#openstack-meeting-4 log

14:00:07 <nikhil_k> #startmeeting glance
14:00:08 <openstack> Meeting started Thu Aug 20 14:00:07 2015 UTC and is due to finish in 60 minutes.  The chair is nikhil_k. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:09 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:12 <openstack> The meeting name has been set to 'glance'
14:00:20 <nikhil_k> #topic agenda and roll call
14:00:31 <nikhil_k> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:02:56 <nikhil_k> it would be best to cancle this meeting if no one is around
14:03:16 <bunting> probably so
14:03:41 <bpoulos> o/
14:03:41 <sigmavirus24> o/
14:03:49 <mclaren> o/
14:03:51 <hemanthm> o/
14:03:54 <rosmaita> o/
14:03:59 <sigmavirus24> nikhil_k: just running a couple minutes late, sorry
14:04:07 <nikhil_k> sigmavirus24: np :)
14:04:45 <shalq> what's the first topic ?
14:05:40 <mfedosin> o/
14:05:49 <nikhil_k> I was waiting to see if anyone - ativelkov mfedosin or by anyone else, artifacts related updates can be provided
14:05:57 <harshs> o/
14:06:19 <mfedosin> we're fixing the bugs to adopt artifacts in Murano
14:06:54 <mfedosin> currently I'm implementing filtering by ranges
14:07:33 <mfedosin> Murano needs it to fetch versions like it's done in pip
14:07:57 <mfedosin> for example >=1.0.0, <=2.0.0
14:08:14 <nikhil_k> I think we still need to work out the API
14:08:37 <mfedosin> I think it's a question to Alex
14:08:51 <nikhil_k> yep and since there are no updates on
14:08:52 <nikhil_k> https://etherpad.openstack.org/p/glance-v3-api
14:08:56 <mfedosin> I will publish my proposals next week about API
14:09:22 <nikhil_k> it would be best to get some here or via email
14:09:28 <nikhil_k> that would be good, mfedosin
14:09:33 <mfedosin> independently from existing
14:09:38 <sigmavirus24> is the v3 API spec still in flux?
14:09:53 <sigmavirus24> (question to mfedosin who seems to know what ativelkov is thinking/doing)
14:09:54 <mfedosin> so we can discuss it next Monday
14:10:02 <nikhil_k> sigmavirus24: that's the to-be formal proposal
14:10:16 <nikhil_k> that == etherpad details
14:10:30 <mfedosin> his activity most in Murano
14:10:38 <sigmavirus24> nikhil_k: I mean the spec that was in review for glance-specs around the v3 API
14:10:48 <nikhil_k> ah
14:10:51 <sigmavirus24> The thing is that was still in flux
14:10:55 <sigmavirus24> Even though we've merged v3 API code
14:10:59 <sigmavirus24> And now we have a consumer for that API
14:11:09 <mfedosin> currently he's sitting behind me
14:11:10 <sigmavirus24> And that spec was supposed to change to reflect API wg objects
14:11:13 <sigmavirus24> *objections
14:11:26 <sigmavirus24> But now that will be much harder with murano (prematurely) adopting the API
14:11:34 <nikhil_k> sigmavirus24: right and the EXPERIMENTAL flag would change once those concerns are resolved
14:11:43 <sigmavirus24> nikhil_k: sure
14:11:48 <nikhil_k> and any consumers would need to adopt the same
14:11:52 <sigmavirus24> Just seems like the murano team will get angry at us no matter what happens
14:12:06 <nikhil_k> right, and that clause needs to be clear
14:12:08 <sigmavirus24> (considering they were angry at the summit that artifacts wasn't already merged)
14:12:47 <mfedosin> it's not about Murano team, but our management :)
14:12:53 <nikhil_k> so, question: will murano not be angry if ativelkov is willing to accept this change in the artifacts API?
14:13:03 <mfedosin> and Alex is here to make them not be angry at us
14:13:04 <nikhil_k> there's a bus factor
14:13:10 <sigmavirus24> okay
14:13:11 <nikhil_k> but best of what we have
14:13:23 <nikhil_k> cool
14:13:24 <sigmavirus24> I'm just making sure everyone knows the risks murano is taking right now
14:13:27 <mfedosin> he's a liason between Murano and Glance
14:13:31 <ativelkov> oops, sorry for being late guys. I am right in the middle of murano's voice meeting
14:13:38 <sigmavirus24> hah
14:13:42 <sigmavirus24> no worries ativelkov that's why we have mfedosin
14:13:43 <ativelkov> multitaking i hard for me
14:13:43 <nikhil_k> mfedosin: it would be nice to state that in the wiki
14:13:48 <sigmavirus24> you two do share a datalink between your brains right?
14:14:14 <ativelkov> so, murano is aware about experimental nature of our API
14:14:30 <nikhil_k> mfedosin: ativelkov : can anyone of you please update this etherpad with details about liaisons?
14:14:33 <nikhil_k> #link https://wiki.openstack.org/wiki/CrossProjectLiaisons#Inter-project_Liaisons
14:14:50 <ativelkov> they (actually, we) are ok with v3 API changing any time
14:15:00 <ativelkov> nikhil_k: I will
14:15:03 <nikhil_k> great
14:15:03 <mfedosin> nikhil_k, will be done
14:15:05 <nikhil_k> thanks ativelkov
14:15:11 <nikhil_k> :)
14:15:41 <nikhil_k> sigmavirus24: any more concerns before we move to reviews?
14:15:46 <sigmavirus24> Nope
14:15:48 <ativelkov> So, right now there are a number of bugs in the code which is already merged
14:16:05 <ativelkov> and we'd like them to be fixed before doing the major redesign of v3 API
14:16:15 <ativelkov> both mfedosin and me are working on that
14:16:20 <sigmavirus24> ativelkov: that makes sense, sounded like new features were being added too
14:16:28 <sigmavirus24> that's why I asked about the spec (I haven't had time to check on it yet)
14:16:47 <nikhil_k> ativelkov: so, I think the plan should be keeping v3 experimental for Liberty?
14:16:48 <ativelkov> I've asked the new mmber of our team (Kairat) to move that etherpad to specs
14:16:59 <ativelkov> nikhil_k: I think so, as FF is coming
14:17:00 <nikhil_k> that would be excellent
14:17:21 <nikhil_k> ativelkov: FF is per project
14:17:36 <nikhil_k> and doesn't apply to experimental and non-verlaping features
14:17:44 <ativelkov> ah, that's cool to hear
14:17:51 <mfedosin> I think we should discuss it more detailed on the summit before making api stable
14:18:18 <nikhil_k> cool, sounds like a good plan
14:19:01 <nikhil_k> #topic Reviews, Bugs and Releases
14:19:37 <nikhil_k> https://review.openstack.org/#/c/195820/
14:19:50 <nikhil_k> not sure if this was raised by flaper87 or wko ?
14:21:18 <mclaren> Not sure. It has three +2s
14:22:00 <mclaren> Is there anything in particular blocking it at this point does anyone know?
14:22:05 <nikhil_k> mclaren: I read you got a chance to test this personally
14:22:14 <mclaren> Nope.
14:22:20 <nikhil_k> ah
14:22:24 <mclaren> I can do though if that helps
14:22:38 <nikhil_k> guess I either need to trust eric or force myself to find time for it
14:23:02 <nikhil_k> whoever wants a backport can propose one but likely to not get approved, that's usually true for db migrations
14:23:19 <nikhil_k> mclaren: that would really help!
14:23:31 <mclaren> Ok, np
14:24:08 * mclaren wonders if bunting might do it
14:24:11 <sigmavirus24> wokuma probably added that to the agenda
14:24:42 <nikhil_k> cool
14:24:51 <nikhil_k> great to have awareness about an important patch
14:25:06 <nikhil_k> next one is image-member reuse
14:25:11 <nikhil_k> https://review.openstack.org/#/c/207042/
14:25:18 <nikhil_k> https://review.openstack.org/#/c/190895/
14:25:36 <bunting> I would be up for testing it
14:25:38 <nikhil_k> seems like we don't have any concerns raised on that even after an APIImpact
14:26:21 <mclaren> bunting: cheers :-)
14:26:24 <nikhil_k> I would just amend the spec to include it and merge it
14:26:34 <nikhil_k> bunting: awesome, ty!
14:27:06 <shalq> can core members help review the code in 190895 ?
14:27:26 <sigmavirus24> nikhil_k: I don't think there's been a lot of review for that spec
14:27:40 <sigmavirus24> so I wouldn't say that there haven't been any concerns raise
14:27:41 <sigmavirus24> *raised
14:27:47 <nikhil_k> sigmavirus24: we did a impromptu during one of the drivers' meeting
14:27:51 <sigmavirus24> Ah
14:28:30 <nikhil_k> and people then were okay, we were just giving some time for any last minute red flags. there were none!
14:29:09 <nikhil_k> I can put that up on my review list as I have reviewed it already a couple times and know the change
14:29:17 <nikhil_k> I like what abhishek is suggesting there
14:29:30 <nikhil_k> shalq: so, that minor change should cover it for your patch
14:29:59 <shalq> ok
14:30:03 <nikhil_k> next one is from bpoulos
14:30:04 <nikhil_k> https://review.openstack.org/#/c/183137/
14:30:10 <bpoulos> I would appreciate feedback on the code, especially on two aspects:
14:30:15 <bpoulos> 1. Does the location where the signature verification occurs make sense (ie, right after the checksum is computed)?
14:30:20 <bpoulos> 2. Does the handling of a failed signature verification make sense (ie, set status to killed and delete the image)?
14:30:26 <bpoulos> (I realize I have a few cleanup comments, and I will address them today)
14:31:39 <nikhil_k> bunting: about the delete, the general practice is to not set to deleted and leave it to the user
14:31:57 <nikhil_k> having it in the killed (mostly used for error state) would make more sense
14:32:09 <bpoulos> so just change the status to killed?
14:32:16 <rosmaita> i have a question about #2 ... i thought the glance-side verification was a user convenience, maybe if i upload an image and specify an incorrect signature, i'd prefer to just update the sig, rather than do the entire upload?
14:33:24 <bpoulos> just update the signature, and repeat the verification without doing another upload?
14:33:46 <rosmaita> bpoulos: possibly, though i don't see how you could trigger that
14:33:54 <bpoulos> yeah, that seems pretty round-about
14:33:57 <rosmaita> unless you add a 'validate image' task
14:34:21 <nikhil_k> :)
14:34:41 <bpoulos> in which case, we wouldn't want to set the status to killed when verification failed?
14:35:15 <rosmaita> not sure ... the verification status doesn't really affect the image
14:35:48 <rosmaita> maybe among the metadata you're adding, you add 'glance_verified: true
14:35:53 <rosmaita> or something like that
14:36:03 <bpoulos> as a property?
14:36:08 <rosmaita> yeah
14:36:28 <nikhil_k> that's suseptible to breakage though
14:36:29 <rosmaita> though it would be kind of meaningless except to the original uploader
14:36:30 <bpoulos> alright, so the user could easily decide whether or not to trigger verification?
14:36:56 <bpoulos> i think if the user doesn't want to trigger verification, they can easily provide the properties after the upload completes
14:36:58 <nikhil_k> we need define global prot properties for arbitrary meta for image-signing verification
14:37:21 <bpoulos> nikhil_k: where does that definition go?
14:37:28 <rosmaita> hmmm .... maybe for first implementation, we should just delete the image and decide what makes sense for M
14:37:50 <nikhil_k> bpoulos: and how do we prot the +w mode on that prop after correct validation?
14:37:57 <nikhil_k> yeah
14:38:03 <nikhil_k> wait, why delete
14:38:11 <bpoulos> delete, or just set to killed?
14:38:18 <nikhil_k> it would disappear under the user's node without notice
14:38:24 <nikhil_k> nose*
14:38:53 <rosmaita> so, killed and let the user delete (or re-upload if that bp is impelmented)
14:39:07 <nikhil_k> yeah
14:39:21 <rosmaita> i think we also need to be clear about the status of the metadata on the image
14:39:31 <nikhil_k> not sure what's the best way to convey to the user _why_ the upload failed
14:39:32 <rosmaita> the consumer has to use it to verify everything for themselves
14:39:43 <nikhil_k> right
14:39:58 <nikhil_k> mutating the meta on first write might be a good option
14:40:06 <nikhil_k> but we don't have that granularity
14:40:16 <bpoulos> do we need to protect the properties?
14:40:29 <nikhil_k> bpoulos: if you want to use them for verification
14:40:33 <nikhil_k> yes
14:40:53 <bpoulos> protect as in prevent changing or protect as in define exactly what they are?
14:41:14 <rosmaita> nikhil_k: what would be the implications of allowing a change?
14:41:47 <rosmaita> i'm thinking if it's image-consumer-beware, maybe it doesn't matter?
14:42:04 <nikhil_k> rosmaita: hmm, I think for a shared image. it could be rendered useless by someone who did not intend to mutate the prop
14:42:13 <bpoulos> I think one attack scenario we're considering is that an attacker could delete or modify them -- even if we prevent normal routes of doing so -- but the fact that we have an external CA that limits the valid certificates helps us
14:42:24 <bpoulos> yeah, it could be removed unintentioanlly
14:42:38 <nikhil_k> rosmaita: just loopholes for confusion on the usage, that's all
14:42:38 <bpoulos> and if the client requires the properties, then the client won't be able to boot it
14:43:00 <rosmaita> nikhil_k: agreed
14:43:05 <bpoulos> so the user has to provide them before the upload, or not at all?
14:43:19 <bpoulos> ie, they can't add them after the fact?
14:43:29 <bpoulos> (so that glance doesn't verify, but a client still could)
14:43:36 <rosmaita> it's sounding to me more and more like a task is better suited for this
14:43:40 <nikhil_k> bpoulos: we have somethign already like those and they are called base properties :)
14:43:56 <bpoulos> would we want to make these base properties though?
14:44:00 <nikhil_k> rosmaita: or a migration that adds another base prop
14:44:21 <nikhil_k> bpoulos: the issue is the arbitrary size, right
14:44:35 <nikhil_k> so, (I take the comment back) probably no
14:44:41 <bpoulos> ideally, we'd like to not even be limited to 255
14:44:48 <nikhil_k> yep
14:44:53 <rosmaita> yeah, so cant' predict in advance
14:44:59 <bpoulos> 1024 or 2048 would be even better for signature sizes
14:45:12 <jokke_> ++
14:46:40 <nikhil_k> I think we need to give some time to other reviews posted
14:46:50 <bpoulos> ok :) thanks for discussing image signing for a bit
14:47:04 <nikhil_k> how about we chat on this topic, if needed, after the meeting on -glance
14:47:06 <mclaren> do we have similar behaviour with checksums? where a user can supply the checksum in advance?
14:47:18 <bpoulos> sure, we can continue on -glance
14:47:23 <nikhil_k> it's a base prop though
14:47:56 <mclaren> ok, how bad would adding a new base prop be?
14:48:14 <nikhil_k> I think she wants many such
14:48:23 <nikhil_k> and size of those can be relatively large
14:48:26 <mclaren> ah, ok
14:48:58 <bpoulos> i have four that i'd like to add
14:49:13 <bpoulos> but we can move on to other reviews
14:49:35 <nikhil_k> cool
14:49:38 <nikhil_k> mclaren: next one is yours?
14:49:39 <nikhil_k> https://review.openstack.org/#/c/211086/
14:49:53 <mclaren> oh, not a big deal just a client patch
14:50:11 <nikhil_k> we've had this behavior for along time!
14:50:27 <nikhil_k> but I guess it makes sense to not enforce it during listing
14:51:56 <mfedosin> I agree to +2 it
14:51:58 <rosmaita> or at all ... what's the rationale behind confirming that the info supplied by glance meets the schema?
14:52:32 <mclaren> rosmaita: interesting question. Arguably it's more useful when you're putting stuff in rather than reading it back
14:52:36 <jokke_> rosmaita: point ... who we trust if not our own server ;)
14:52:37 <rosmaita> i mean, unless there's a bug in glance, glance knows what the schema is, and supplies data accordingly
14:53:10 <rosmaita> mclaren: +1 for upload, client should validate, but for download seems pointless
14:53:29 <rosmaita> i mean, what are you going to do? take your business elsewhere?
14:53:30 <nikhil_k> rosmaita: this was introduced when strict enforcement on GET was a thing
14:53:33 <mclaren> well let's agree on list first :-)
14:53:41 <rosmaita> good point
14:54:54 <rosmaita> from the patch, you can see that we already agreed not to validate all the returned images in a list
14:55:07 <rosmaita> so let's just take that to an extreme and not validate any
14:55:35 <jokke_> rosmaita: yeah that validation was killing the v2 performance
14:55:35 <rosmaita> or we could just validate a random one, and drive users crazy
14:55:58 <mfedosin> I think we can add --validate flag to image-list maybe to validate them all
14:56:04 <jokke_> rosmaita: and leave that bug still open, what this change would fix?
14:56:07 <mfedosin> if it's necessary
14:56:13 <nikhil_k> I can think of a reason for validating this during listing but it's not strong enough to break the response. Glance client does on the behalf of the user if the images registered match with the prop articulation as defined by operator needs
14:56:41 <mclaren> mfedosin: an operator may be interested in that I guess
14:56:44 <rosmaita> mfedosin: that's a good compromise
14:56:52 <nikhil_k> yep
14:56:57 <jokke_> mfedosin: wanna propose spec for that? :P
14:57:04 <nikhil_k> but it can be confusing flag
14:57:14 <jokke_> I don't think it should be blocking this going in
14:57:14 <mfedosin> no, it's enough specs for me :)
14:57:19 <nikhil_k> as it overlaps with bpoulos terminology for validation
14:57:25 <rosmaita> i think as long as v1 is around, the glanceclient has to be liberal in what it accepts
14:57:28 <mfedosin> but I can ask Darja to implement it
14:57:40 <nikhil_k> ok, we have a couple mins for that late addition
14:57:57 <nikhil_k> mfedosin: yours?
14:57:58 <nikhil_k> https://review.openstack.org/#/c/200554/
14:58:06 <mfedosin> yep it's mine
14:58:18 <mfedosin> There is a Flavio's concern about adding new config parameter in Glance.
14:58:28 <mfedosin> But for example cinder has it.
14:58:36 <mfedosin> https://github.com/openstack/cinder/blob/master/cinder/volume/drivers/rbd.py#L82
14:58:46 <mfedosin> So I want to hear your opinion - should I abandon it or it's okay?
14:59:19 <mfedosin> Since we have plans to create oslo.rbd project, all these config params will be there and Glance will use them anyway.
14:59:38 <jokke_> I do agree with flaper87's point that it does not make sense to dublicate that. and which one would take preference if you have different values?
14:59:52 <nikhil_k> mfedosin: that sounds better
15:00:05 <nikhil_k> We are out of time.
15:00:10 <nikhil_k> Thanks all!
15:00:15 <mclaren> thanks!
15:00:16 <jokke_> thnx
15:00:16 <mfedosin> okay, thanks :)
15:00:20 <nikhil_k> #endmeeting