14:03:22 <markwash> #startmeeting glance 14:03:22 <openstack> Meeting started Thu Jul 3 14:03:22 2014 UTC and is due to finish in 60 minutes. The chair is markwash. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:03:23 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:03:26 <openstack> The meeting name has been set to 'glance' 14:03:28 <markwash> Hi everybody 14:03:43 <zhiyan> o/ 14:03:45 <markwash> onoes 14:03:53 <markwash> we appear agendaless 14:04:24 <markwash> lets cobble together a list of suggestions here in the first 5 minutes. I'll take notes on https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:04:32 <jokke_> Are we really doing that well? ;) 14:05:17 <ativelkov> I've got a couple of work-in-progress questions on artifacts, tryed to get in touch with zhiyan about them but it seems like we are out of sync of working hours 14:05:41 <jokke_> Can we do "Whack a bug Day"? 14:05:50 <zhiyan> ativelkov: yes (sorry for that) 14:06:15 <markwash> I've got a (public) security bug we should talk about 14:06:24 <zhiyan> ativelkov: probably we can book a time for it, if you ok 14:06:45 <ativelkov> let's start with the security then 14:06:50 <jokke_> +1 14:07:06 <markwash> https://bugs.launchpad.net/glance/+bug/1315321 14:07:07 <uvirtbot> Launchpad bug 1315321 in glance "image_size_cap not checked in v2" [Undecided,In progress] 14:08:18 <markwash> there is a patch up for review but its been self -1'd on the workflow 14:08:19 <markwash> https://review.openstack.org/#/c/91764/ 14:08:31 <markwash> I think I noticed that the patch puts the enforcement in the domain model 14:08:39 <markwash> well, in the *core* domain model 14:08:42 <markwash> which is sort of a no-no 14:08:56 <markwash> it should probably be in the authorization or policy layer 14:09:23 <markwash> anybody want to volunteer to help us regain momentum on this? 14:09:25 <nikhil__> yeah, that seems to check too late 14:10:14 * nikhil__ can help discuss, review push smaller changes to the MP 14:10:56 <markwash> is Thomas here today? 14:11:18 <markwash> jokke_: and possibly do you work with him? 14:11:18 <zhiyan> https://review.openstack.org/#/c/90726/ is for download, does it make sense to do it in authorization or policy layer as well? 14:11:22 <jokke_> markwash: I doubt ... I think he is touring UK with his band 14:11:27 <markwash> haha awesome 14:11:30 <ativelkov> As I am trying to learn how these layers work, I am interested in investigating. But, well, I am just getting familiar with codebase, probably I am not the best candidate for this task as it seems pretty urgent 14:12:15 <markwash> zhiyan: yes I think so 14:12:50 <markwash> the proxy layer is instantiated many times, so that check would be being many-times duplicated if there were several layers that didn't need to override the get_data method 14:12:52 <nikhil__> markwash: api common seems like a good place to keep this, no? and enforcement can happen at right layers? 14:13:12 <jokke_> I have quite a bit on my plate as well ... can't promise to be able to give the time needed to sort this out 14:13:51 <markwash> let's talk for a quick little bit about those domain model layers I guess 14:14:12 <markwash> so the idea is that if we put every cross cutting concern in every operation, we quickly arrive at an unmaintainable situation 14:14:21 <markwash> with functions that are 100+ lines long 14:14:38 <jokke_> agreed 14:14:39 <markwash> or even if they aren't, they are conceptually responsible for 100+ lines worth of functionality 14:14:50 <markwash> you can basically see this at play in the v1 api controllers 14:15:07 <markwash> each controller call is responsible for everything, doing the task, sending notifications, enforcing rules about the task, etc. 14:15:28 <markwash> so for v2 to manage this we instead have proxy layers that are responsible for each cross-cutting concern, broadly 14:15:36 <markwash> and they are built together like the layers of an onion 14:16:00 <markwash> the deepest layer is core domain model 14:16:15 <markwash> which is basically just a definition of what kinds of nouns exist and what they can do 14:16:26 <arnaud__> domain/init.py 14:16:30 <markwash> the layers around that take care of data persistence for us 14:16:54 <markwash> and then there are layers above that that do enforcement of policy, notifications, other authorization checks, etc 14:17:09 <ativelkov> so what is the best layer to enforce filesize checks? Thr outermost? 14:17:17 <jokke_> o/ 14:17:54 <markwash> ativelkov: we have two layers that are kind of overlapping concerns, maybe that is a problem we should fix or at least acknowledge 14:18:11 <markwash> but those two candidates are the authorization layer and the policy enforcement layer 14:18:21 <jokke_> Is there specific reason why we are not using more decorators to do this layering? Just trying to get my head around the code the layering makes it bit messy tbh. 14:18:23 <markwash> I think either of those are acceptable answers 14:18:29 <markwash> jokke_: yes, I'm glad you asked 14:18:49 <markwash> jokke_: so python decorators carry a fundamental limitation to them, which is that they are statically composed 14:19:13 <markwash> so its not really possible, or at least you have to bend way over backwards, to make dynamic decisions about what decorators to apply 14:19:29 <markwash> a good example of how ugly this can get is to look at the decorators used for locking in nova/compute/manager.py 14:19:40 <markwash> there are functions that are literally 14:19:50 <markwash> def foo(instance_id): 14:20:08 <markwash> @decorator_that_depends_on_instance_id(instance_id) 14:20:16 <markwash> def real_foo(instance_id): 14:20:21 <markwash> # do stuff 14:20:28 <markwash> return real_foo(instance_id) 14:20:36 <jokke_> ouch 14:20:52 <zhiyan> markwash: btw you as an experienced developer, may i know who design/dev domain stuff? you? i'm just a little interested in it, it's being there when i join team. 14:21:07 <markwash> yeah its mine so I take all the blame 14:21:09 <zhiyan> (maybe i need to check git) 14:21:21 <zhiyan> cool. thanks 14:21:26 <markwash> anything that is easy to understand about it, iccha did, haha :-) 14:21:39 <zhiyan> :) 14:21:47 <zhiyan> iccha~ 14:22:03 <markwash> so that's my justification for the layers approach 14:22:07 <markwash> take it as you will :-) 14:22:08 <nikhil__> undestanding is easy adapting is tough :P 14:22:15 <jokke_> markwash: I think that example you gave cannot be only a result of limitations of the decorators 'though ;) 14:22:50 <ativelkov> Where is the "onion-like" structure of proxies constructed? 14:22:51 <jokke_> markwash: but could you open up a bit why we should be able to do dynamical assignments for those? 14:23:15 <nikhil__> ativelkov: glance.gateway 14:23:28 <markwash> ativelkov: https://github.com/openstack/glance/blob/master/glance/gateway.py 14:23:33 <ativelkov> got it, thanks 14:24:15 <markwash> jokke_: it tends to come up, I'm not sure i have a generic answer 14:24:49 <jokke_> k 14:24:53 <zhiyan> markwash: iirc, you (and iccha) had a idea to update/change domain before, do you still like that? 14:25:07 <nikhil__> wat! 14:25:21 <markwash> zhiyan: yeah, in my opinion the domain core does not delegate responsibility correctly 14:25:55 <zhiyan> markwash: ok, so we just need to a little refactoring right? to fix core-doman 14:26:00 <markwash> so the whole issues of persistence are done a little incorrectly 14:26:05 <markwash> it is most painful with the glance.store layer 14:26:13 <zhiyan> indeed! 14:26:17 <markwash> well, I think there is another question here 14:26:24 <zhiyan> but we are moving it out :) 14:26:30 <markwash> which is basically--is this effort even sustainable 14:26:46 * nikhil__ agrees 14:26:46 <markwash> with the kind of development that our opensource community can offer 14:26:51 <markwash> and in python (without strong types) 14:27:05 <markwash> well, or 14:27:15 <markwash> which effort is least unsustainable 14:27:21 <markwash> haha 14:27:29 <zhiyan> hehe 14:27:42 <markwash> another option would be to consider the nova objects type approach 14:28:09 <markwash> jokke_: one area where this layering approach really could deliver wins for us, that it doesn't today, is with constructing db queries 14:28:29 <markwash> jokke_: for background, right now there is way way way too much business logic in the db driver 14:28:45 <markwash> basically all of authz visibility restriction decisions happen there 14:28:53 <jokke_> markwash: ok, yeah I kind of noticed when I was poking it for some reason 14:29:13 <markwash> since we have the image_repo object 14:29:30 <markwash> it would actually be possible to say "image_repo.get_image_repo_restricted_by_filter(filter)" 14:29:51 <markwash> so we could say "image_repo = image_repo.restrict_to_tenant(t)" 14:30:05 <markwash> and pass that image repo further up to users 14:30:25 <ativelkov> so this repo will have "fixed" filters which are applied to all other requests? 14:30:26 <markwash> so that the business logic for restriction lives only in the authz layer 14:30:34 <markwash> ativelkov: effectively yes 14:30:49 <jokke_> markwash: I think my biggest fear with this layered model everywhere approach is when we get the artifacts coming in. The v2 code is not the easiest to follow already now (specially if you want to take registry in the game) 14:31:08 <ativelkov> Thats why I am trying to learn it well now 14:31:25 <ativelkov> Don't want to blindly copy anything without deep understanding 14:32:06 <arnaud__> after some time you get used to it :) 14:32:11 <markwash> so there is a definite tradeoff in this approach on understandability vs. maintainability 14:32:35 <markwash> I personally found it way too easy to make bugs in the "big transaction script" model that is in nova and in glance v1 14:33:02 <markwash> where as in v2 images there is a big learning curve (bigger than necessary as well) 14:33:08 <markwash> oh! 14:33:08 <jokke_> markwash: yes, I agree that it is not maintainable approach either 14:33:12 <markwash> one other super important thing 14:33:16 <markwash> unit testing 14:33:30 <ativelkov> May be we just need some document which will describe all these layers nicely? 14:33:39 <markwash> I think it also probably needs restructuring 14:33:52 <markwash> since I wrote most of it I've learned how confusing my brain is for others :-) 14:34:23 <markwash> literally just laying out the files and modules in a more straightforward manner and including doc strings would be a huge help I think 14:34:35 <jokke_> +1 14:34:53 <nikhil__> think that the trick in the domain.proxy module. It's the most confusing and yet most powerful logic. 14:35:09 <zhiyan> nikhil__: +1 14:35:18 <markwash> for others, the idea behind domain.proxy is this 14:35:22 <nikhil__> if you get a good understanding of what that does, rest follows naturally 14:35:24 <markwash> we create a lot of layers 14:35:36 <markwash> each layer has something like 4 or more objects in it 14:35:41 <markwash> with 4-5 methods each 14:35:46 <markwash> so its a big surface 14:35:56 <markwash> any individual layer probably doesn't need to modify the whole surface 14:36:01 <markwash> so there are a lot of "noop" methods 14:36:08 <zhiyan> yes, he 14:36:27 <markwash> so the idea of the proxy is to make helpers so you don't have to bother even writing those noop methods in your layer 14:36:34 <markwash> if you inherit from the proxy 14:37:07 <markwash> e.g. https://github.com/openstack/glance/blob/master/glance/domain/proxy.py#L47 14:37:17 <markwash> if your layer just needs to modify how tasks are returned 14:37:31 <markwash> you can just inherit glance.proxy.TaskRepo 14:37:39 <markwash> and only reimplement the "get" method 14:37:45 <ativelkov> self.base is the underlying layer? 14:37:48 <markwash> silly example I guess 14:37:49 <markwash> yes 14:37:56 <ativelkov> got it 14:38:10 <markwash> oh I guess proxy helpers are kind of hard to understand as well 14:38:18 <markwash> gosh that's a bad name for that object 14:38:19 <markwash> haha 14:38:35 <markwash> the proxy helper can do some simple wrapping and unwrapping of objects for you 14:38:53 <markwash> So a wrapped image repo can easily return a wrapped image 14:39:04 <markwash> okay, so a document somewhere to help out with this stuff 14:39:07 <markwash> that sounds like a good action item 14:39:21 <arnaud__> +1 14:39:22 <markwash> is there any chance people can start an etherpad of "domain model WTFs" 14:39:23 <jokke_> +1 14:39:30 <markwash> :-) 14:39:44 <markwash> and I and others can try to use that to motivate the documentation best? 14:39:55 <nikhil__> markwash: a couple of glancers had that initialted a bit ago 14:39:57 <markwash> I think once the hardest-to-understand part is clear-ish, it starts to fall into place 14:40:11 <jokke_> markwash: this short explanation helped already a lot, but wouldn't really mind seeing doc explaining it somewhere 14:40:16 <nikhil__> (it's in januare mini-summit etherpad plan, guess) 14:40:26 <markwash> nikhil__: thanks! I'll look there 14:40:42 <markwash> okay, sorry i took so much of the time with my explanations though! 14:40:55 <markwash> #topic artifacts spec 14:41:11 <markwash> ativelkov: I'm sorry I have not checked back in since my review last friday 14:41:50 <ativelkov> I fixed a couple of things since that 14:42:14 <ativelkov> I have a question: do we need to completely design the json scheema for all the APIs? 14:42:26 <ativelkov> As it turns out to require too much time 14:43:21 <markwash> my initial reaction is, if its not essential I'd rather make it priority 2 14:43:41 <markwash> or are you talking about for the spec itself? 14:43:50 <ativelkov> yes, the spec 14:44:08 <ativelkov> AS it requires to include the schema for each call 14:44:24 <ativelkov> But I would prefer to already start implementation - we may update the spec as it goes 14:44:31 <markwash> arnaud__: any thoughts/concerns on rolling forward and letting the schemas show up in the code submissions? 14:44:39 <zhiyan> each call? seems it will needs more overhead on perf 14:44:41 <arnaud__> sounds good 14:45:18 <arnaud__> ativelkov, I think that's a good plan 14:45:25 <markwash> ativelkov: I think you get a pass on this one. . schemas now might not even be correct if they're written too far ahead of the implementation 14:46:08 <jokke_> or trying to follow them might complicate the code unnecessarily 14:46:15 <ativelkov> Good, Then I'll publish the API endpoints with description - and will proceed to the code 14:46:42 <markwash> jokke_: heh good point! 14:46:56 <markwash> ativelkov: regarding dynamic references 14:47:00 <jokke_> markwash: been there, seen that too many times 14:47:32 <markwash> ativelkov: I think that early on, the heat use case will need these a lot more than they need fixed references 14:47:49 <markwash> but we have a real mismatch in terms of priority and resources available in my opinion 14:47:58 <markwash> so my proposed solution is 14:48:05 <ativelkov> I was sure we've agreed that we do statics only 14:48:09 <ativelkov> On the summit, I mean 14:48:12 <markwash> what if we let dynamic references start out as a plugin-specific behavior 14:48:18 <markwash> ativelkov: we did, I agree 14:48:39 <markwash> I just got some feedback from randallburt that made me worry a bit 14:49:23 <ativelkov> I may think about how to make them plugin-specific 14:49:58 <ativelkov> speaking about resources - I may try asking Mirantis to allocate one more engineer for this task. 14:50:06 <markwash> ativelkov: okay, sure thing. . let me know what you think. . my goal is to figure out a way for it to happen while still acknowledging its out of scope for what you are working on 14:50:27 <nikhil__> markwash: for this meeting at some point - I've a quick question about glance tests and integration tests (completely forgot about it until now) 14:50:35 <markwash> #topic bug day 14:50:36 <nikhil__> (fyi) 14:51:09 <jokke_> Yeah ... I just checked, we have 256 open bugs which of 98 are still at state new 14:52:10 <markwash> my memory is bad, but it seems like we missed our post-summit bug day plan 14:52:16 <markwash> arnaud__: ^^ am I remembering correctly? 14:52:32 <arnaud__> :) 14:52:45 <jokke_> markwash: That's why I brought it up as I did not see any discussion about it since ;) 14:52:52 <arnaud__> unfortunately 14:52:57 <markwash> what is the timeframe that looks best for people? 14:52:59 <arnaud__> it's good that you bring it up again 14:53:13 <markwash> next week? right before summit? august? 14:53:35 <jokke_> I'm hoping I'm having bit calmer next couple of weeks 14:53:52 <markwash> here here 14:53:56 <nikhil__> august for us at rackpsace 14:54:03 <markwash> haha, though I think its supposed to be "hear hear" 14:54:16 <nikhil__> this month would be very busy :/ 14:54:21 <jokke_> I'm also hoping to be on holidays quite a bit of Aug :P 14:54:22 <arnaud__> let's start an ether pad with people preference 14:54:28 <markwash> +1 14:54:33 <markwash> please post link 14:54:35 <arnaud__> yep 14:54:50 <markwash> #topic performance v2 14:54:54 * markwash cringes 14:55:02 <arnaud__> #link https://etherpad.openstack.org/p/glance-bug-day 14:55:13 <jokke_> can we just make remark that it's really bad ;) 14:55:29 <markwash> yeah 14:55:37 <markwash> so there is supposed to be some stuff to help us profile it 14:55:39 <zhiyan> i will look it into glanceclient on my tomorrow 14:55:43 <markwash> coming from rally / osprofiler 14:56:35 <markwash> anyone have any ideas what is the problem? its bad enough that any "fix" will be evident, we don't need a special measurement framework 14:57:10 <markwash> no? 14:57:14 <markwash> le sigh 14:57:15 <nikhil__> haven't heard too many bad things about it yet 14:57:16 <jokke_> markwash: not yet ... I was hoping to be able to look into it next week forwards when I get my current urgent task of my hands 14:57:28 <markwash> jokke_: okay, check back in with us on that 14:57:34 <nikhil__> we need to let nova use v2 to truly understand the limitations 14:57:54 <markwash> oh but please let's fix the performance limitations before we ask nova to feel the pain 14:58:00 <jokke_> nikhil__: I give you one ... I have test system with some 30k images ... image-list on v1 took less than 2min v2 over 8 14:58:03 <nikhil__> :) 14:58:09 <markwash> at least the multi-second list queries :-) 14:58:28 <zhiyan> i listed my investigation result in the mail, i think the issue is in client side 14:58:30 <nikhil__> markwash: ohk, we can try to do some profiling for our public images service 14:58:37 <nikhil__> jokke_: ^ 14:58:40 <markwash> zhiyan: ah, okay great, thanks 14:58:53 <zhiyan> http://lists.openstack.org/pipermail/openstack/2014-July/008237.html 14:59:14 <nikhil__> yeah, that seems most likely the case as testing here at the rack did not reveal significate hit on perf 14:59:18 <markwash> so let's take it as an an item for next week to see if we've learned anything convincingly 14:59:26 <markwash> nikhil__: that is good news 14:59:45 <nikhil__> markwash: should we talk about the tempest question in glance channel? 14:59:53 <nikhil__> <10secs 15:00:06 <zhiyan> and separated sample config file generation, if you ok 15:00:19 <markwash> sure, let's move over, but I have to run very soon 15:00:28 <markwash> cd ../openstack-glance 15:00:30 <markwash> #endmeeting