Thursday, 2020-12-10

jokke#startmeeting glance14:01
openstackMeeting started Thu Dec 10 14:01:17 2020 UTC and is due to finish in 60 minutes.  The chair is jokke. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.14:01
*** openstack changes topic to " (Meeting topic: glance)"14:01
openstackThe meeting name has been set to 'glance'14:01
jokke#topic roll call14:01
*** openstack changes topic to "roll call (Meeting topic: glance)"14:01
jokkeAbhishek just lost power so will be minute or two when he tries to get on from mobile14:01
rosmaitaok, i was wondering14:02
abhishekko/ from mobile14:03
jokke#link quite a few things on the agenda14:03
jokkewb abhishekk14:03
jokke#chair abhishekk14:03
openstackCurrent chairs: abhishekk jokke14:03
abhishekkwill be difficult for me to switch over agenda, so jokke could you please continue chairing?14:04
abhishekkthank you14:04
jokke#topic release/periodic job updates14:04
*** openstack changes topic to "release/periodic job updates (Meeting topic: glance)"14:04
abhishekkjust passed milestone 114:05
jokkeso we seem to gave some serious gating issues still. Milestone 1 has not been tagged as of now14:05
*** zbr has quit IRC14:05
abhishekkthose jobs are failing for othercouple of projects as well14:06
rosmaitais it lower-constraints?14:06
abhishekkand same error for docs job14:06
*** ociuhandu has quit IRC14:06
rosmaitai had to update requirements and l-c for cinder, it's the new pip resolver14:06
abhishekkthen some tempest jobs are failing with unknown error and no logs were generated14:07
rosmaitaa bit of a PITA14:07
jokkeok, I will look the cinder patch after the meeting and see if I can find the help for us from there14:07
abhishekkjokke, rosmaita ++14:07
rosmaitajokke: i did a pip freeze on a successful local unit test run, and used those versions14:08
rosmaitabut i don't remember why we even have a lower constraints job any more14:08
*** zbr has joined #openstack-meeting14:08
abhishekkalso we need to get Steap's patch once these issues resolved14:08
jokkerosmaita: ah, so it's just dependency versions instead of something about formatting of them files14:08
rosmaitayeah, pretty sure14:09
*** ociuhandu has joined #openstack-meeting14:09
jokkerosmaita: I remember one upon a time we had centralized dependency management where these things had to be done only on global requirements and bot would propose them down, but someone thought that rather than having unified requirements it's better to let everyone just swing it project by project14:10
abhishekki think we faced this issue earlier as well14:11
jokkeit's every few months14:11
jokkebut we can move forward I'll ping ye guys if I can't figure it out myself looking what had to be taken in for cinder and with local runs14:12
rosmaitaok, i will be around today (on PTO tomorrow)14:12
jokkerosmaita: great, thanks14:13
abhishekkping me on telegram if I didn't returned back online due to power failure14:13
jokke#topic milestone 214:13
*** openstack changes topic to "milestone 2 (Meeting topic: glance)"14:13
jokke5 weeks away14:13
jokkeabhishekk had some priorities laid down in the agenda14:13
*** ociuhandu has quit IRC14:13
abhishekkyes, and we have couple of specs + RBAC stuff to address14:14
jokkeMainly looking into the proxying those calls for Image Import and RBAC14:14
abhishekkothers are trivial and can be implemented quickly14:15
*** ociuhandu has joined #openstack-meeting14:15
jokkeI will look into addressing any comments on the image import proxy spec and cluster awareness spec tomorrow if I got the gate unblocked by that14:16
rosmaitai left comments on all the specs listed in the agenda14:16
abhishekkrosmaita, ack, thank you14:16
rosmaitawas curious what others thought about the chunk download support for RBD14:16
jokkerosmaita: great, thanks!14:16
rosmaitajokke: don't thank me, made more work for you14:16
abhishekkSo next topic is review priorities where I listed some specs to be reviewed14:18
jokkeso I'm failing to see the usecase for that chunk download14:18
jokkeand if we do it, we really should do it for all stores, not just rbd14:18
jokkeoh sorry14:19
rosmaitawell, we do support the range header14:19
abhishekkagree for use case14:19
jokke#topic important spec reviews14:19
*** TrevorV has joined #openstack-meeting14:19
*** openstack changes topic to "important spec reviews (Meeting topic: glance)"14:19
rosmaitai remember Darini fixing a bug about that back in the osic days14:19
*** ociuhandu has quit IRC14:19
abhishekkis it documented somewhere?14:19
rosmaitaanyway, i left a comment there that i'd like to hear more about how this will be tested14:19
abhishekkabout range header?14:20
rosmaitai'll look for a reference14:20
jokkerosmaita: ok, so clearly there is some holes on it and it's not tested ;)14:20
jokkeOne of those again14:20
jokkeon top of those there's the discovery api for tasks and sqlalchemy-migrate deprecation on the list. Any marks on them before we move on?14:22
abhishekkfor task thing we will continue discussion on specs14:23
rosmaitasqlalchemy-migrate is fine14:23
rosmaitai'm not sold on using the discovery endpoint for tasks, though14:24
rosmaitaleft a comment on the spec14:24
rosmaitaabhishekk: i added the commit hashes for range header support to the agenda14:24
abhishekkrosmaita, ack, will have a look14:25
abhishekkalso I replied to your comment on tasks specs14:25
jokkerosmaita: ok, I see your point. Maybe we need to have fresh new endpoint for probing the tasks14:25
abhishekkI took shortcut :D14:26
rosmaitaor have multiple api-level policies on the tasks API14:26
jokkethe tasks api is just usage nightmare and we deprecated it for removal ages ago for good reason. I'd be very much against just opening it back up as it is14:26
rosmaitathat tasks-api-access thing was a last minute hack14:26
rosmaitawell, you could maybe do something like v2/messages/{id}14:27
rosmaitaand under the hood, grab the task and reformat it for display14:27
abhishekkack, sounds good14:27
*** psachin has quit IRC14:28
*** ociuhandu has joined #openstack-meeting14:28
abhishekkwill update the specs accordinglyu14:28
jokkeok, lets keep the discussion going on the spec and move on14:28
jokkeoh, od left14:28
jokke#open discussion14:28
jokke#topic open discussion14:29
*** openstack changes topic to "open discussion (Meeting topic: glance)"14:29
jokkerosmaita: looks like you added the chunk download refs on the agenda, thanks14:29
rosmaitafungi helped me figure out how to fix the redirects14:29
rosmaitafor glance-specs14:29
jokke \\o \o/ o// o/714:29
rosmaitai didn't add any new ones, this just fixes the current ones (up to stein)14:30
jokkerosmaita++ fungi++ that's great news, thanks!14:30
rosmaitabut i don't think there's any way to test it other than to merge it and see what happens14:30
abhishekkwill have a look and work for other redirects14:30
rosmaitait worked for cinder, so that's some evidence14:30
fungiwell, it's an apache behavior, so the way to test it is to serve content from apache14:30
fungithe apache configuration we use is public, if anyone wants it14:31
abhishekkthank you fungi14:31
rosmaitatry this out:
abhishekkwill ping you if required14:31
abhishekkrosmaita, thank you, will try once back online14:32
abhishekkgreat, I don't have anything else to discuss at the moment14:33
jokkeI'm still trying to wrap my head around the rbac stuff and it's impact14:33
Steapregarding RBAC14:34
SteapLance mentioned that migrating policies would be a "manual" process14:34
Steapthat worries me a tiny bit :)14:34
jokkewe just need to be super vigilant and make sure we do not expose anything unintended14:36
jokkeWhich is my biggest worry on the amount of pressure this wor has to rush it through14:36
abhishekktesting, more testing and more and more testing is what we need to do in less time14:37
abhishekkwe should sign a MOU :D14:37
*** tobberydberg has quit IRC14:38
rosmaitamemorandum of understanding?14:39
abhishekkjust kidding, memo for understanding the regression14:39
*** tobberydberg has joined #openstack-meeting14:39
jokkewell if anyone has understanding of that and wants to write it down, I'd be very happy to read and comment :P14:40
abhishekkhaha, rosmaita is the perfect person for this14:40
rosmaitai'm driving through a tunnel, couldn't catch that last comment14:41
jokkeYeah I think rosmaita is pretty much the only one left who has even chance of having full understanding tf is going on there ;)14:41
jokkerosmaita: I just said that if anyone has understanding and wants to write it down, I'd be more than happy to read and comment14:41
rosmaitastill can't hear you14:42
jokkeyeah I guess most of the people whe were around when that masterpiece was written are long gone. At least I've been exposed only in small bits to it14:43
jokkebut I've nothing else. We can take the 15 unless someone else has something still to bring up14:44
abhishekksounds good14:44
rosmaitanothing from me14:45
jokkeok, thanks all!14:45
abhishekkthank you all14:45
*** openstack changes topic to "OpenStack Meetings ||"14:45
openstackMeeting ended Thu Dec 10 14:45:19 2020 UTC.  Information about MeetBot at . (v 0.1.4)14:45
openstackMinutes (text):
gagehugo#startmeeting security15:00
openstackMeeting started Thu Dec 10 15:00:16 2020 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
*** openstack changes topic to " (Meeting topic: security)"15:00
openstackThe meeting name has been set to 'security'15:00
gagehugo#link agenda15:00
*** andrebeltrami has joined #openstack-meeting15:02
*** ociuhandu has joined #openstack-meeting15:05
*** e0ne has quit IRC15:07
*** e0ne has joined #openstack-meeting15:08
*** ociuhandu has quit IRC15:10
*** ociuhandu has joined #openstack-meeting15:11
gagehugosorry got pulled away15:15
gagehugo#topic OSSA-2020-008 released15:15
*** openstack changes topic to "OSSA-2020-008 released (Meeting topic: security)"15:15
*** ociuhandu has quit IRC15:15
fungino worries, we've got the whole hour15:15
gagehugoWe released OSSA-2020-008 earlier this week15:18
gagehugoIf anyone is interested, see the link above ^15:20
fungigood job!15:20
fungithanks for taking care of that one15:20
gagehugothanks for the help!15:20
*** ociuhandu has joined #openstack-meeting15:20
gagehugo#topic no meetings rest of the year15:20
*** openstack changes topic to "no meetings rest of the year (Meeting topic: security)"15:21
gagehugoThis will be the last meeting for 2020, we will meet back again in Jan15:21
gagehugoJan 07th specifically15:21
fungisounds good to me15:21
fungii can always be found in #openstack-security or by e-mail if there's an urgent issue15:22
gagehugoyeah I'm online usually as well15:25
gagehugo#topic open discussion15:25
*** openstack changes topic to "open discussion (Meeting topic: security)"15:25
gagehugofungi: anything else for 2020?15:25
*** dklyle has joined #openstack-meeting15:27
fungii don't think so15:29
fungihave a great rest of the year!15:29
gagehugoyou too!15:34
gagehugothanks fungi15:34
*** openstack changes topic to "OpenStack Meetings ||"15:35
openstackMeeting ended Thu Dec 10 15:35:00 2020 UTC.  Information about MeetBot at . (v 0.1.4)15:35
openstackMinutes (text):
fungithanks gagehugo!15:39
gmann#startmeeting policy_popup18:02
openstackMeeting started Thu Dec 10 18:02:21 2020 UTC and is due to finish in 60 minutes.  The chair is gmann. Information about MeetBot at
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.18:02
*** openstack changes topic to " (Meeting topic: policy_popup)"18:02
openstackThe meeting name has been set to 'policy_popup'18:02
gmannlbragstad: hi18:03
gmannlet's wait for couple of min18:03
lbragstadsounds good18:04
*** rpittau is now known as rpittau|afk18:04
gmannlbragstad: seems like two of us, anyways let's start.18:06
gmanntoday agenda #link
gmann#topic General doubts about Default policy18:06
*** openstack changes topic to "General doubts about Default policy (Meeting topic: policy_popup)"18:06
openstackLaunchpad bug 1886857 in oslo.policy "Improve documentation of what data is used in checks" [High,In progress] - Assigned to Raildo Mascena de Sousa Filho (raildo)18:07
gmannthis is pending on raildo side to fix the review comments in #link
gmannMigrate Default Policy Format from JSON to YAML18:08
gmannthis is ongoing work for this goal #link
gmannI am waiting for oslo.upgradechecks update and then release to use it on service side18:09
gmannbasically this one- #link
gmannlbragstad: if you can have a look18:09
gmannNeed to verify where glance stands as per communit goal (abhishekk)18:11
lbragstadgmann which community goal?18:11
lbragstadmigrating the policy format?18:11
gmannthis is not clear to me, abhishekk added this item nit sure if he is online now18:11
lbragstadhe was online a couple of hours ago - but i do know he's about 15 hours ahead of us?18:11
gmannnot sure if it is policy format or new RBAC one18:11
gmann11.30 ahead, in India time18:12
lbragstadok - so i lied about 1518:12
lbragstaddefinitely not 15 hours :)18:12
gmannI will try to catch him on glance channel18:12
gmann#topic Review Requests18:13
*** openstack changes topic to "Review Requests (Meeting topic: policy_popup)"18:13
gmannI added your patches in this #link
lbragstadoh - nice18:13
gmanni think we can update the topic name also in wiki, it was different18:13
lbragstadsorry about that18:13
gmannlbragstad: your topic name is more closed to work :)18:14
gmannany luck on projects side start reviewing or adding tests etc18:15
lbragstadgetting there18:15
lbragstadi know a few projects have looked at the patches i've proposed18:15
lbragstadbut - the patches really just group resources and APIs into buckets18:15
lbragstadi think most projects have at least something in review18:16
lbragstadi'm starting to work back through each project and pick out a few patches to implement testing18:16
lbragstadmy goal is to have two or three resources/APIs for each series testing the new defaults18:16
gmanngreat, i think this is nice start. I saw your email also but I did not reply yet as I was busy in back to back meeting (usual Thursday :))18:17
lbragstadwhich will include the testing infrastructure/plumbing and the actual test cases18:17
lbragstadso - this week and next week i'm focusing on placement and cinder18:17
gmannI will also help in that once I get policy format work done which I am targeting before new year18:17
lbragstadawesome - yeah, i'll take as much help as possible18:17
lbragstadi'm picking placement because it should be a relatively easy one to do18:18
lbragstadand cinder because it's probably the next largest API to work on18:18
lbragstadtiming wize18:18
lbragstadi've been working on the audits since the PTG (so about a month)?18:19
lbragstadand i expect testing implementation to take much longer than that18:19
gmannyeah, as per my experience in nova, 70% of the time was in righting the tests as we did not have good coverage for policy testig18:20
lbragstadbut, once the tests are up, we should be good for people to consider reviewing the patches and merging them18:20
lbragstadright - exactly18:20
lbragstadthat was my experience in keystone, too18:20
gmannit will give them more confidence on the changes18:20
gmannAlso on tempest testing support side I am still not able to debug why nova os-hypervisor test did not work with new scope token #link
gmannI will try to dig into this next week or so18:21
gmannanything else on review side ?18:22
lbragstadi don't have anything18:23
gmann#topic Open Floor18:24
*** openstack changes topic to "Open Floor (Meeting topic: policy_popup)"18:24
gmannnothing in open discussion too.18:24
lbragstadsfinucan brought up a good question here
lbragstadi've been proposing the common personas as constants on some policy file18:24
lbragstadin each project18:24
lbragstadand he asked why they aren't registered rule defaults18:24
gmannah good point.18:25
lbragstadi thought i'd ask here18:25
lbragstadi think i'm indifferent18:25
raildohey, sorry to be late18:25
gmannthat will give us easy to remove 'system:all' thing when enforce_scope is true by default18:26
lbragstadthat's a good point18:26
lbragstadi also thought it would be nice to have them documented in the default policy documentation18:26
gmannraildo: no worries.18:26
gmannlbragstad: +1, I thought of moving these common rules and stanza in oslo policy side and then from there projects can use it consistently ?18:27
lbragstadthat's what i started thinking of next18:27
lbragstadwe'd need to a new version of oslo.policy18:27
lbragstadand i'm wondering if that's a good idea or not18:27
gmannraildo: we mainly discussed on these
lbragstadoslo.policy is pretty generic - and this would be a openstack-specific personas18:28
gmannlbragstad: good point. but with policy format work everyone needs to move to 3.6.0 latest version18:28
gmannlbragstad: how about with openstack_common_personas.py18:28
lbragstadi mean - includes keystone scopes18:29
* lbragstad shrugs18:29
lbragstadi guess i can see it both ways18:29
raildogmann, lbragstad yeah, I started to reviewing lance's patches, seems to be my christmas gift haha18:30
raildolbragstad, thank you for all this hard work dude!18:30
lbragstads/christmas gift/lump of coal/18:30
gmannlbragstad: i can push the common personas thing in olso.policy if fine. after my lunch18:31
lbragstadgmann sure - that sounds good18:31
lbragstadto recap18:31
gmannwe should give more gifts to raildo :)18:31
* raildo has enough gifts for now18:31
lbragstadthe main benefits would be 1.) it's a common place for common persona definitions 2.) they're included in default policy documentation rendered in each project18:32
lbragstadthe only downside i can think of is that it's a another layer of indirection to figure out what rule:system_admin means18:33
gmannI think name itself if self explainer but we can add good documentation for that so that generated policy sample etc have it clear18:35
raildolbragstad, well, I believe that if we properly document this common persona on oslo.policy and point for the team's docs for it would be enough18:35
lbragstadyeah - i think that's fair18:37
lbragstadhaving a common definition is a good reason18:37
* lbragstad has to update a lot of patches 18:38
gmannah that is true. may be during tests addition time we can update18:38
lbragstadright - they have to be updated eventually18:39
lbragstadso - we'll have to bump the oslo.policy requirement to 3.6.1 then?18:39
lbragstadok - makes sense18:40
gmannI think i forgot to record AI, let's do18:40
gmann#action gmann to check with abhishekk on glance point in meeting agenda18:41
gmannraildo: to update
gmann#action raildo to update
raildoack, I'll have it asap18:41
raildo it updated*18:42
gmann#action gmann to push common persona on oslo policy and release 3.6.1 and lbragstad to review that18:42
gmannanything else I missed ?18:42
lbragstadi need to review too18:42
gmannah right18:43
gmann#action All will review and help on
gmannanything else for today ?18:44
lbragstadi plan to have placement done by next week18:44
lbragstadrosmatia is going to meet with me early next week to go through the best approach for protection testing in cinder18:44
gmann#action lbragstad to finish placement as first18:45
lbragstadnext thursday is my last day of the year18:45
lbragstadso - i hope to have something in review for cinder by then18:45
lbragstadas far as the testing strategy goes18:45
gmannso should we cancel the next meeting which is on 24th Dec ?18:45
lbragstadi probably won't make it on that day18:46
lbragstadbut i can read scroll back18:46
gmannraildo: how ab out you?18:46
raildogmann, I'll not be able to make the 24th dec meeting18:47
gmannok, let's cancel then. I will update on ML too18:47
gmannlet's close for today18:47
gmannthanks lbragstad raildo for joining18:47
lbragstadthanks gmann18:48
raildogmann, lbragstad thanks!18:48
*** openstack changes topic to "OpenStack Meetings ||"18:48
raildohave a great day18:48
openstackMeeting ended Thu Dec 10 18:48:16 2020 UTC.  Information about MeetBot at . (v 0.1.4)18:48
openstackMinutes (text):
