| *** mklejn_ is now known as mklejn | 07:07 | |
| *** mklejn__ is now known as mklejn | 13:01 | |
| noonedeadpunk | hey folks! I'm currently slightly o_O at the "new" worker_self_reference_url which is now required by default, and I get feeling, that this URL is exposed under some scenarios to end users? | 15:42 |
|---|---|---|
| noonedeadpunk | like it feels it can be stored in image extra_properties? https://opendev.org/openstack/glance/src/branch/master/glance/api/v2/images.py#L287-L307 | 15:42 |
| noonedeadpunk | so eventually, this assumes that all glance workers are publically available rather then being behind LB on internal networks? | 15:43 |
| noonedeadpunk | which could be then exposed towards public through image metadata? | 15:43 |
| noonedeadpunk | as it kind of feels, that `worker_self_reference_url` is not really appropriate pick for https://review.opendev.org/c/openstack/glance-specs/+/899367 | 15:46 |
| noonedeadpunk | it should have been some kind of my_ip from nova/neutron | 15:46 |
| noonedeadpunk | dansmith: maybe you have some insight into this topic as there're your comments to the worker_self_reference_url meaning I see :) | 15:47 |
| opendevreview | Merged openstack/python-glanceclient master: reno: Update master for victoria Unmaintained status https://review.opendev.org/c/openstack/python-glanceclient/+/911916 | 15:54 |
| opendevreview | Merged openstack/glance_store master: reno: Update master for victoria Unmaintained status https://review.opendev.org/c/openstack/glance_store/+/911912 | 15:56 |
| dansmith | noonedeadpunk: no, this is per-worker not per-image | 15:58 |
| noonedeadpunk | yeah, but then it's exposed on image metadata after upload? | 15:59 |
| dansmith | no | 15:59 |
| noonedeadpunk | aha, so it's just during runtime in image.extra_properties | 16:00 |
| dansmith | it's used in image metadata only for a short period to indicate where an image is staged (if it is) via the import mechanism, but it doesn't stay | 16:00 |
| noonedeadpunk | ok, gotcha, thanks. I didn't trace it to the final point :) | 16:00 |
| noonedeadpunk | and that still shouldn't be used when glance is behind LB (in terms of direct-upload) | 16:01 |
| dansmith | no it should | 16:01 |
| dansmith | it's for glance's internal use, not for the use of the user | 16:02 |
| dansmith | even if you go through a LB, you stage an image on one worker | 16:02 |
| dansmith | when you go to import that after stage, we have to know which worker has the staged image | 16:02 |
| dansmith | the new requirement for this is for the caching stuff, so we know which nodes have which images cached | 16:02 |
| opendevreview | Merged openstack/glance_store master: reno: Update master for wallaby Unmaintained status https://review.opendev.org/c/openstack/glance_store/+/911918 | 16:02 |
| opendevreview | Merged openstack/glance_store master: reno: Update master for xena Unmaintained status https://review.opendev.org/c/openstack/glance_store/+/911924 | 16:02 |
| noonedeadpunk | shouldn't LB source-ip balancing algo just solve that? | 16:06 |
| noonedeadpunk | or basically, now glance don't care | 16:07 |
| noonedeadpunk | huh | 16:07 |
| noonedeadpunk | thanks a ton for clarification! | 16:07 |
| opendevreview | Merged openstack/python-glanceclient master: reno: Update master for wallaby Unmaintained status https://review.opendev.org/c/openstack/python-glanceclient/+/911922 | 16:26 |
| opendevreview | Merged openstack/python-glanceclient master: reno: Update master for xena Unmaintained status https://review.opendev.org/c/openstack/python-glanceclient/+/911928 | 16:26 |
| dansmith | noonedeadpunk: sorry, lots of things going on | 16:51 |
| dansmith | noonedeadpunk: source-ip balancing could make it less necessary, sure, but that wouldn't work 100% because people can move around, and/or there could be an hour between staging and importing (or more) | 16:52 |
| dansmith | doing it this way gets you the benefit you'd get from that sort of balancing, but without having to put a single thing in front of your glance and without the problem of the table entry in the LB expiring and us stranding 2TB of data in the staging area of one worker :) | 16:53 |
| noonedeadpunk | yeah, I do get all benefits, I was just slightly worried if it's not get exposed somehow, as I guess nobody wants having another show_multiple_locations :D | 17:01 |
| dansmith | noonedeadpunk: you're worried about it being exposed to the user and that being a security problem? | 17:05 |
| noonedeadpunk | yeah, but as you said - it's not and removed from extra_properties ? | 17:07 |
| dansmith | it's hidden | 17:07 |
| noonedeadpunk | yeah, so that's the only thing I wanted to double-check | 17:07 |
| dansmith | https://github.com/openstack/glance/blob/master/glance/api/v2/images.py#L1557 | 17:07 |
| noonedeadpunk | ++ | 17:08 |
| noonedeadpunk | sure,sure I trusted your statement from the very begining - was trying to explain why I raised question at the first place :D | 17:08 |
| dansmith | all good, very happy to have outside review of things like this, no need to explain further :) | 17:09 |
| opendevreview | Merged openstack/glance master: reno: Update master for victoria Unmaintained status https://review.opendev.org/c/openstack/glance/+/911914 | 17:34 |
| opendevreview | Merged openstack/glance master: reno: Update master for wallaby Unmaintained status https://review.opendev.org/c/openstack/glance/+/911920 | 17:34 |
| opendevreview | Merged openstack/glance master: reno: Update master for xena Unmaintained status https://review.opendev.org/c/openstack/glance/+/911926 | 17:34 |
| opendevreview | Merged openstack/glance master: Update master for stable/2024.1 https://review.opendev.org/c/openstack/glance/+/913255 | 17:34 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!