Thursday, 2020-11-05

*** tosky has quit IRC00:14
*** macz_ has quit IRC00:17
*** jmasud has joined #openstack-meeting00:41
*** jmasud has quit IRC00:42
*** macz_ has joined #openstack-meeting01:27
*** macz_ has quit IRC01:32
*** Liang__ has joined #openstack-meeting01:37
*** Liang__ has quit IRC01:39
*** rcernin has quit IRC01:43
*** rcernin_ has joined #openstack-meeting01:43
*** rh-jelabarre has quit IRC03:19
*** rcernin_ has quit IRC03:24
*** rcernin_ has joined #openstack-meeting03:34
*** rcernin_ has quit IRC03:47
*** Liang__ has joined #openstack-meeting04:13
*** rcernin has joined #openstack-meeting04:20
*** vishalmanchanda has joined #openstack-meeting04:31
*** rcernin has quit IRC05:13
*** rcernin has joined #openstack-meeting05:15
*** jmasud has joined #openstack-meeting05:18
*** armstrong has quit IRC05:30
*** evrardjp has quit IRC05:33
*** evrardjp has joined #openstack-meeting05:33
*** rcernin has quit IRC06:37
*** rcernin has joined #openstack-meeting06:50
*** Liang__ has quit IRC07:06
*** Liang__ has joined #openstack-meeting07:07
*** lpetrut has joined #openstack-meeting07:11
*** rcernin has quit IRC07:12
*** melwitt has quit IRC07:20
*** melwitt has joined #openstack-meeting07:21
*** dklyle has quit IRC07:24
*** rcernin has joined #openstack-meeting07:34
*** rcernin has quit IRC07:43
*** jmasud has quit IRC07:45
*** slaweq has joined #openstack-meeting07:54
*** ralonsoh has joined #openstack-meeting07:59
*** tosky has joined #openstack-meeting08:13
*** macz_ has joined #openstack-meeting08:37
*** rpittau|afk is now known as rpittau08:39
*** macz_ has quit IRC08:42
*** ociuhandu has joined #openstack-meeting09:06
*** ociuhandu has quit IRC09:16
*** ociuhandu has joined #openstack-meeting09:22
*** ociuhandu has quit IRC09:25
*** ociuhandu has joined #openstack-meeting09:26
*** macz_ has joined #openstack-meeting09:43
*** macz_ has quit IRC09:48
*** ociuhandu has quit IRC09:57
*** ociuhandu has joined #openstack-meeting09:58
*** ociuhandu has quit IRC10:01
*** ociuhandu has joined #openstack-meeting10:02
*** Liang__ has quit IRC10:10
*** e0ne has joined #openstack-meeting10:46
*** ociuhandu has quit IRC12:00
*** ociuhandu has joined #openstack-meeting12:01
*** rfolco has joined #openstack-meeting12:02
*** ociuhandu has quit IRC12:06
*** raildo has joined #openstack-meeting12:23
*** rfolco has quit IRC13:01
*** rfolco has joined #openstack-meeting13:01
*** rh-jelabarre has joined #openstack-meeting13:07
*** ociuhandu has joined #openstack-meeting13:14
*** rosmaita has joined #openstack-meeting13:55
*** falencastro has joined #openstack-meeting13:56
abhishekk#startmeeting glance14:01
openstackMeeting started Thu Nov  5 14:01:16 2020 UTC and is due to finish in 60 minutes.  The chair is abhishekk. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: glance)"14:01
openstackThe meeting name has been set to 'glance'14:01
abhishekk#topic roll call14:01
*** openstack changes topic to "roll call (Meeting topic: glance)"14:01
* smcginnis is sort of here but distracted with other things14:01
abhishekkwaiting for others to join14:01
abhishekklets wait couple of minutes more14:02
abhishekkcool, lets start14:03
abhishekk#topic Updates14:03
*** openstack changes topic to "Updates (Meeting topic: glance)"14:03
abhishekkPTG concluded and we have discussed various topics and priorities for Wallaby during last week14:04
abhishekkyou can find summary and recordings of the session in the PTG etherpad14:04
abhishekkSame etherpad contains milestone wise priorities for Wallaby cycle14:05
abhishekkI will propose them to glance-specs repo by this week14:05
abhishekkmoving ahead14:05
abhishekk#topic release/periodic jobs update14:06
*** openstack changes topic to "release/periodic jobs update (Meeting topic: glance)"14:06
abhishekkWallaby milestone 1 4 weeks away14:06
abhishekkI will start adding priorities of milestone 1 in weekly meeting discussion from next time14:06
abhishekkPeriodic jobs - 3/4 py38 functional jobs were failing14:07
abhishekktest_copy_public_image_as_non_admin_permitted test is failing with 403 error14:07
abhishekksorry 409, Reason is import lock is not busted in time and call returns 409 in this case14:07
abhishekkI will put some time to understand this and will take help from dansmith as well14:08
abhishekkany questions?14:08
abhishekkcool, moving ahead14:08
abhishekk#topic Glance Tempest plugin14:09
*** openstack changes topic to "Glance Tempest plugin (Meeting topic: glance)"14:09
abhishekkAs discussed in PTG, I had discussion with gmann about this yesterday14:09
*** servagem has joined #openstack-meeting14:09
abhishekkhe has added his suggestion in etherpad,
abhishekkAccording to him, the plugin should contain only API related tests and not cross project/service tests14:10
abhishekkFor API related testing we already have functional tests, so adding plugin doesn't makes sense to me14:10
rosmaitahmmm ... all our plugin contains is cross project tests for cinder!14:11
abhishekkohh, really?14:11
rosmaitai mean, that's the whole point, to have some scenario tests14:11
*** lajoskatona has joined #openstack-meeting14:11
abhishekkgmann, told me otherwise14:11
rosmaitayeah, we maintain tests in the barbican devstack plugin to handle image encryption tests14:11
*** lajoskatona has left #openstack-meeting14:11
rosmaitaand the cinder-tempest-plugin has other stuff14:11
abhishekkack, My idea behind adding plugin was to test barbican and multiple stores at one place14:12
abhishekkI will still discuss this with him and internal team who is going to contribute towards it before taking any decision14:13
abhishekkrosmaita, I might need inputs from you as well14:13
rosmaitathat's got image signature validation tests and also cinder volume encryption14:13
abhishekkcool, will have look and check whether it covers our use case14:14
rosmaitaalso, talk to tosky14:14
rosmaitahe will know the correct vocabulary to use to discuss this with gmann14:14
abhishekkyeah he was around yesterday as well14:14
rosmaitawe may just be describing what we want to do incorrectly14:15
abhishekkthank you rosmaita14:15
abhishekkmoving ahead14:15
abhishekk#topic Consistent and Secure default policies14:16
*** openstack changes topic to "Consistent and Secure default policies (Meeting topic: glance)"14:16
abhishekkI guess gmann has added it to the agenda14:16
*** moguimar has quit IRC14:17
abhishekkThis is new community goal which is divided to complete in two cycles14:17
abhishekkThis cycle we need to deprecate default policies in code and next cycle need to implement RBAC14:18
*** moguimar has joined #openstack-meeting14:18
abhishekkrosmaita, could you please share more insight around this as you had this topic for PTG discussion14:19
rosmaitayeah, it's not deprecate the default policies in code14:19
rosmaitathe issue is that to see the default policies, you need to generate a file14:19
rosmaitayou can generate (currently) in either JSON or YAML14:19
rosmaitayaml has comments14:19
rosmaitathe problem is that the default policy file is still json14:20
rosmaitaand in order to deprecate policies (or something, i didn't quite follow) the comments need to show up14:20
rosmaitaso the community goal is to make YAML the default14:20
rosmaitaso that when all the policies are changed to use the groovy new scoping stuff14:20
rosmaitathe correct sample will be generated14:21
rosmaitasomething like that14:21
abhishekkI guess we glance do have default yaml (need to confirm)14:21
rosmaitaoslo.policy is going to remove the ability to generate json14:21
rosmaitawell, everyone defaulted to generating a yaml sample14:21
rosmaitai had to put up patches to cinder (back in stein i think) to look for the yaml instead of json14:22
rosmaitai thought that was what we were supposed to do14:22
abhishekkOk, I guess popup team will help us if needed14:22
rosmaitai don't think i did it for glance beacuse at that point we weren't using policy in code yet14:23
abhishekkcool, will sync with them and get it cleared as well14:23
abhishekkyes, we have done it Ussuri14:23
jokkebut IIUC the RBAC part expects the policies being 1:1 mapping with the API calls14:23
abhishekk* in Ussuri14:23
jokkewhich of we're far from14:23
rosmaitayeah, that's still an issue14:23
rosmaitathis is not going to be a clean transition for anyone, i don't think14:24
rosmaitabut they already did nova ...14:24
rosmaitaso i guess everything is fine14:24
abhishekkI guess cinder has also one API which uses it, right?14:24
* dansmith sneaks in14:25
rosmaitaabhishekk: "it" == ??14:25
abhishekkit == RBAC ?14:25
jokkerosmaita: well the issue I see there is that this requires full rewrite of Glance policies, and not only full rewrite but proper deprecation of the old ones too14:25
rosmaitaoh, yeah, we have > 75 policies at this point for the block storage API14:26
rosmaitajokke: us too, we have policy checks in the db layer14:26
rosmaitamy concern is cross-project data leakage14:26
rosmaitabecause the model seems to be configure everything in the policy file14:26
rosmaitawhich i guess is ok if you know what you are doing and have good tests14:27
rosmaitabut nobody does14:27
jokkerosmaita: mhm14:27
rosmaitathat's just my opinion, though14:27
dansmithI'm not sure what ya'll are talking about14:27
abhishekkConsistent and Secure default policies14:27
dansmiththe community goal is purely about converting the default policy file format from json to yaml14:27
rosmaitawe are talking about part 214:28
dansmithah okay14:28
rosmaitapolicy rewrite to use scoped tokens, support reader role, etc14:28
dansmithack yeah, okay14:29
abhishekkheavy work to pull policy layer out of Onion14:29
*** vishalmanchanda has quit IRC14:30
dansmithI can imagine14:30
dansmithat least there's one you don't have to de-onionify :)14:30
rosmaitayeah, theoretically it seemed to be a great idea for separation of concerns14:30
rosmaitathat's why no one likes theorists14:30
dansmithnova has moved all its policy out of the db layer at this point, AFAIK,14:31
dansmithbut the token change will be some work I think14:31
rosmaitawe haven't done it in cinder yet (move policy checks out of DB)14:31
rosmaitawe need much more thorough tests first14:31
abhishekkI thought nova has already done it (token change)14:31
rosmaitaand that's even before adding the new stuff14:31
dansmithabhishekk: I think there's still something outstanding14:32
abhishekkok, so the action plan is I will sync with pop-up team and discuss what is needed from glance this cycle and then will start doing it side by side14:33
abhishekkdansmith, ack14:33
abhishekkMoving to open discussion unless anything more for this topic14:33
abhishekk#topic Open discussion14:34
*** openstack changes topic to "Open discussion (Meeting topic: glance)"14:34
abhishekkSo as per discussed in PTG, I have flagged removal of single store configuration to openstack-discuss ML14:34
abhishekkWill start working on converting unit and functional tests soon14:35
abhishekkthat's it from me for today14:35
rosmaitaemail looks nice and clear14:36
abhishekkthank you14:36
jokkeyeah looked good14:37
rosmaitait will be nice to get all that stuff cleared out14:37
abhishekkas discussed during PTG I am also working on combinations of different stores using devstack for CI improvements14:38
abhishekklets wrap up early if nothing more to discuss14:40
rosmaitaworks for me!14:40
abhishekkjokke, dansmith ?14:41
jokkeI have nothing for now14:41
dansmithfor sure14:41
abhishekkcool, thank you all14:41
abhishekkhave a nice weekend14:41
*** openstack changes topic to "OpenStack Meetings ||"14:42
openstackMeeting ended Thu Nov  5 14:42:02 2020 UTC.  Information about MeetBot at . (v 0.1.4)14:42
openstackMinutes (text):
*** rosmaita has left #openstack-meeting14:42
*** armstrong has joined #openstack-meeting14:46
*** belmoreira has joined #openstack-meeting14:56
*** moguimar has quit IRC14:56
*** moguimar has joined #openstack-meeting14:58
*** andrebeltrami has joined #openstack-meeting14:58
*** TrevorV has joined #openstack-meeting15:00
*** Steap has joined #openstack-meeting15:01
*** macz_ has joined #openstack-meeting15:07
*** thgcorrea has joined #openstack-meeting15:08
*** macz_ has quit IRC15:12
fungiguessing we're skipping the security sig meeting this week15:18
*** ociuhandu has quit IRC15:21
redrobotOh yeah, time changed.15:26
*** dklyle has joined #openstack-meeting15:37
gagehugoyeah, my bad, will get fixed for next week15:42
fungino worries15:43
*** ociuhandu has joined #openstack-meeting15:45
*** belmoreira has quit IRC16:09
*** jmasud has joined #openstack-meeting16:16
*** macz_ has joined #openstack-meeting16:27
*** jamesden_ has joined #openstack-meeting17:08
*** jmasud has quit IRC17:17
*** rpittau is now known as rpittau|afk17:21
*** jmasud has joined #openstack-meeting17:29
*** gyee has joined #openstack-meeting17:35
*** ociuhandu has quit IRC18:04
*** ociuhandu has joined #openstack-meeting18:12
*** ociuhandu has quit IRC18:16
*** haleyb has quit IRC18:18
*** haleyb has joined #openstack-meeting18:19
*** jmasud has quit IRC18:31
*** ralonsoh has quit IRC18:41
*** andrebeltrami has quit IRC18:57
*** lpetrut has quit IRC19:16
*** _mlavalle_2 has quit IRC19:16
*** lbragstad has quit IRC19:18
*** armstrong has quit IRC19:25
*** bbowen has quit IRC20:02
*** e0ne has quit IRC20:21
*** e0ne has joined #openstack-meeting20:37
*** jmasud has joined #openstack-meeting20:53
*** ociuhandu has joined #openstack-meeting20:57
*** ociuhandu_ has joined #openstack-meeting20:58
*** jmasud has quit IRC20:59
*** jmasud has joined #openstack-meeting21:02
*** e0ne has quit IRC21:02
*** bbowen has joined #openstack-meeting21:13
*** jmasud has quit IRC21:17
*** jmasud has joined #openstack-meeting21:21
*** ociuhandu_ has quit IRC21:23
*** ociuhandu has joined #openstack-meeting21:25
*** thgcorrea has quit IRC21:26
*** jmasud has quit IRC21:26
*** rcernin has joined #openstack-meeting21:27
*** ociuhandu has quit IRC21:35
*** jmasud has joined #openstack-meeting21:50
*** rcernin has quit IRC21:53
*** rcernin has joined #openstack-meeting21:55
*** e0ne has joined #openstack-meeting22:03
*** jmasud has quit IRC22:04
*** slaweq has quit IRC22:06
*** mlavalle has joined #openstack-meeting22:08
*** manpreet has quit IRC22:14
*** e0ne has quit IRC22:17
*** rh-jelabarre has quit IRC22:22
*** rh-jelabarre has joined #openstack-meeting22:22
*** jmasud has joined #openstack-meeting22:30
*** jamesden_ has quit IRC22:33
*** rcernin has quit IRC22:57
*** rcernin has joined #openstack-meeting23:01
*** rh-jelabarre has quit IRC23:03
*** jmasud has quit IRC23:16
*** jmasud has joined #openstack-meeting23:21
*** ociuhandu has joined #openstack-meeting23:36
*** ociuhandu has quit IRC23:40
*** TrevorV has quit IRC23:41
*** tosky has quit IRC23:55
*** rfolco has quit IRC23:55

Generated by 2.17.2 by Marius Gedminas - find it at!