Thursday, 2020-12-03

« Wednesday, 2020-12-02 Index Friday, 2020-12-04 »
*** timburke has quit IRC00:14
*** timburke_ has joined #openstack-meeting00:14
*** tosky has quit IRC00:18
*** mlavalle has quit IRC00:22
*** baojg has quit IRC00:26
*** baojg has joined #openstack-meeting00:27
*** cgoncalves has quit IRC00:28
*** ociuhandu has joined #openstack-meeting00:31
*** masazumi-ota has quit IRC00:35
*** ociuhandu has quit IRC00:35
*** gyee has quit IRC00:36
*** rfolco has joined #openstack-meeting00:43
*** rfolco has quit IRC00:47
*** dsariel has quit IRC00:50
*** cgoncalves has joined #openstack-meeting01:06
*** armax has quit IRC01:29
*** manpreet has joined #openstack-meeting01:42
*** baojg has quit IRC01:50
*** baojg has joined #openstack-meeting01:51
*** rcernin has quit IRC01:58
*** rcernin has joined #openstack-meeting01:58
*** ricolin has quit IRC02:08
*** baojg has quit IRC02:58
*** baojg has joined #openstack-meeting02:59
*** rcernin has quit IRC03:06
*** rcernin has joined #openstack-meeting03:26
*** rcernin has quit IRC03:30
*** rcernin has joined #openstack-meeting03:30
*** psachin has joined #openstack-meeting03:58
*** lajoskatona has joined #openstack-meeting04:57
*** lajoskatona has left #openstack-meeting04:58
*** ianw is now known as ianw_pto05:24
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-meeting05:33
*** dsariel has joined #openstack-meeting06:37
*** soniya29|sick is now known as soniya2906:45
*** e0ne has joined #openstack-meeting07:22
*** rpittau|afk is now known as rpittau07:27
*** dklyle has quit IRC07:31
*** e0ne has quit IRC07:32
*** slaweq has joined #openstack-meeting07:41
*** lpetrut has joined #openstack-meeting07:46
*** belmoreira has joined #openstack-meeting07:50
*** ricolin has joined #openstack-meeting08:03
*** e0ne has joined #openstack-meeting08:06
*** e0ne has quit IRC08:08
*** e0ne has joined #openstack-meeting08:13
*** timburke_ has quit IRC08:27
*** tosky has joined #openstack-meeting08:34
*** redrobot has quit IRC08:41
*** rcernin has quit IRC08:46
*** vishalmanchanda has joined #openstack-meeting08:47
*** rcernin has joined #openstack-meeting09:00
*** rcernin has quit IRC09:04
*** ociuhandu has joined #openstack-meeting09:42
*** ociuhandu has quit IRC09:57
*** baojg has quit IRC09:58
*** ociuhandu has joined #openstack-meeting10:01
*** ociuhandu has quit IRC10:19
*** ociuhandu has joined #openstack-meeting10:41
*** rfolco has joined #openstack-meeting10:59
*** ociuhandu_ has joined #openstack-meeting11:28
*** ociuhandu has quit IRC11:31
*** psachin has quit IRC11:45
*** ociuhandu_ has quit IRC12:26
*** ociuhandu has joined #openstack-meeting12:27
*** ociuhandu has quit IRC12:37
*** dmacpher has quit IRC12:40
*** dmacpher has joined #openstack-meeting12:40
*** baojg has joined #openstack-meeting12:48
*** e0ne has quit IRC12:55
*** ociuhandu has joined #openstack-meeting13:00
*** ociuhandu has quit IRC13:05
*** e0ne has joined #openstack-meeting13:09
*** e0ne has quit IRC13:25
*** ociuhandu has joined #openstack-meeting13:26
*** mugsie has quit IRC13:32
*** raildo has joined #openstack-meeting13:32
*** ociuhandu has quit IRC13:32
*** TrevorV has joined #openstack-meeting13:38
*** baojg has quit IRC13:39
*** baojg has joined #openstack-meeting13:40
*** Steap has joined #openstack-meeting13:48
*** baojg has quit IRC13:49
*** baojg has joined #openstack-meeting13:50
*** ociuhandu has joined #openstack-meeting13:54
*** rosmaita has joined #openstack-meeting13:57
*** ociuhandu has quit IRC13:59
*** e0ne has joined #openstack-meeting14:00
abhishekk#startmeeting glance14:00
openstackMeeting started Thu Dec  3 14:00:38 2020 UTC and is due to finish in 60 minutes.  The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
*** openstack changes topic to " (Meeting topic: glance)"14:00
openstackThe meeting name has been set to 'glance'14:00
abhishekk#topic roll call14:00
*** openstack changes topic to "roll call (Meeting topic: glance)"14:00
abhishekk#link https://etherpad.openstack.org/p/glance-team-meeting-agenda14:00
abhishekko/14:00
Steapo/14:01
jokkeo/14:01
abhishekklooks like only 3 of us14:01
*** ociuhandu has joined #openstack-meeting14:02
abhishekkrosmaita, will might join late14:02
abhishekkLets start14:02
abhishekk#topic release/periodic jobs update14:02
rosmaita0/14:02
*** openstack changes topic to "release/periodic jobs update (Meeting topic: glance)"14:02
abhishekkcool, he is here :D14:02
abhishekkwe have released glance-store for milestone 114:03
abhishekkfor glanceclient patch is up14:03
abhishekkand for glance I am waiting for Steap's patch to get merge14:03
abhishekkit is in merged conflict at the momemnt14:03
* Steap checks14:03
abhishekkI am planning to tag glance M1 on Monday around this time14:04
abhishekkPeriodic jobs all green this week14:04
abhishekkFirst time we are not hitting timeouts during milestone releases \o/14:04
rosmaitahang on with Steap's patch14:05
rosmaitai think the release note could use a revision14:05
abhishekkack14:05
jokkenice14:05
abhishekkmoving ahead14:06
*** ociuhandu has quit IRC14:06
abhishekk#topic Milestone 1 priorities14:06
*** openstack changes topic to "Milestone 1 priorities (Meeting topic: glance)"14:06
abhishekkImportant reviews14:06
abhishekk#link https://review.opendev.org/c/openstack/glance/+/76392014:07
abhishekkthis is Steap's patch which we need to get merged before M114:07
*** ociuhandu has joined #openstack-meeting14:07
abhishekkAlso we need changes/reforms in cluster awareness specs14:08
abhishekkand, Lite spec for task API for general user - Needs reviews14:08
abhishekk#link https://review.opendev.org/c/openstack/glance-specs/+/76374014:08
abhishekkPlease review specs whenever you get time14:09
abhishekkwe need to get them merged within next 2 weeks14:09
abhishekkmoving to Open discussion14:09
abhishekk#topic Open discussion14:09
*** openstack changes topic to "Open discussion (Meeting topic: glance)"14:10
jokkeI will revisit the spec next week, Have hands full for today/tomorrow14:10
abhishekkjokke, ack14:10
abhishekkSo I was testing properties protection using policies to find out impact for RBAC14:10
abhishekkFirst impression is we don't have enough document to guide users/operators to use property protection using policies14:11
abhishekk2nd is property protection policies needs to be define in policy.yaml file (it don't recognize separate file at the moment)14:12
rosmaitathat's weird ... it used to work with separate files14:12
abhishekk3rd there are some low priority bugs which can raise 500 errors if there are any issues in configuration files14:13
abhishekkrosmaita, you might be confusing the same with property protection with roles14:13
abhishekkyou can define property protection with roles in different conf file14:14
jokkerosmaita: I have feelin that it got messed up with move to yaml patch which rattled around the policy files and how they gets read14:14
abhishekkjokke, nope that's not the case14:14
jokkeohh ... just saw the above14:14
rosmaitai think abhishek is right14:14
abhishekkas far as I remember we never used policies for property protection and that is why there is no documentation to explain the same14:15
abhishekk#link https://etherpad.opendev.org/p/property-protection-with-policies14:15
rosmaitarackspace used it in their public cloud14:15
jokkeI think we did too, but can't remember14:15
abhishekkNTT also used but with roles14:15
*** armstrong has joined #openstack-meeting14:15
abhishekkI will submit documentation to explain property protection with policies14:17
abhishekkThat's it from me for today14:19
abhishekkanything else, Steap, jokke, rosmaita14:19
Steapnah, I'm gonna fix my patch14:19
jokkequick one abut ^^14:19
Steaprosmaita's patch introduced a conflict14:19
rosmaitaSteap: ha!14:20
SteapFirst he steals my food, then he breaks my patches14:20
smcginnis:)14:20
rosmaitaSteap: hang on a minute, i am making some suggestions for your release note.14:20
Steaprosmaita: ok14:20
abhishekk:D14:20
rosmaitai am still not sorry that i ate the last bowl of goulash14:20
abhishekkjokke, you were saying something?14:20
jokkeSo the owner_is_tenant, as it's security thingie, should we detect it in the config and refuse glance-api starting if it still configured to make sure anyone did not upgrade without reading renos etc. and get bitten by it14:21
abhishekkI think it will be ignored14:22
jokkeLike I'm fully committed to get rid of it. Just want to play the change itself safe14:22
rosmaitawhat will happen is that nothing will work14:23
jokkeabhishekk: currently, yes14:23
jokkerosmaita: exactly .. and there is no indication as of now, why14:23
abhishekkso you want to add upgrade check?14:23
rosmaitathat is a good idea14:24
abhishekks/want/suggesting14:24
jokkeit will just start throwing 403s (I think)14:24
abhishekkplease add comment so that Steap will get notification as well14:25
rosmaitatake a look at this and see if we agree that it's a good way to announce this: https://review.opendev.org/c/openstack/glance/+/763920/5/releasenotes/notes/remove-owner_is_tenant-b30150def293effc.yaml#814:25
jokkeI don't mind be it upgrade check or just 2loc check if it's still in config, exit and log that the service did not start because it's configured and won't work14:25
rosmaitait might be worth sending something to the ML saying that the option has been removed14:26
rosmaitaas see if anyone screams14:26
jokkerosmaita: yeah, I have that reno open. Still commenting on it.14:26
jokkerosmaita: I think it's irrelevan it someone screams or not ;) Just lets make sure it's clear why world is broken if someone has ignored all the warnings until now ;P14:27
abhishekkI will send out mail14:27
rosmaitait's kind of a complicated db migration, you will have to have keystone available to do it14:27
rosmaitawould have to look up the user_id in the 'owner' column, find out what project they are in, and then replace the value14:27
rosmaitabut14:27
rosmaitai believe users can be in multiple projects14:28
rosmaitaso it would be a mess14:28
abhishekklot of14:28
jokkeI think the "no migration path" is pretty clear and like said there is no easy way to do it. I'm not saying we shouldn't remove the config nor that we should postpone it for any reason14:29
jokkeJust lets be clear why world is broken if you still have it in config14:29
abhishekk+114:29
jokkeIf it was just me glance-api would be logging something like "You fool, should have listened first time. Now ye're fecked" :P14:31
abhishekklol14:31
rosmaitawell, i think the problem with that is that oslo.config will give you a NoSuchOpt exception when you try to read it, if the option isn't defined (which it won't be, since Steap's patch removes it)14:32
rosmaitai think the upgrade check may be the way to go here14:32
abhishekkmakes sense14:33
rosmaitai will take the action item to write an upgrade check for the 2 options we are removing14:34
rosmaita(unless someone else is itching to do it)14:34
abhishekkyou are most welcome :D14:34
jokkeSo one option, which we have used before, is to reintroduce the config key under config.py with the hidden flag so it will not be added by configgen but we can access it and set it to like None so if it's set to True or False we know it was actually set in config14:34
rosmaitaok, that's good to know14:35
abhishekkIn this case we also need to make a note to remove this after couple of cycles?14:36
rosmaitano, the upgrade check should continue to work fine if no one has the option14:36
abhishekkack14:36
jokkeabhishekk: or not ... can be just #TODO ... doesn't hurt have it hanging in there for longer, if someone needs easy quick patch to get started, that'd be good one :D14:37
abhishekksounds good then14:37
jokkeI can't remember what we used the hidden configs before so might be difficult to find the patch as example but I just remember we have done it somewhere like Juni, Kilo, Liberty range ;)14:37
abhishekkSo I need to wait for upgrade check + Steap's patch before tagging M114:38
rosmaitai will look, i wasn't aware of that option14:38
abhishekkYes, I remember that as well14:38
rosmaitai think the upgrade check can be a follow-up14:38
rosmaitai don't think anyone is going to upgrade to M-1 !14:38
abhishekk:D14:38
jokkerosmaita: very true, and i'd just don't want to rely on that alone either as there is nothing guaranteeing that anyone runs those either14:39
rosmaitajokke: that's what i was going to ask14:39
rosmaitaare you still in favor of the don't start if the option is there patch?14:39
jokkeI would be yeah, that way it's super clear and can't be missed14:40
jokkeIt's even unlikely that no-one will hit that piece of code, yet if we do not write it, the likelyhood will increase exponentially :P14:41
rosmaitashould we do that for M-2 or hold M-1 for it?14:41
abhishekkI don't think hide option is available now14:41
rosmaitaok that will complicate things14:42
jokkeabhishekk: then, the easiest solution is to create hidden_config.py and not add that to the configgen config14:42
rosmaitai was thinking that i could define it only in the upgrade checker and not include it for configgen14:42
rosmaitaok what jokke said14:43
abhishekkwhatever suits best14:43
rosmaitaeither that, or just use regular python (not oslo.config) to read the config file directly14:43
jokkerosmaita: just would need to import that hidden_config at the startup so oslo.config actually picks the defenition up, if it's just upgradecheck it won't, I think14:44
rosmaitajokke: right, i was just trying to figure out how i could do this in the upgrade check14:44
abhishekkOk to be followup and not holding M1 for it14:44
jokkerosmaita: same way, import the hidden_config and check if the value is set, super simple14:45
jokkeit should be literally like ~10 line addition to the current patch, 20 with the upgrade check (not sure how much boilerplating it needs)14:46
*** psahoo has joined #openstack-meeting14:47
abhishekkLet it be in a separate patch as we need upgrade check for 2 deprecated (removed) options14:47
abhishekkAnything else ?14:47
*** andrebeltrami has joined #openstack-meeting14:48
rosmaitaok, i will work on the upgrade check and jokke can do the api part14:48
rosmaitawe can resolve the location of removed_config.py once we have patches up14:48
jokke++14:49
rosmaitai must say, one nice thing about the new gerrit is having the project name in the gerrit url14:50
abhishekkyes14:50
abhishekkLets wrap up14:51
abhishekkthank you all14:51
jokkethanks!14:52
abhishekkhave a nice weekend14:52
rosmaitabye!14:52
abhishekk#endmeeting14:52
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"14:52
openstackMeeting ended Thu Dec  3 14:52:25 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:52
openstackMinutes:        http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-12-03-14.00.html14:52
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-12-03-14.00.txt14:52
smcginnisThanks abhishekk14:52
openstackLog:            http://eavesdrop.openstack.org/meetings/glance/2020/glance.2020-12-03-14.00.log.html14:52
abhishekksmcginnis, thank you14:52
*** rosmaita has left #openstack-meeting14:53
*** dklyle has joined #openstack-meeting14:58
gagehugo#startmeeting security15:00
openstackMeeting started Thu Dec  3 15:00:20 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: security)"15:00
openstackThe meeting name has been set to 'security'15:00
*** ociuhandu has quit IRC15:00
gagehugo#link https://etherpad.opendev.org/p/security-agenda agenda15:00
gagehugoo/15:00
fungiohai15:01
gagehugo#topic Dec meetings cancelled15:03
*** openstack changes topic to "Dec meetings cancelled (Meeting topic: security)"15:03
fungigood idea15:04
gagehugoWe will meet next week, but I'll be out after that15:04
fungithere likely won't be a ton going on anyway15:04
gagehugoSo I was going to cancel the 17th, 24th, and 31st15:04
fungiproject activity seems to slow significantly in december15:04
gagehugoas well as my brain activity15:05
gagehugojust slows down as the weather gets cold15:05
gagehugo#topic open discussion15:06
*** openstack changes topic to "open discussion (Meeting topic: security)"15:06
gagehugofungi: do you have anything for this week?15:07
fungiwhen was our last meeting?15:07
gagehugogood question15:07
fungitrying to remember how far back to look for stuff which became public since then15:07
gagehugoNov 12th15:07
gagehugoI've been out for the past 2 weeks15:07
fungithe answer seems to be "nothing"15:08
gagehugothat's easy15:08
fungithe tc did however confirm all official projects have completed a review of commits to their deliverable repositories for the worrisome couple of weeks during the gerrit breach15:09
fungiin related news, several of the opendev sysadmins have been experimenting with the two-factor auth beta feature in launchpad/ubuntuone sso15:10
gagehugooh nice15:10
fungiwe'll look at providing easy ways for our users to start enabling that soon too if they want it15:11
*** ociuhandu has joined #openstack-meeting15:11
fungii got it working with a pair of purism "librem key" devices, i think some others have used yubikeys or otp phone apps15:12
gagehugohmm ok15:12
fungii don't think i have anything else of security interest to bring up right now, most of my time has been spent on gerrit upgrade work15:15
gagehugook15:15
gagehugothanks fungi!  Have a good rest of the week!15:16
gagehugo#endmeeting15:16
*** openstack changes topic to "OpenStack Meetings || https://wiki.openstack.org/wiki/Meetings/"15:16
openstackMeeting ended Thu Dec  3 15:16:14 2020 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:16
openstackMinutes:        http://eavesdrop.openstack.org/meetings/security/2020/security.2020-12-03-15.00.html15:16
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/security/2020/security.2020-12-03-15.00.txt15:16
openstackLog:            http://eavesdrop.openstack.org/meetings/security/2020/security.2020-12-03-15.00.log.html15:16
fungithanks, you too gagehugo!15:16
*** ociuhandu has quit IRC15:16
*** dsariel has quit IRC15:28
*** lpetrut has quit IRC15:30
*** dsariel has joined #openstack-meeting15:32
*** redrobot has joined #openstack-meeting15:35
*** ociuhandu has joined #openstack-meeting15:37
*** ociuhandu has quit IRC15:46
*** ociuhandu has joined #openstack-meeting15:47
*** armax has joined #openstack-meeting15:55
*** macz_ has joined #openstack-meeting15:56
*** mlavalle has joined #openstack-meeting15:57
*** dsariel has quit IRC16:21
*** dklyle has quit IRC16:25
*** dklyle has joined #openstack-meeting16:25
*** e0ne has quit IRC16:44
*** ociuhandu has quit IRC16:47
*** rpittau is now known as rpittau|afk16:49
*** masahito has joined #openstack-meeting17:10
*** psahoo has quit IRC17:25
*** dsariel has joined #openstack-meeting17:26
*** tosky has quit IRC17:29
*** timburke has joined #openstack-meeting17:36
*** masahito has quit IRC17:48
*** andrebeltrami has quit IRC18:06
*** timburke_ has joined #openstack-meeting18:30
*** timburke has quit IRC18:33
*** timburke_ is now known as timburke18:40
*** belmoreira has quit IRC19:11
*** vishalmanchanda has quit IRC19:22
*** armstrong has quit IRC19:35
*** rcernin has joined #openstack-meeting19:57
*** rcernin has quit IRC20:23
*** tosky has joined #openstack-meeting20:55
*** rcernin has joined #openstack-meeting20:58
*** rcernin has quit IRC21:03
*** TrevorV has quit IRC21:04
*** rcernin has joined #openstack-meeting21:29
*** rfolco has quit IRC21:34
*** ociuhandu has joined #openstack-meeting21:46
*** dsariel has quit IRC22:17
*** dsariel has joined #openstack-meeting22:18
*** rfolco has joined #openstack-meeting22:19
*** rfolco has quit IRC22:24
*** ociuhandu has quit IRC22:24
*** ociuhandu has joined #openstack-meeting22:25
*** ociuhandu has quit IRC22:30
*** rfolco has joined #openstack-meeting22:42
*** ociuhandu has joined #openstack-meeting22:55
*** ociuhandu has quit IRC23:04
*** rfolco has quit IRC23:17
*** bnemec has quit IRC23:22
*** ociuhandu has joined #openstack-meeting23:22
*** ociuhandu has quit IRC23:27
*** baojg has quit IRC23:43
« Wednesday, 2020-12-02 Index Friday, 2020-12-04 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!