| zigo | Hi there! | 09:18 |
|---|---|---|
| zigo | I'm trying to validate OpenStack gazpacho, Glance seems to be kind of working, though when I try to spawn a VM, I get a stack trace in nova-compute.log, with an error in Glance. On the Glance side, I get this stack trace: | 09:18 |
| zigo | https://paste.opendev.org/show/bw5r2oAFU0fagJmadVzO/ | 09:18 |
| zigo | Does this ring a bell to someone? | 09:18 |
| zigo | rosmaita: dansmith: ^ | 09:29 |
| zigo | I think it's because I'm getting: | 11:32 |
| zigo | nova.exception.ImageUnacceptable: Image 1f9640fd-75ff-4bee-87b0-e8f0c5c57ec2 is unacceptable: Image is not raw format | 11:32 |
| zigo | Weird, whatever the image I upload, I always get the same os_hash_value ... | 12:46 |
| dansmith | zigo: I dunno about that glance error, but "not in raw format" means (likely) you uploaded something like a qcow2 to glance and told it it was a raw | 13:23 |
| croelandt | #startmeeting glance | 14:00 |
| opendevmeet | Meeting started Thu Mar 19 14:00:55 2026 UTC and is due to finish in 60 minutes. The chair is croelandt. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
| opendevmeet | The meeting name has been set to 'glance' | 14:00 |
| croelandt | #topic roll call | 14:00 |
| croelandt | o/ | 14:00 |
| sakumbha | o/ | 14:01 |
| croelandt | #link https://etherpad.openstack.org/p/glance-team-meeting-agenda | 14:01 |
| dansmith | o/ | 14:01 |
| croelandt | dansmith: welcome back! | 14:02 |
| croelandt | abhishekk: around? | 14:03 |
| croelandt | rosmaita: ^ | 14:03 |
| abhishekk | o/ | 14:03 |
| rosmaita | o/ | 14:03 |
| croelandt | should be a quick one | 14:04 |
| croelandt | #topic Release/periodic job updates | 14:04 |
| croelandt | #link https://zuul.opendev.org/t/openstack/builds?project=openstack%2Fglance&project=openstack%2Fglance_store&project=openstack%2Fpython-glanceclient&pipeline=periodic | 14:04 |
| croelandt | all good | 14:04 |
| croelandt | #topic PTG | 14:05 |
| croelandt | #link https://etherpad.opendev.org/p/2026.2-ptg-glance-planning | 14:05 |
| croelandt | reminder that this is up if you have any topics to add | 14:06 |
| croelandt | #topic Open Discussion | 14:06 |
| croelandt | Anybody got anything else? | 14:06 |
| dansmith | just wanted to say I replied to mhen's last comment on the encryption spec | 14:06 |
| dansmith | so I hope we're off to the races now | 14:07 |
| croelandt | The coffee machine broke today so I really could not figure out a good agenda | 14:07 |
| * croelandt is addicted | 14:07 | |
| rosmaita | i have not had time to look closely, but what's with all the failures on https://review.opendev.org/c/openstack/python-glanceclient/+/979189 ? | 14:09 |
| rosmaita | i guess maybe it's because of https://review.opendev.org/c/openstack/python-glanceclient/+/979678 ? | 14:09 |
| croelandt | hm | 14:10 |
| croelandt | what's the link between these two? | 14:11 |
| croelandt | oh "certificate failure received" | 14:11 |
| croelandt | ok we're gonna need to debug this | 14:12 |
| croelandt | oh we should recheck it I guess it's older than the fix by tkajinam | 14:12 |
| croelandt | thanks for bringing this up! | 14:13 |
| croelandt | anything else? | 14:13 |
| abhishekk | nothing from me | 14:17 |
| croelandt | well | 14:17 |
| croelandt | thanks for joining! | 14:17 |
| croelandt | #endmeeting | 14:17 |
| opendevmeet | Meeting ended Thu Mar 19 14:17:08 2026 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:17 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/glance/2026/glance.2026-03-19-14.00.html | 14:17 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/glance/2026/glance.2026-03-19-14.00.txt | 14:17 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/glance/2026/glance.2026-03-19-14.00.log.html | 14:17 |
| zigo | FYI, the issue I'm having is because of glance-store. | 14:30 |
| zigo | Downgrading to Glance from Flamingo lead to same issue, until I also downgraded glance-store. | 14:30 |
| opendevreview | Abhishek Kekane proposed openstack/glance master: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981295 | 14:37 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2026.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981296 | 14:37 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981297 | 14:37 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981298 | 14:37 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2024.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981299 | 14:38 |
| abhishekk | o/ | 15:07 |
| abhishekk | so 2024.* needs some additional changes to pin setuptools | 15:08 |
| abhishekk | I am working on fixing releasenotes for master | 15:11 |
| opendevreview | Abhishek Kekane proposed openstack/glance master: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981295 | 15:12 |
| opendevreview | Abhishek Kekane proposed openstack/glance master: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981295 | 15:18 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2026.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981296 | 15:24 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981297 | 15:28 |
| dansmith | zigo: are you using swift backed glance by chance? | 15:33 |
| rosmaita | abhishekk: croelandt: dansmith: i got the OSSA published and the advisory emails sent out, lmk if there's anything you need me to help with | 15:45 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981298 | 15:46 |
| abhishekk | rosmaita: thank you, I am working on pinning setuptools for stable branches | 15:46 |
| dansmith | cool | 15:46 |
| opendevreview | Merged openstack/python-glanceclient stable/2026.1: Fix unit tests with urllib3 2.x https://review.opendev.org/c/openstack/python-glanceclient/+/979678 | 16:01 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2024.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981299 | 16:03 |
| sami | Will it be backported to caracal or it's based on if someone needs it? | 16:03 |
| abhishekk | sami caracl is stable? | 16:04 |
| abhishekk | if it is unmaintained then that depends on someone who needs it should work on it | 16:05 |
| sami | It's marked as unmaintained 2024.1 https://opendev.org/openstack/glance/src/branch/unmaintained/2024.1/ | 16:05 |
| dansmith | sami: unmaintained branches are ... unmaintained :) | 16:07 |
| dansmith | there's a separate group of people that work on that stuff | 16:07 |
| clarkb | though its not exclusive. I think if you are interested in a backport you can propose one and then work with that group to land it | 16:09 |
| clarkb | the idea is that the project teams (like glance) don't need to add extra work to their plate while allowing other people to help out if they need it | 16:09 |
| rosmaita | sami: this will give you some background: https://governance.openstack.org/tc/resolutions/20230724-unmaintained-branches.html | 16:11 |
| sami | okk thank you for the information | 16:11 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981298 | 16:12 |
| zigo | dansmith: Yeah, swift backend. | 16:16 |
| zigo | About OSSA-2026-004, am I right that only Zed and up are affected, because Yoga and down do not have web-download capacity ? | 16:17 |
| zigo | I can see that glance_download.py doesn't exist in Yoga and down. | 16:17 |
| zigo | abhishekk: dansmith: ^ | 16:17 |
| abhishekk | zigo, let me confirm, I think web-download was present post ussuri and ovf is before that as well | 16:19 |
| zigo | How far are you going to backport? I've been able to do zed -> gazpacho so far, Yoga seems to be harder. | 16:20 |
| abhishekk | yes web-download is in yoga as well, https://github.com/openstack/glance/tree/unmaintained/yoga/glance/async_/flows/_internal_plugins | 16:20 |
| zigo | Oh... | 16:21 |
| abhishekk | as an contributor I can backport to only stable branches | 16:21 |
| zigo | Though I don't see a urllib.request.urlopen call, so it must be done otherwise. | 16:21 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2024.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981299 | 16:22 |
| abhishekk | zigo, from glance.common.scripts import utils as script_utils in here you will find which is used in web_download.py (get_image_data_iter method call) | 16:27 |
| dansmith | zigo: anything with import and ovf is affected right? | 16:28 |
| zigo | Well, that's what I'd like to understand, I'm fearing to miss some stuff to patch. | 16:29 |
| zigo | Here's the result when trying to apply on Yoga: https://paste.opendev.org/show/bpQjL8T7o3bE4tPPL8Mb/ | 16:29 |
| dansmith | abhishekk: ^ correct about OVF right? | 16:30 |
| abhishekk | yes | 16:30 |
| zigo | I'm not worried about tests, I'll be able to add them. Just, glance/async_/flows/_internal_plugins/glance_download.py is not in Yoga, so where is it?!? | 16:31 |
| abhishekk | zigo you will not be able to apply the patch as it is from master cleanly | 16:31 |
| dansmith | I'm sure no glance-download in Yoga | 16:31 |
| abhishekk | no | 16:31 |
| zigo | abhishekk: Of course, I'm used to doing backports... just here, I'm not sure were to look. | 16:32 |
| abhishekk | it was added in zed | 16:32 |
| abhishekk | https://github.com/openstack/glance/tree/unmaintained/zed/glance/async_/flows/_internal_plugins | 16:32 |
| zigo | Got to go, will see this tomorrow... | 16:33 |
| zigo | :) | 16:33 |
| abhishekk | good day | 16:34 |
| abhishekk | dansmith: rosmaita: croelandt: gmaan: https://review.opendev.org/c/openstack/tempest/+/981329 this needs for all glance SSRF patches | 17:10 |
| gmaan | abhishekk: ack | 17:12 |
| dansmith | abhishekk: makes sense | 17:14 |
| opendevreview | Abhishek Kekane proposed openstack/glance master: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981295 | 17:15 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2026.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981296 | 17:15 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981297 | 17:16 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981298 | 17:16 |
| opendevreview | Abhishek Kekane proposed openstack/glance stable/2024.2: Fix SSRF vulnerabilities in image import API https://review.opendev.org/c/openstack/glance/+/981299 | 17:16 |
| opendevreview | Merged openstack/python-glanceclient stable/2026.1: Update .gitreview for stable/2026.1 https://review.opendev.org/c/openstack/python-glanceclient/+/979188 | 17:42 |
| opendevreview | Merged openstack/python-glanceclient stable/2026.1: Update TOX_CONSTRAINTS_FILE for stable/2026.1 https://review.opendev.org/c/openstack/python-glanceclient/+/979189 | 17:42 |
| *** vhari_ is now known as vhari | 17:50 | |
| * abhishekk signing out for the day, need to add recheck on stable/2025.1 for grenade failure, rest looks good I think | 19:25 | |
| abhishekk | some1 need to put +w on patches again | 19:47 |
| rosmaita | i will hit those once the tempest patch merges ... it is going to need a recheck, tempest-full-py3 is going to fail, but it's because an instance went bad during a test (there's a console dump in the log) | 20:29 |
| abhishekk | ack, if things goes south, i will look at them in morning | 20:37 |
| opendevreview | Merged openstack/python-glanceclient master: Update master for stable/2026.1 https://review.opendev.org/c/openstack/python-glanceclient/+/979190 | 23:29 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!