Thursday, 2025-12-04

« Wednesday, 2025-12-03 Index
*** mhen_ is now known as mhen02:17
opendevreviewCyril Roelandt proposed openstack/glance_store master: s3: add options to control checksum calculation/validation  https://review.opendev.org/c/openstack/glance_store/+/95920103:06
opendevreviewAbhishek Kekane proposed openstack/glance master: Add API endpoints for cache clean and prune operations  https://review.opendev.org/c/openstack/glance/+/96957510:27
opendevreviewAbhishek Kekane proposed openstack/glance master: Add API endpoints for cache clean and prune operations  https://review.opendev.org/c/openstack/glance/+/96957511:11
opendevreviewMerged openstack/glance-specs master: [spec] Download image from suggested stores  https://review.opendev.org/c/openstack/glance-specs/+/96323914:00
croeland1#startmeeting glance14:00
opendevmeetMeeting started Thu Dec  4 14:00:37 2025 UTC and is due to finish in 60 minutes.  The chair is croeland1. Information about MeetBot at http://wiki.debian.org/MeetBot.14:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:00
opendevmeetThe meeting name has been set to 'glance'14:00
croeland1#topic roll call14:00
croeland1o/14:00
mheno/14:00
*** croeland1 is now known as croelandt14:00
croelandto/14:00
croelandt#link https://etherpad.openstack.org/p/glance-team-meeting-agenda14:00
rosmaitao/14:01
rosmaitai just realized that i'm supposed to be in a different meeting now14:01
croelandtalways multitask14:02
abhishekko/14:02
abhishekki am not sure rajat is around or not :/14:03
whoami-rajathello14:03
croelandtyeah14:03
croelandtlet's start14:03
abhishekkhey14:03
abhishekkthanks for attending14:04
croelandt#topic Release/periodic job updates14:04
croelandtEverything good \o/14:04
croelandt#topic  Important stable patches - http://tiny.cc/glance-maintained 14:04
croelandtYeah so Bence's patch are still failing because of the test refactor14:04
croelandtI really have to talk to him about that14:04
croelandt#topic Glance download image from specific store14:04
croelandt#link https://review.opendev.org/c/openstack/glance-specs/+/96323914:04
croelandtSo this was merged or is currently being merged14:04
croelandtthanks Abhishek for working on that14:04
croelandtthanks rosmaita and dansmith for the reviews14:05
abhishekkthank you for reviews and suggestions14:05
croelandt#topic Decompression plugin 14:05
croelandtThe patches are still under review14:05
croelandtI've fallen behind on reviews, I need to spend some time looking at that14:05
whoami-rajatnp, I'm double booked so will do context switching14:05
croelandt#topic Image encryption14:05
croelandtmhen: I see you're here, do you want to say something about this?14:06
croelandtAlso whoami-rajat for the Cinder side of encryption14:06
mhencurrently checking an edge case with old images and compression in Cinderö14:07
mhen*Cinder14:07
mhenbut may not be an issue at all, need to check this14:07
mhenother than that the changes as discussed in the PTG are pretty much done14:07
croelandtwhat about Nova?14:08
abhishekkmhen: Could you please somewhere on the spec list out the concerns discussed in PTG and what we opted for that, if possible?14:09
mhenNova has a blueprint now: https://blueprints.launchpad.net/nova/+spec/luks-image-encryption14:10
mhenabhishekk: I could add my summary notes from the PTG to the Glance spec if that helps14:11
abhishekkmhen: that would be great14:11
mhenwill do14:12
abhishekkSo glance is good to go 14:12
croelandtyeah my concern is more about Nova/Cinder14:13
abhishekkack, 14:13
croelandtmhen: do you think your work in Nova/Cinder will be approved?14:14
mhencan't really tell; entirely depends on whether the implementation is now satisfactory for everyone this time14:16
abhishekkI think we should have one more cross project meeting to see where this is heading14:17
croelandtyeah14:18
croelandtthis may happen soon :)14:18
croelandtAnything to add on this topic?14:18
mhennot from my side at least14:19
rosmaitacinder has a meeting on friday to review specs14:19
croelandtoh interesting14:20
croelandtis encryption on the agenda?14:20
croelandtare you or whoami-rajat joining this meeting?14:20
rosmaitawell, there is a spec for it14:20
rosmaitahttps://etherpad.opendev.org/p/cinder-festival-of-reviews14:20
croelandtok can encryption be added to the agenda for tomorrow?14:22
rosmaitaand yeah, i will be there14:22
croelandtmhen: ^14:22
croelandtcan mhen join? :)14:22
rosmaitaeveryone can join!14:22
whoami-rajatcroelandt, i will see if it doesn't conflict with the weekend plans :D14:22
rosmaitaalthough to be pedantic, everyone *may* join, whether they can or not is up to them14:23
whoami-rajatit's generally late at night for me14:23
mhenI'll try to attend14:23
abhishekkits late for rajat means its almost early morning for me :P14:23
mhen14:00 UTC right?14:23
croelandtabhishekk: hahha14:23
rosmaitayes, 1400 UTC14:24
mhenack14:24
croelandtgood14:25
croelandt#topic Open Discussion14:25
croelandtAny topic other than encryption? :)14:25
mheno/14:25
mhenhttps://bugs.launchpad.net/cinder/+bug/213372814:25
mhenjust so that Glance is aware, Cinder currently allows bypassing its property protection feature14:26
mhenref: https://docs.openstack.org/glance/latest/admin/property-protections.html14:26
mhenI don't know if a adding warning message on the Glance docs page with a recommendation about restricting that specific Cinder API would be advisable until this is fixed in Cinder?14:27
mhene.g. setting `volume_extension:volume_image_metadata:set` in the Cinder API RBAC to admin only14:27
croelandtIdeally, fix this in Cinder and then you don't need to mention it in Glance? :D14:28
rosmaitai always thought that for boot from volume, nova fetched the image the volume was created from, and used its properties14:29
rosmaitabut apparently, it uses the image properties that are copied onto the volume14:29
rosmaitaso that would mean that if an image is deactivated, nova will still let you boot from it if you have created a volume from it first14:30
rosmaitawhereas nova will not let you boot from an image that is not 'active'14:31
mhencroelandt: yes but, how long will it take? I just stumbled upon this but personally will not be able to work on this myself in the forseeable future - that's why I was proposing adding a warning for now until somebody is able/willing to address it in Cinder.14:31
croelandthm 14:31
croelandtnot sure a warning would be helpful14:31
croelandtalso rosmaita volunteered to fix the bug14:32
abhishekkthe warning should be in cinder imo14:32
rosmaitanot really, cinder has never claimed to have property protections14:32
mhenabhishekk: I respectfully disagree; I discovered the Glance docs page about this feature and thought "neat" - only by accident did I discover that I can bypass this. Somebody that might be enabling this in Glance never reads the Cinder docs because they don't seem relevant to them.14:33
abhishekkack, croelandt I think we should highlight it then14:34
rosmaitai think we may need to have a bit of a discussion at the next PTG around how image properties are set/consumed for boot-from-volume14:35
croelandtand to think we wanted to get rid of that feature14:35
rosmaitawell, if glance gets rid of the feature, then nothing to fix in cinder!14:35
mhenplease read the use case example in the bug report and reconsider ;)14:36
mhen(especially concerning the upcoming rework of the confidential computing stuff by takashi)14:37
croelandtrosmaita: we had this one guy write an email 6 months after I sent the survey to inform me that he planned on maybe using the feature14:37
croelandtok so Glance can document the issue14:37
rosmaitawe used it extensively at rackspace, back in the day14:37
whoami-rajatabhishekk, haha, i mean it starts early but it's 2 hours so ends 9:30 our time -- i can work late but meetings are hard at night :(14:38
abhishekk:D14:38
rosmaitai think mhen's workaroud (change the policy setting) is a good idea, i think this hasn't been reported earlier because people don't really use that API much14:38
rosmaitai think most people just expect the image properties to be inherited from the image14:39
croelandtagain it's nice you're volunteering to fix this14:40
* croelandt is on his way to becoming BDFL14:41
rosmaitagood thing croelandt isn't the boss of me14:42
croelandtthis can change!14:43
croelandtthough I doubt it14:43
croelandtok anything else to add about property protections?14:43
mhennothing from my side14:44
mhenthanks for your consideration!14:44
croelandtok14:45
croelandtLet's call it a day, then!14:45
croelandtThanks everyone for joining14:45
croelandt#endmeeting14:45
croelandthm14:46
croelandt#endmeeting14:46
croelandtIsn't that supposed to give me confirmation?14:46
abhishekkit doesn't want to end us :P14:46
mhenadd #please ;D14:46
abhishekkhaha14:47
abhishekk#endmeeting14:47
croelandtis the bot dead? :)14:48
mhenwe are now in a never-ending meeting for the rest of our lives14:48
abhishekkbring infra in :P14:48
rosmaitano, you started the meeting as croelandt114:48
rosmaitaso i don't think it's recognizing you now14:48
croelandtoh14:48
*** croelandt is now known as croeland114:48
abhishekkhahaha14:48
croeland1#endmeeting14:48
opendevmeetMeeting ended Thu Dec  4 14:48:45 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)14:48
opendevmeetMinutes:        https://meetings.opendev.org/meetings/glance/2025/glance.2025-12-04-14.00.html14:48
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/glance/2025/glance.2025-12-04-14.00.txt14:48
opendevmeetLog:            https://meetings.opendev.org/meetings/glance/2025/glance.2025-12-04-14.00.log.html14:48
*** croeland1 is now known as croelandt14:48
abhishekkfinally14:48
mhen:D14:48
croelandtwe're free!14:48
mhenrejoice!14:49
croelandtrun while you can14:49
whoami-rajatrosmaita, never lets the fun go on for too long (just kidding :D)17:34
« Wednesday, 2025-12-03 Index

Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!