Wednesday, 2022-06-08

« Tuesday, 2022-06-07 Index Thursday, 2022-06-09 »
opendevreviewMatthew Oliver proposed openstack/swift master: sharding: shard deleted containers that have shards with objects  https://review.opendev.org/c/openstack/swift/+/84455307:15
opendevreviewTim Burke proposed openstack/python-swiftclient master: tempurl: Support sha256 and sha512 signatures  https://review.opendev.org/c/openstack/python-swiftclient/+/84515716:33
opendevreviewTim Burke proposed openstack/python-swiftclient master: Add more validation for ip_range args  https://review.opendev.org/c/openstack/python-swiftclient/+/58190618:06
opendevreviewTim Burke proposed openstack/python-swiftclient master: Be a little more careful about read() return values  https://review.opendev.org/c/openstack/python-swiftclient/+/83475420:27
opendevreviewTim Burke proposed openstack/python-swiftclient master: service: Allow SwiftUploadObject sources to be bytes  https://review.opendev.org/c/openstack/python-swiftclient/+/83475320:29
timburke_#startmeeting swift21:00
opendevmeetMeeting started Wed Jun  8 21:00:38 2022 UTC and is due to finish in 60 minutes.  The chair is timburke_. Information about MeetBot at http://wiki.debian.org/MeetBot.21:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:00
opendevmeetThe meeting name has been set to 'swift'21:00
timburke_who's here for the swift meeting?21:00
kotahi21:00
timburke_as usual, the agenda's at21:02
timburke_#link https://wiki.openstack.org/wiki/Meetings/Swift21:02
acolesI'm here for a while21:02
timburke_first up21:02
timburke_#topic tempurl sha1 deprecation21:03
timburke_so i realized we probably should have added client support before we went and removed sha1 from the server defaults21:03
timburke_and i proposed https://review.opendev.org/c/openstack/python-swiftclient/+/845157 to remedy that21:04
timburke_in general, i think clayg wasn't real happy with how https://review.opendev.org/c/openstack/swift/+/525771 shook out21:06
timburke_but it's not clear to me what lessons there are to be learned as we try to do something similar for formpost21:06
acolesclient support first would have helped i guess21:07
timburke_maybe we could also emit some stats about what algorithms are in use, so ops can feel confident that their users have transitioned?21:07
acolesyeah, I'm not sure - were we logging warnings if sha1 was still configured after deprecation?21:08
timburke_or that the feature isn't being used21:08
acolesbut logging stats about clients would be cool21:08
timburke_i think clay's issue was with the deprecation and the removal from defaults coming in one patch -- but i feel like our default configs shouldn't emit deprecation warnings as a matter of principle21:10
kotai see21:11
acolesI guess we could first introduce the facility to explicitly opt in for the legacy support, and warn if client uses legacy but its not explicitly configured, then in a later release flip to *requiring* explicit opt in. That would be a softer bump.21:11
timburke_would there be value in me writing that up for tempurl? we haven't had a tagged release since the deprecation/removal-from-defaults landed21:12
timburke_if we *do* do that, how long should we wait before requiring the explicit opt-in?21:13
acolesIDK, it feels like a lot of work in lieu of ops not reading upgrade impacts21:14
kota;/21:14
timburke_meanwhile, i'm pretty sure sha1 was a bad idea (or at least, not a great idea) even when swift was first released :-(21:15
acoleshmm21:15
timburke_it's an appeal to authority, but: https://www.schneier.com/essays/archives/2004/08/cryptanalysis_of_md5.html21:16
timburke_as of 2004, "It’s time for us all to migrate away from SHA-1."21:16
acolesbeing contrarian, we could just add the ability to opt *out* of sha1 (if we don't already have that) and leave it to ops to do the right thing???21:17
zaitcevI'm not militant about client first. I think it's sufficient if curl can be used.21:18
zaitcevThe shift in the defaults thanks to TripleO people being lazy is something that bothers me.21:18
timburke_right -- you'd brought that up in the review, too. i'm not clear on when we *would* feel safe removing it from defaults, though21:19
timburke_idk -- i'll hash it out with clay some more, too. it *does* make me glad that we broke up the formpost changes into a few different patches21:21
timburke_speaking of21:21
timburke_#topic formpost digest algos21:21
timburke_i think i'm happy with https://review.opendev.org/c/openstack/swift/+/838434 now21:22
timburke_the formats of signatures match tempurl, and i cleaned up the tests a little21:22
timburke_i think both mattoliver and i have touched it a lot -- anyone else have some review bandwidth for it?21:24
timburke_otherwise, maybe we'll just get the two of us on board and call it good enough ;-)21:25
acolessorry, I'm not going to be able to help with that for a while21:25
timburke_all right, we'll sort it out -- that first patch in particular is purely additive, so i'm not too worried21:27
timburke_#topic backend ratelimiting21:28
timburke_to my knowledge, we still haven't gotten to doing any load testing with it yet. i still want to see how it actually behaves before merging21:29
acoles+121:29
acolesI've been doing some thinking about how the proxy error limiting is going to react to the 529 responses and I still feel we should be cautious.21:30
timburke_and https://review.opendev.org/c/openstack/swift/+/839088 is the follow-up to have 529 not count for error-limiting21:31
acolesIt's all about the timescales - error limiting takes a node out for one minute which may be longer than needed after a burst of heavy load on a hotspot device21:31
acoleson the other hand, if the hotspot node is in a terrible state, one minute recovery time may be incidental21:32
acolessorry, on that note I need to drop, and I will miss the next couple of meetings (vacation)21:34
timburke_the assumption is that it'll be a more noticeable effect on smaller clusters, yeah? as the number of proxies grows, the chance that a client will get routed to a proxy that's currently error-limiting the hotspot should go down?21:34
acoles^^ yes21:34
timburke_all right -- have a good holiday, acoles!21:34
acoles:wave21:34
acoles👋21:34
kotaenjoy acoles21:34
acolesthank you21:35
timburke_maybe i'll get some load testing done in my saio or home lab while you're out :-D21:35
timburke_#topic s3api test suite21:35
timburke_nothing new to report here; i think it should be ready21:36
zaitcevcool21:37
timburke_since it's just adding more tests that already pass, i'm inclined to self-approve if i don't hear anything by, say, next week21:37
timburke_that's all i've got21:38
timburke_#topic open discussion21:38
timburke_anything else we should bring up this week?21:38
timburke_all right, i'm calling it21:40
zaitcevNext PTG is in person, I heard.21:40
timburke_thank you all for coming, and thank you for working on swift!21:40
timburke_oh, yes!21:40
kotaoh really21:40
timburke_in Columbus, OH21:40
timburke_#link https://openinfra.dev/ptg21:40
timburke_Oct 17-2021:41
timburke_all right, one more time :-)21:42
timburke_thank you all for coming, and thank you for working on swift!21:42
timburke_#endmeeting21:42
opendevmeetMeeting ended Wed Jun  8 21:42:13 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)21:42
opendevmeetMinutes:        https://meetings.opendev.org/meetings/swift/2022/swift.2022-06-08-21.00.html21:42
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/swift/2022/swift.2022-06-08-21.00.txt21:42
opendevmeetLog:            https://meetings.opendev.org/meetings/swift/2022/swift.2022-06-08-21.00.log.html21:42
opendevreviewTim Burke proposed openstack/swift master: ring: Introduce a v2 ring format  https://review.opendev.org/c/openstack/swift/+/83426123:25
« Tuesday, 2022-06-07 Index Thursday, 2022-06-09 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!