| *** bauzas_ is now known as bauzas | 00:32 | |
| *** bauzas_ is now known as bauzas | 01:42 | |
| *** mhen_ is now known as mhen | 01:44 | |
| *** bauzas_ is now known as bauzas | 03:45 | |
| *** bauzas_ is now known as bauzas | 04:01 | |
| *** bauzas- is now known as bauzas | 04:34 | |
| *** bauzas_ is now known as bauzas | 05:34 | |
| *** bauzas_ is now known as bauzas | 05:59 | |
| *** bauzas_ is now known as bauzas | 06:15 | |
| *** bauzas_ is now known as bauzas | 06:31 | |
| *** bauzas_ is now known as bauzas | 07:00 | |
| *** bauzas_ is now known as bauzas | 07:41 | |
| *** bauzas_ is now known as bauzas | 08:24 | |
| *** bauzas_ is now known as bauzas | 08:55 | |
| *** bauzas_ is now known as bauzas | 09:23 | |
| *** tosky_ is now known as tosky | 12:28 | |
| mrjoshi | #startmeeting glance | 14:00 |
|---|---|---|
| opendevmeet | Meeting started Thu Jun 13 14:00:39 2024 UTC and is due to finish in 60 minutes. The chair is mrjoshi. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
| opendevmeet | The meeting name has been set to 'glance' | 14:00 |
| mrjoshi | #topic roll call | 14:00 |
| mrjoshi | #link https://etherpad.openstack.org/p/glance-team-meeting-agenda | 14:00 |
| mrjoshi | o/ | 14:00 |
| rubasov | o/ | 14:01 |
| dansmith | o/ | 14:09 |
| stephenfin | o/ | 14:09 |
| mrjoshi | abhishek and pranali are not around today | 14:10 |
| mrjoshi | shall we start? | 14:10 |
| * abhishekk joining from mobile, might be late in replying | 14:12 | |
| mrjoshi | let's start | 14:12 |
| mrjoshi | #topic release/periodic jobs updates | 14:12 |
| mrjoshi | M2 is 3 weeks from now | 14:13 |
| mrjoshi | periodic jobs are all green | 14:13 |
| abhishekk | ack | 14:13 |
| mrjoshi | #topic Important Review | 14:14 |
| mrjoshi | Spec - deprecate metadata-encryption-key #link- https://review.opendev.org/c/openstack/glance-specs/+/916178 | 14:14 |
| mrjoshi | Spec - Revised spec for Image Encryption #link - https://review.opendev.org/c/openstack/glance-specs/+/915726 | 14:15 |
| abhishekk | I think pranali and you should provide reviews on encryption spec on priority | 14:15 |
| mrjoshi | New location APIs #link - https://review.opendev.org/q/topic:%22New-Location-Apis%22+project:openstack/glance | 14:15 |
| mrjoshi | Fix 500 if multi-tenant swift is enabled along with conf file #link- https://review.opendev.org/c/openstack/glance/+/920170 | 14:16 |
| dansmith | so what's the status on the location api work? is it _actually_ ready for review now? | 14:16 |
| mrjoshi | abhishekk, ack | 14:16 |
| abhishekk | dansmith: last time I checked, it is ready IMO | 14:17 |
| dansmith | abhishekk: okay doesn't look like it has +1 or +2 on all the patches | 14:18 |
| dansmith | every time I've gone through it I've found really obviously wrong stuff so I don't want to waste my time if it's not really ready | 14:18 |
| dansmith | but if you say it is I'll take another pass through it | 14:18 |
| abhishekk | I haven't reviewed it since busy with other stuff but I will have a look at those | 14:18 |
| abhishekk | may be croeland1 will also help us here ^^ | 14:19 |
| dansmith | okay maybe I'll hold off a week as I too have other things in the fire now | 14:19 |
| abhishekk | ack, makes sense | 14:19 |
| dansmith | yeah that'd be good if croeland1 can could take a pass | 14:19 |
| abhishekk | I will request him offline, he might be not around today | 14:20 |
| dansmith | cool, thanks | 14:20 |
| abhishekk | np!, lets move ahead | 14:20 |
| mrjoshi | moving ahead | 14:20 |
| mrjoshi | #topic Open Discussions | 14:20 |
| stephenfin | Guess we're up. mbooth is out sick 🤒 today so I'm going to cover for him | 14:22 |
| abhishekk | ohh | 14:22 |
| abhishekk | you can take over | 14:23 |
| stephenfin | Per the agenda doc, we're working on openshift-installer and would like to take advantage of web-download to store the boot images for k8s nodes in Glance, avoiding proxying everything through localhost | 14:24 |
| stephenfin | The image on the remote host is a qcow2.gz file, and we would expect to be able to use rely on the image_decompression plugin to decompress this before saving it in the store(s) | 14:25 |
| abhishekk | we have import method discovery call which we can extend to provide required information | 14:25 |
| abhishekk | https://docs.openstack.org/api-ref/image/v2/#import-methods-and-values-discovery | 14:25 |
| stephenfin | Yup, that's what we need. It need sto be discoverable | 14:25 |
| stephenfin | *It needs to | 14:26 |
| stephenfin | As things stand, we can identify the supported import methods, but not the supported plugins | 14:26 |
| abhishekk | I think as this is admin only api we can add --include-plugins option there to include available plugins | 14:26 |
| dansmith | not all the plugins are really relevant I think (like conversion) but knowing if decompression is available is obviously pretty important to expose | 14:27 |
| stephenfin | Oh, is '/v2/info/import' admin-only? | 14:27 |
| abhishekk | stephenfin: I think so | 14:28 |
| dansmith | is it? that seems, odd | 14:28 |
| stephenfin | How does a user know they can import an image using e.g. web-download without access to that API? Try and wait for a failure? | 14:28 |
| dansmith | users need to know if web-download is available, for example | 14:28 |
| stephenfin | ^ this | 14:28 |
| abhishekk | can't verify right now, as away from machine | 14:29 |
| dansmith | so, | 14:29 |
| dansmith | the only thing I can think of, | 14:29 |
| stephenfin | nah, 'OS_CLOUD=devstack openstack image import info' gives me results back | 14:29 |
| stephenfin | (running against a normal devstack deploy) | 14:29 |
| stephenfin | so I think we're good | 14:29 |
| abhishekk | ack | 14:30 |
| dansmith | is that the import stuff is sort of intertwined with the old tasks stuff, which was admin-only, so there may be some cases there where some or all of the details are hidden to normal users | 14:30 |
| dansmith | but the discovery endpoint should be pretty open I expect | 14:30 |
| abhishekk | hmm | 14:30 |
| stephenfin | yes, I will check in more detail but the quick reproducer suggests this is open by default | 14:30 |
| abhishekk | So we need a spec lite for this change and then we can make it quick to implement | 14:30 |
| stephenfin | sweet. I am happy to implement this if it would | 14:31 |
| abhishekk | yes, it is open, checked policy file and found no policy rule related to it | 14:31 |
| stephenfin | help | 14:31 |
| abhishekk | ++ | 14:31 |
| dansmith | so, do you think any operators will be opposed to exposing, for example that image conversion or meta injection is enabled? | 14:31 |
| dansmith | those are sort of operator policy decisions, | 14:31 |
| dansmith | but decompression is more like "fyi, this is available" | 14:31 |
| dansmith | not like they won't see the end result of the metadata/conversion once it's done of course... | 14:32 |
| abhishekk | Not sure about conversion, but inject metadata should not be exposed | 14:32 |
| stephenfin | I'm happy to treat decompression as special. We don't care about the other things since (afaict) that doesn't affect the user | 14:32 |
| dansmith | so we could either (a) have an exclude list of plugins to expose, or (b) just have a special flag for "is decompression enabled" | 14:33 |
| abhishekk | better to go with b | 14:33 |
| dansmith | (or just make decompression compulsory, as I kinda expect there's not much reason to not support that, if you're doing other transformation) | 14:33 |
| abhishekk | if we make it compulsory then we need to tweak a code to not include it in taskflow if image provided is not decompressed? | 14:34 |
| stephenfin | making it compulsory seems even better, otherwise imo the import should fail if the image is compressed and the plugin doesn't exist | 14:34 |
| dansmith | could also make it a list of supported decompression routines, so people know, and then it can be empty if disabled and we can add to it later if we support like bzip2 or something | 14:34 |
| dansmith | "The supported archive types for Image Decompression are zip, lha/lzh and gzip" | 14:34 |
| stephenfin | makes sense | 14:34 |
| stephenfin | so it sounds like there's general acceptance that this is a valid feature and I should go write a small spec? | 14:35 |
| dansmith | that ^ is tied to a specific release and a list of those in discovery would be more useful | 14:35 |
| dansmith | yes | 14:35 |
| stephenfin | spot on, I can start on that so | 14:35 |
| stephenfin | it won't help us right now, but it will down the line | 14:35 |
| abhishekk | ++, thank you for taking it up | 14:35 |
| stephenfin | np | 14:35 |
| stephenfin | we have one other things but I think rubasov is up next | 14:36 |
| rubasov | hi everyone, I hope to ask for a bit of review attention | 14:36 |
| rubasov | I have a wip bugfix with two open questions | 14:36 |
| abhishekk | I have answered one I think | 14:36 |
| abhishekk | on the review | 14:36 |
| rubasov | thanks already! | 14:37 |
| dansmith | link? | 14:37 |
| abhishekk | just one suggestion, the bug has two many patches attached, I would suggest to abandon those which are not requird | 14:37 |
| rubasov | https://review.opendev.org/c/openstack/glance_store/+/915711 | 14:37 |
| abhishekk | #link https://bugs.launchpad.net/glance-store/+bug/1965679 | 14:37 |
| rubasov | the old fix was proposed by someone else so I cannot abandon that | 14:38 |
| abhishekk | Ok, I will ask PTL to abandon that | 14:38 |
| abhishekk | So you have 3 active patches out of the current you linked here is WIP | 14:39 |
| rubasov | the first two in the series are not too important refactors | 14:39 |
| rubasov | the 3rd wip patch if the proposed bugfix | 14:39 |
| rubasov | and that's where I was a bit lost with my questions, the remaining question is: is there a way to detect from glance if we have multiple glance processe started by wsgi? | 14:40 |
| rubasov | (because the bug itself only occurs when we have multiple glance processes) | 14:40 |
| * abhishekk need to check for uwsgi | 14:41 | |
| rubasov | it's not urgent in any way, but if you could add a review comment about it I'd really appreciate it | 14:41 |
| dansmith | is the problem when running glance standalone/eventlet mode or under wsgi with real threads? I assumed the former. | 14:42 |
| rubasov | and then I could turn the patch into something properly reviewable (not wip) | 14:42 |
| rubasov | I believe in both mode we can have multiple processes | 14:42 |
| rubasov | so I think I need to cover both modes | 14:43 |
| dansmith | there's no *need* for multiple processes in wsgi/real-thread mode but sure, okay | 14:43 |
| dansmith | is the problem just that you need to use a lock(external=True) so that all the threads respect the lock around some cinder setup? | 14:43 |
| rubasov | basically yes | 14:44 |
| dansmith | https://docs.openstack.org/oslo.concurrency/ocata/api/lockutils.html#oslo_concurrency.lockutils.synchronized | 14:44 |
| dansmith | external=True | 14:45 |
| dansmith | oh you're already using external_lock in your patch | 14:45 |
| rubasov | yes, but we also need to keep counting from how many places we need to keep the volume attached | 14:46 |
| dansmith | oh you need a refcount | 14:46 |
| rubasov | that's why the current patch has a lockfile (to lock the acces to the state file) and a state file, keeping track of all volume uses | 14:47 |
| dansmith | not really any way to do that across the processes without either doing it in the database or with posix ipc sort of stuff | 14:47 |
| dansmith | ack, I haven't reviewed the patch, just skimmed while we're talking here | 14:47 |
| rubasov | I hope the idea is workable and clear from the current state, but because of the open questions could not make it non-wip | 14:49 |
| dansmith | ack, I need to go grok the patch probably | 14:49 |
| rubasov | so if you could look at a bit despite it being wip, I'd appreciate that and could continue with it | 14:49 |
| dansmith | I see the state file stuff, I'd probably rather not do it that way but we can discuss more on the patch | 14:50 |
| rubasov | and that's all from me unless you have other questions about it | 14:51 |
| rubasov | I'm open to all suggestions and directions | 14:51 |
| rubasov | thanks in advance for your review! | 14:52 |
| abhishekk | thanks rubasov, stephenfin I think you can continue now | 14:52 |
| stephenfin | sweet | 14:52 |
| stephenfin | so our other issue is hopefully self-explanatory | 14:53 |
| stephenfin | we have images and we have md5, sha1, and sha256 hashes available from the image provider, but glance will only gives us a sha512 hash | 14:53 |
| stephenfin | we'd like to be able to ask glance to gives us hashes in (a limited set of) other formats | 14:54 |
| abhishekk | we have hashing_algo config option | 14:55 |
| stephenfin | right, but that's not user-configurable so we can't use it on public clouds or clouds where we're just one of many tenants | 14:55 |
| abhishekk | So you want to override the default by providing it while creating the image? | 14:56 |
| dansmith | I think we'd need to carefully consider that.. seems like a bad thing to give users control over | 14:56 |
| dansmith | AFAIK, the "these are the hashes we maintain on images" is sort of a site-wide policy/security decision, not to mention a CPU usage consideration | 14:57 |
| stephenfin | That's mbooth's suggestion, yes. We could also store multiple hashes and allow the user to select which one they see, but there's a CPU consumption question there of course | 14:58 |
| dansmith | i.e. asking for "no hashes" or only weak ones is sort of an attack vector | 14:58 |
| dansmith | we *do* store multiple hashes right? | 14:58 |
| dansmith | I mean, glance does/can | 14:58 |
| dansmith | okay maybe not multiple simultaneously | 14:59 |
| abhishekk | I haven't seen it though | 15:00 |
| dansmith | mrjoshi: I have to run to another meeting now, maybe we can continue this topic next week | 15:00 |
| abhishekk | ++ | 15:00 |
| mrjoshi | dansmith, ack | 15:00 |
| abhishekk | we are out of time anyway | 15:00 |
| abhishekk | thanks stephenfin and rubasov for joining | 15:00 |
| rubasov | thanks everyone! | 15:01 |
| mrjoshi | let's wrap up then! | 15:01 |
| stephenfin | okay, I can continue the discussion on #openstack-glance later. Thanks for your time! | 15:01 |
| mrjoshi | thanks everyone for joining! | 15:01 |
| mrjoshi | #endmeeting | 15:01 |
| opendevmeet | Meeting ended Thu Jun 13 15:01:49 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:01 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/glance/2024/glance.2024-06-13-14.00.html | 15:01 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/glance/2024/glance.2024-06-13-14.00.txt | 15:01 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/glance/2024/glance.2024-06-13-14.00.log.html | 15:01 |
| *** bauzas_ is now known as bauzas | 17:07 | |
| *** bauzas_ is now known as bauzas | 18:29 | |
| *** bauzas_ is now known as bauzas | 18:46 | |
| *** bauzas_ is now known as bauzas | 19:51 | |
| *** bauzas_ is now known as bauzas | 20:21 | |
| *** bauzas_ is now known as bauzas | 20:42 | |
| *** haleyb is now known as haleyb|out | 20:56 | |
| *** bauzas_ is now known as bauzas | 22:52 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!