Friday, 2025-10-24

« Thursday, 2025-10-23 Index Saturday, 2025-10-25 »
*** mhen_ is now known as mhen01:45
opendevreviewJosephine Seifert proposed openstack/glance-specs master: Update image encryption spec  https://review.opendev.org/c/openstack/glance-specs/+/96475509:31
rosmaitacroelandt: around?12:06
rosmaitaglancers: caracal is supposed to go to unmaintained status today ... as you may remember from the last 2 weekly meetings, there were a few changes we wanted to get in there before doing a final release13:41
rosmaitaunfortunately, the dalmatian gate is blocked, and the fix for that (on the zuul side)  hasn't merged yet13:41
rosmaitaplus, it is not obvious to me that it's worth having https://review.opendev.org/c/openstack/glance_store/+/961871 in caracal if we don't also have https://review.opendev.org/c/openstack/glance_store/+/96222313:41
rosmaitaand there is no way that 962223 will make it to F->E->D->C today13:41
rosmaitaso, i will redo the release patches to do final caracal release from current stable/2024.1 HEAD and update the epoxy and dalmatian release patches to make sure everything in the final C release is also in D and E releases13:41
rosmaitai don't think there's anything relevant in flamingo, but i will do a quick check, so most likely no release from F13:41
rosmaitajust making my plan explicit here; if there are any objections, you need to let me know in like the next 5 min (i think the release team meets at 1400 utc today)13:41
abhishek_+1 for not backporting 14:03
clarkbbecause its worth noting the issue with the CI jobs has been around since at least March. Yes, the fix needs to go in zuul-jobs but it has been ignored for ~7 months14:04
rosmaitaclarkb: agree, it's our fault for not noticing the broken gate14:20
rosmaitaanyway, turns out that only 2 of the 4 release patches needed to be revised14:21
clarkbI'm hopeful someone will be the second reviewer on the zuul-jobs fix today too14:21
rosmaitabut all 4 could use +1s from the PTL (or at least a sanity check on the hashes)14:22
rosmaitahttps://review.opendev.org/c/openstack/releases/+/963608 plus the 3 parent patches in the "Relation change"14:22
rosmaitacroelandt: ^^14:23
rosmaitabtw, zuul is going to put a -1 on https://review.opendev.org/c/openstack/releases/+/963608 , but that's because it has a reference to a tag that doesn't exist yet14:25
opendevreviewAbhishek Kekane proposed openstack/glance master: Lazy update S3 URL on credential rotation  https://review.opendev.org/c/openstack/glance/+/96387514:35
dansmithcroelandt: ready for your re-review and (obviously) +W ^ :)14:36
dansmithcroelandt: let me also re-direct your attention to this: https://review.opendev.org/c/openstack/glance/+/96386815:20
croelandtrosmaita: looking at the release patches15:33
* croelandt also makes a note to discuss the state of stable patches during PTG15:33
rosmaitagreat! i am here if you have questions15:33
croelandtShould we blame the Glance PTL for not taking better care of the stable branches? Who's that guy anyway?15:33
rosmaitawell, we wouldn't notice until we tried to merge something15:34
rosmaitaso maybe it's a tribute to the inherent stability of the glance code 15:34
croelandtyeah but I think a bunch of these patches should have been proposed and reviewed earlier15:34
rosmaitawell, there is that15:35
croelandtmaybe we should set up a "stable" meeting like a week before every release15:35
croelandtno one gets out before the branches are perfect15:35
croelandtrosmaita: https://review.opendev.org/c/openstack/releases/+/963608/2 is the reformatting in glance.yaml intentional?15:37
rosmaitaguess so ... it was already there in the bot-proposed patch15:37
opendevreviewRajat Dhasmana proposed openstack/glance master: WIP: Avoid multiple downloads to cache  https://review.opendev.org/c/openstack/glance/+/96479615:37
rosmaitacroelandt: i could make one of these for glance: http://tiny.cc/cinder-maintained15:39
rosmaitamakes it easier to see the proposed backports15:40
croelandtrosmaita: yeah, I'm thinking of having a script that also goes through the bugfixes in master and check whether they're in stable/whatever15:43
croelandtso we don't forget to propose backports if they make sense15:43
croelandtbut then yeah, being able to view them all is nice15:44
rosmaitacroelandt: http://tiny.cc/glance-maintained15:59
croelandtit is beautiful16:11
croelandtwho can overwrite that tiny.cc URL?16:11
croelandtoh I guess you're registered16:11
croelandtinspector.__str__.return_value = format that worked weirdly iirc16:18
croelandtdansmith: but ok, let's merge this :)16:18
dansmithcroelandt: not sure what you mean16:19
croelandtdansmith: https://review.opendev.org/c/openstack/glance/+/963868/1..3/glance/tests/unit/test_store_image.py#b423 it was really weird that it worked even after removingthat line16:25
dansmithcroelandt: it's because it doesn't care what the two things are if they're not iso+gpt, then it's invalid16:31
dansmithiso+iso is also not valid16:32
opendevreviewMerged openstack/glance master: Handle images detected as ISO+GPT  https://review.opendev.org/c/openstack/glance/+/96386818:22
ttHello, I have a policy set that disallows non-admins but allows service users to download an image which works until nova tries to boot with the same image but a different flavor. Are there other properties that may be causing the 403's that i'm overlooking here?18:23
tt"download_image": "rule:context_is_admin or rule:service_api or (role:member and (project_id:%(project_id)s or project_id:%(member_id)s))" This blocks downloading as expected and I am able to boot an instance with one set of flavors but not the other. I'm unsure what i'm overlooking here and would greatly appreciate any direction18:26
abhishekk_Are you trying to boot from same image?18:31
ttYes, only difference is the flavor. 18:31
ttIf i remove this rule then both scenarios work as expected18:31
abhishekk_Ack, need to check what’s happening, ideally this should not happen18:33
abhishekk_Is flavor public or private?18:33
abhishekk_Or is it associated for specific projects? In that case it should reject18:34
ttFlavor is marked as public. I don't believe it's associated with a specific project. Will have to verify that one18:37
abhishekk_@croelandt: could you please look at s3 rotation patch18:38
abhishekk_Ack, that’s the only way it might be rejecting the boot18:38
ttDoesn't appear to be associated with a particular project and is indeed marked "os-flavor-access:is_public": true18:39
abhishekk_Ack, will check for it but it will take some time as I am in different TZ18:41
ttThat's what I figured but it throws a 403 with no real detail in debug logs unfortunately. I'll do some more digging, maybe this flavor set was created in a special manner that is causing problems somehow. Thank you for the response!18:42
abhishekk_May be if you have env then you can try logging the policy string to check what it is trying to enforce (i think you can enable debug logs for oslo.policy and check as well)18:43
ttAh, great idea I will attempt to give that a go! Thank you!18:47
abhishekk_What is the visibility of image18:58
abhishekk_You are trying to boot from?18:58
ttThe image visibility is public as well19:05
ttit is using swift as backend store, thinking maybe that has something to do with it? But things just aren't adding up for me if it works just fine with one flavor19:07
abhishekk_Nope nothing to do with backend19:07
ttack19:07
abhishekk_What is the disk size in flavor19:10
ttlooks like someone decided to break the env, can't pull it up atm but I believe it should be 4019:14
abhishekk_Ack19:15
ttyeah, ovn upgrade or something along those lines. Looks like my debugging is on pause :) Thanks for the responses here. I'll verify the disk and get back when things are back up. Thanks again!19:19
abhishekk_No problem19:20
« Thursday, 2025-10-23 Index Saturday, 2025-10-25 »

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!