumping.
The
entire
osd
map,
if
you
just
need
to
know
like
the
up
front
for
rio,
steve
then
have
a
command
that
just
dumps
that
those
those.
F
But
that's
the
problem
of
the
get.
Extending
the
get
method
is
that
we,
the
pylon
code,
cannot
dump
a
given
oc
map
the
property
of
a
given
html.
What
if
it
have
a
multiple
oc
map.
C
It
it
well,
it
kind
of,
can
I
mean
you're,
just
passing
a
string,
and
so
the
bunch
of
those
like
take
an
epic
number
as
an
argument,
like
you
say,
osd
map
space
and
then
an
epic
number.
I
mean
it's
a
little
bit
wonky,
but
it's
not
it's
not
that
hard
to
wire
up
additional
things.
A
Another
angle
would
be
to
try
to
kind
of
do
a
bit
of
a
profile
to
see
what
kinds
of
fields
and
areas
we're
accessing
that
are
kind
of
the
bottlenecks.
A
N
In
in
one
of
the
tracker
issues
that
nasa
shared,
we
actually
do
have
a
call
graph
that
one
is
hanging
in
hundred
percent
in
a
pizza
map
dump
and
fifty
percent
in
pi
dict
underscore
new.
So
it's
it's
not
that
the
json
generation
is
expensive.
N
It's
that
the
python
object.
Creation
based
on
that
json
is
expensive,
but.
F
We,
I
think
we
we
don't
really
in
most
cases,
we
don't
really
interested
in
the
whole
python
object,
but
we
choose
to
dump
it
all,
no
matter
what
what
part
we
are
interested.
So
I
think
we
need
to
to
to
look
into
the
python
code
which
exactly
part
we
are
interested
and
we
need
to
look
at
and
to
probably
send
it
over
to
permissions.
C
C
Seems
like
it's
two
things:
it's
try
out
this
idea
of
holding
on
to
the
reference
and
then
overriding
the
gets
and
puts
not,
I
guess
the
puts
whatever
the
setters
we
can
identify
the
offending
modules
and
then
separately
also
just
like
doing
an
audit
of
these
callers
and
see
what
what
optimizations
make
sense.
O
Yeah,
maybe
it's
worthy
yeah
to
explore
this
idea
of
instead
of
using
the
pi
formatter
using
the
regular
json
formatter
and
importing
that
directly
in
the
with
the
json
decoder
in
in
python
site.
We
are
passing
up
white,
it's
counterintuitive,
but
it
seems
like
it's
more
performant
with
passing
the
python
update
itself.
So.
C
Yeah
yeah,
the
the
pi
formatter
is
a
little
bit
fraught
and
the
sequence
looks
good
because
you
have
to
be
really
careful
about
the
kill.
But
if
we
could
not
do
that,
then
that
might
also
simplify
the
measure
code.
But
I
would
be
interested
in
seeing
a
confirmation,
but
that's
really
the
case-
that
it's
faster.
O
Yeah
well
in
that
period
from
perry
you
see
that
they
took
some
measures,
so
at
least
the
coping
time
for
solo
copy,
shallow
copy,
sorry
to
call
json
and
copy,
so
the
optimal
one
is
pico,
which
is
a
binary
format.
I'm
not
sure
how
feasible
is
that
from
the
c
plus
plus
side
articles.
I
think
v
code
is
yeah,
it's
internal
to
python,
so
it's
not
standard,
but
maybe
there
is
a
code
that
we
can
use
to
realize.