Friday, 2026-03-20

« Thursday, 2026-03-19 Index Saturday, 2026-03-21 »
opendevreviewDmitriy Rabotyagov proposed openstack/glance master: [doc] Mention Hyper-V Enlightenments for os_type  https://review.opendev.org/c/openstack/glance/+/96999912:01
zigoI get a build failure of Glance rc1 after patching for OSSA-2026-004: https://buildd.debian.org/status/fetch.php?pkg=glance&arch=all&ver=2%3A32.0.0~rc1-3&stamp=1773938482&file=log12:46
zigoIs there a better patch? Am I missing something?12:46
zigoabhishekk:  I get a build failure of Glance rc1 after patching for OSSA-2026-004: https://buildd.debian.org/status/fetch.php?pkg=glance&arch=all&ver=2%3A32.0.0~rc1-3&stamp=1773938482&file=log12:48
zigoAnd same in Debian Unstable: https://buildd.debian.org/status/fetch.php?pkg=glance&arch=all&ver=2%3A31.0.0-3&stamp=1773937192&file=log12:49
abhishekkpython version?12:52
opendevreviewBrian Rosmaita proposed openstack/glance stable/2025.1: [stable-only] non-voting grenade-skip-level-always  https://review.opendev.org/c/openstack/glance/+/98151012:53
abhishekkPYTHON=python3.14, I haven't checked it with python3.14, will take some time (out of station and travelling)12:54
zigoOh, you think it probably is a Python 3.14 issue?12:57
zigoThat's possible, because in my backport to Trixie (ie: Python 3.13) I had no problem.12:57
opendevreviewBrian Rosmaita proposed openstack/glance stable/2025.1: [stable-only] non-voting grenade-skip-level-always  https://review.opendev.org/c/openstack/glance/+/98151012:57
rosmaitazigo: 2026.1 doesn't support python 3.14: https://governance.openstack.org/tc/reference/runtimes/2026.1.html12:59
zigorosmaita: While this type of re-occuring sentence is often right, it doesn't help me at all. I cannot choose what version of Python interpreter is in Debian unstable, and unstable is where one uploads in Debian. If there's a 3.14 issue, then it shall be patched. Best is with help of upstream, otherwise, I may carry a debian-specific patch and attempt to contribute it to upstream OpenStack. However, in this case, I have no clue what's going on 13:08
zigoyet ... (didn't investigate).13:08
abhishekkzigo, py314 and ubuntu works for me, will this be env specific issue?13:21
zigoProbably.13:21
zigoAnd what's weird, is that it built fine on my laptop.13:21
zigo(which is unstable and experimental too...)13:21
zigoI'll try again.13:22
abhishekkack13:24
opendevreviewBrian Rosmaita proposed openstack/glance stable/2025.1: [stable-only] fix stable/2025.1 gate jobs  https://review.opendev.org/c/openstack/glance/+/98151013:34
zigoabhishekk: I think I know. The test will likely attempt to resolve foo.com, no ?13:40
zigoIf so, this will fail in the Debian buildd, because no network or DNS access...13:40
abhishekkahh, yes13:42
zigoLet me export RES_OPTIONS=attempts:0 to make sure (this makes libc refuse to query DNS).13:42
zigoHum... no, not happening.13:46
opendevreviewBrian Rosmaita proposed openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API  https://review.opendev.org/c/openstack/glance/+/98129813:53
zigoabhishekk: Your code looks like doing, in normalize_hostname, socket.getaddrinfo(), which is doing DNS resolution, so I am right, though I wonder why RES_OPTIONS=attemps:0 is ignored. Anyways, no need to investigate more, I can blacklist both tests in Debian.13:59
zigoI would strongly recommend mocking the DNS result though.13:59
abhishekkack13:59
zigoWhat if the owner of foo.com decides to remove the domain from DNS?13:59
zigoI'll propose a patch for this.14:09
abhishekkack14:10
fungirosmaita: you approved https://review.opendev.org/c/openstack/glance/+/981296 with no code-review +2 on it, so it hasn't entered the gate yet, just a heads up14:20
opendevreviewThomas Goirand proposed openstack/glance master: No DNS resolution in test  https://review.opendev.org/c/openstack/glance/+/98152014:20
rosmaitafungi: ty, did not notice that14:21
fungino worries, i was just going to bring the need for an rc2 up in the release meeting and realized the change hadn't landed14:22
opendevreviewThomas Goirand proposed openstack/glance master: No DNS resolution in test  https://review.opendev.org/c/openstack/glance/+/98152014:24
zigoShit, got my mocking wrong ... :/14:27
opendevreviewThomas Goirand proposed openstack/glance master: No DNS resolution in test  https://review.opendev.org/c/openstack/glance/+/98152014:29
abhishekkwhy any grenade/tempest jobs are not running for stable/2026.1 patch?14:55
abhishekkhttps://zuul.opendev.org/t/openstack/status?project=openstack%2Fglance&project=openstack%2Fglance_store&project=openstack%2Ftempest14:55
abhishekkopenstack/glance 98129614:55
rosmaitai wonder if the template wasn't adjusted for stable/2026.1 yet14:56
dansmithgmaan: ^14:56
rosmaitawhich would be bad14:56
abhishekkright14:57
dansmithyeah not even running tempest is pretty scary14:57
dansmithbecause that doesn't require a change like grenade does, AFAIK14:57
rosmaitawell, looking here, we have more than the template jobs: https://opendev.org/openstack/glance/src/branch/stable/2026.1/.zuul.yaml15:00
dansmithyeah, seems like they should be running.. almost like the irrelevant-files is causing them to be skipped or something15:02
dansmithmaybe frickler can peer behind some curtain?15:02
fricklerdevstack+grenade haven't branched yet15:02
dansmith...but surely glance 2026.1 patches should be running tempest and grenade, even if same as master right?15:03
rosmaitaso that means no 2026.1 devstack-based jobs will run?15:03
clarkbzuul doesn't know what config to load for them because there is no 2026.1 config to be found15:03
rosmaitaok, so no tempest, then15:03
clarkbI think you can set a config pragma to say that master == 2026.1 until the branches exist15:03
dansmithdoesn't that leave those branches extremely vulnerable right now?15:04
clarkbbut if that isn't done then the jobs basically don't exist for that branch so there isn't anything to run15:04
rosmaitayeah, what dan said15:04
rosmaitaclarkb: where would a config pragma be defined?15:04
clarkbsure, the fix for that would be to branch devstack and grenade first before anything else or to temporarily align things15:04
abhishekkso we hold or merge?15:04
rosmaitaabhishekk: MERGE!!!15:04
abhishekkack!!!15:05
rosmaitait passed in master, and master and 2026.1 are practically the same right now15:05
dansmithclarkb: we're trying to get CVE fixes landed, which while probably low-risk, still seems a bit scary15:05
dansmithhas it always been like this? I've surely never known that to be a problem before, unless it's just a glance thing that got missed in config or something15:05
clarkbrosmaita: https://opendev.org/openstack/devstack/commit/4aa27976ebb2e4a4dc95a20f96e5d8f25b1ac10d this was where it was set up for openstacksdk once upon a time15:05
abhishekkstill 1 hr 20 mins to merge15:05
clarkbdansmith: yes it has always been like this15:06
clarkbdansmith: that change above is from 5 yaers ago and the config it supported was older than that15:06
clarkbI think better than the pragma would be to branch devstack and grenade first15:06
clarkbit needs to be done anyway15:06
clarkbso you may as well do it first and get it done with15:07
dansmithclarkb: I'm a bit confused, that change is removing lines.. is removing them what makes it use master or was the old change what we would need to add?15:08
clarkbdansmith: the old change is what you need to add.15:08
clarkbI'm showing a config that supported this that was removed15:08
dansmithokay I don't see this in nova15:09
clarkbopenstacksdk had a feature/r1 branch which nothing else had. So changes pushed to feature/r1 wouldn't find devstack/tempest/etc jobs that were branch specific. The pragma says treat these two branches (master and feature/r1) as matching the current branch (which I assume was master at the time)15:10
dansmithbut are you saying we need to do that for 2026.1 while waiting for the other two to branch and then remove?15:10
clarkbdansmith: yes in this case the branch isn't feature/r1 but stable/2026.115:11
dansmithI just wonder how many things we've merged without tempest coverage in the past if this has always been like this15:11
clarkbif devstack and grenade barnch first is a complete non issue15:11
clarkbI don't know how consistent branch creation order has been over the years15:11
dansmithI'm just like shocked :)15:12
gmaandansmith: abhishekk we have not cut the stable/2026.1 branch for devstack and grenade which is done once all other projects has the stable branch15:16
clarkbgmaan: do you know if there is a reason to not do them first?15:16
gmaanonce that is cut then I need to start the QA tooling including devstack and grenade setup for new stable as well as new master15:16
clarkbI guess because it is going to try and deploy projects on stable/2026.1 and if that branch doesn't exist then things break?15:17
dansmithgmaan: ack, that just leaves a big risk for the projects that have stable branches now, may propose backports and not realize there's no tempest coverage on them :/15:17
gmaanyes, that is risk15:17
gmaanIf we cut their branch first then it will raise error as devstaack would not find any new stable one to clone15:18
clarkbin that case the pragma may be appropriate. Or maybe we just need to branch everything at the same time rather than bit by bit15:18
gmaansame time is also challenge as branching projects are at different time when their changes merge15:19
gmaanI am checking with release team if we are ready for that and i can start the work today15:23
gmaanclarkb: we can try pragma but that would solve the greande job testing it correctly but at least tempest jobs will run. need to check though if it raise any other other about cloning repo which does not exist15:38
gmaan*would not solve grenade15:39
clarkbgmaan: that is a good point. I think the pragma will allow the jobs to be dfined and run but then when grenade tries to check out the old or new side as stable/2026.1 that content won't be there unless the branch actually exists15:45
rosmaitacroelandt or dansmith: need someone to hit https://review.opendev.org/c/openstack/glance/+/981510 to unblock the stable/2025.1 gate16:10
dansmithI'm not stable-maint for glance16:10
rosmaitai thought you were ... we should fix that, you are a responsible fellow16:11
dansmithI'm not very trustworthy16:14
abhishekk+1 for adding to stable core16:54
dansmithno guys really.. I can't be trusted.. I _so_ love telling people I'm not on glance stable core when they ask :D17:14
dansmithcore on master and not stable = all the power and no responsibility! :D17:15
dansmith(in case it's  not clear, I'm just joking around)17:40
abhishekk:D17:54
opendevreviewMerged openstack/glance stable/2024.2: Fix SSRF vulnerabilities in image import API  https://review.opendev.org/c/openstack/glance/+/98129920:42
rosmaitafinally, 1 down20:44
opendevreviewMerged openstack/glance stable/2025.1: [stable-only] fix stable/2025.1 gate jobs  https://review.opendev.org/c/openstack/glance/+/98151020:57
opendevreviewMerged openstack/glance stable/2025.1: Fix SSRF vulnerabilities in image import API  https://review.opendev.org/c/openstack/glance/+/98129820:57
rosmaitaoh yeah, they're just rolling in now21:02
opendevreviewMerged openstack/glance master: Fix SSRF vulnerabilities in image import API  https://review.opendev.org/c/openstack/glance/+/98129521:25
« Thursday, 2026-03-19 Index Saturday, 2026-03-21 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!