13:59:48 <flaper87> #startmeeting Glance 13:59:48 <openstack> Meeting started Thu Nov 12 13:59:48 2015 UTC and is due to finish in 60 minutes. The chair is flaper87. Information about MeetBot at http://wiki.debian.org/MeetBot. 13:59:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 13:59:51 <openstack> The meeting name has been set to 'glance' 13:59:55 <kairat> o/ 13:59:57 <abhishekk> o/ 14:00:09 <flaper87> #topic Roll Call 14:00:10 <dshakhray> o/ 14:00:23 <flaper87> so, who's around ? 14:00:25 <flaper87> :D 14:00:27 <flaper87> pppppplllll 14:00:30 <flaper87> :D 14:00:34 * flaper87 has a terrible connection today 14:00:35 <gb21> o/ 14:00:38 <flaper87> #topic Agenda 14:00:43 <flaper87> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:00:48 <bpoulos> o/ 14:00:54 <flaper87> That's our agenda for today 14:01:17 <mfedosin> o/ 14:01:35 <flaper87> not much to say today more than updates 14:01:43 <flaper87> #topic Updates from summit http://lists.openstack.org/pipermail/openstack-dev/2015-November/078235.html (flaper87) 14:02:04 <flaper87> So, that's the email with the summary from the summit 14:02:15 <flaper87> Hope you all read it and you all love it 14:02:18 <flaper87> :P 14:02:24 <flaper87> jokes apart, are there questions from that email? 14:02:40 <nikhil_k> o/ 14:02:44 <flaper87> I'd like to take some time to answer questions and doubts from the summit 14:02:46 <flaper87> nikhil_k: yoooooooooooooooooo 14:02:54 <flaper87> Even for people that attended 14:03:16 <flaper87> During summits we discuss many things but nothing is written on stone 14:03:21 <mfedosin> flaper87: it was briefly and clearly :) 14:03:40 <flaper87> I'd like that to be clear to everyone and make sure ppl know that feedback is always welcome 14:03:45 <kairat> flaper87, I need to clarify one question :) 14:03:54 <kairat> it is related to priorities 14:03:57 <flaper87> kairat: shoot 14:04:05 <flaper87> I've priorities in the topics for today too 14:04:10 <kairat> Ok 14:04:20 <kairat> let's talk about it later) 14:04:21 <flaper87> :D 14:04:41 <flaper87> ok, any other questions I can delay answers for ? 14:04:45 <flaper87> :D 14:05:07 <flaper87> I'll take that as a no 14:05:18 <flaper87> #topic Priorities for Mitaka http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html (flaper87) 14:05:24 <flaper87> kairat: gimme 1s 14:05:37 <kairat> flaper87, ok 14:05:59 <flaper87> That's the list of priorities. That's what we should focus our review strengths on. However, that doesn't mean we won't review other patches 14:06:28 <flaper87> The priorities list helps reviews to know what to focus on when in doubt and to communicate to the community what the team wants to achieve during the cycle 14:06:34 <Jokke_> o/ 14:06:40 <flaper87> there are things that have a clear plan forward (or focus) 14:07:00 <flaper87> and there are others that will still happen (hopefully) but are less "critical" 14:07:22 <flaper87> Hope that it's clear that the priorities list *doesn't* mean other things won't be reviewed 14:07:30 <flaper87> that's it from me 14:07:36 <flaper87> kairat: shoot 14:07:52 <nikhil_k> sounds good. so, this is a immutable list, correct? 14:08:03 <kairat> So I got this: https://review.openstack.org/#/c/233687/ 14:08:16 <flaper87> nikhil_k: yup 14:08:20 <kairat> and i was interesting if priorities is like restrictions 14:08:24 * nikhil_k has a small KB so typing very slow 14:08:32 <kairat> or like things that we should be focused on 14:09:07 <flaper87> kairat: to some extent it also works as a way to know what we would like to have in the cycle or not 14:09:28 <flaper87> if there are 10 specs impacting the API, we might need to choose which ones we'll let in 14:09:31 <kairat> I understand the reasoning but it is a correct to have -2 on all bp that is not included in priorities 14:09:50 <Jokke_> kairat: looking that change ... I don't think it was priority reason it got -2'd 14:09:51 * nikhil_k still absorbing new process & waiting for things to fan out before giving feedback (about feedback req before) 14:10:02 <flaper87> kairat: no, in fact, there are other specs there that don't have -2's 14:10:08 <mfedosin> kairat: I think that -2 is not related to priorities 14:10:18 <flaper87> and yeah, that 14:10:22 <flaper87> what mfedosin and Jokke_ said 14:10:36 <mfedosin> we just postponed your feature to N 14:11:00 <mfedosin> because there are a lot of changes in Mitaka 14:11:15 * flaper87 is scared about the import process work 14:11:25 <flaper87> that's gonna be huge and it'll require lots of time 14:11:34 <mclaren> he's not alone 14:11:35 <kairat> Ok, so no features except priorities? 14:12:02 <kairat> and bugs of course 14:12:12 <flaper87> kairat: no, that's not what we are saying 14:12:17 <flaper87> please, take a look at the list of specs 14:12:19 <nikhil_k> kairat: let's work on case by case basis, I think the break would be mostly on api changes 14:12:23 <flaper87> there *are* new features there 14:12:32 <flaper87> we simply can't afford them all 14:12:37 <flaper87> nikhil_k: ++ 14:13:12 <kairat> flaper87, ok, is it mentioned in your spec? 14:13:15 * flaper87 has 10s lag 14:13:25 <flaper87> kairat: it is, AFAIK 14:13:44 <kairat> flaper87, ok, need to review it again, thanks 14:14:08 <flaper87> There's also a reason why we call it priorities list and not "exclusive list of things we'll accept" 14:14:20 <flaper87> The process is new and these questions are awesome 14:14:25 <nikhil_k> kairat: you potentially have 30 mins to move fwd for your spec at drivers' mtg 14:14:29 <Jokke_> kairat: the point is that due to the fact that we're doing major rework around our core functionalities, we do not want to have multiple things parallel poking those, so if we break something we have decent idea what actually broke it 14:14:35 <nikhil_k> dedicated mins 14:14:36 <flaper87> lets clarify them so we have a clearer process 14:15:04 <flaper87> kairat: if it's not clear enough on the priorities spec, let me know and I'll happily amend it 14:15:12 * nikhil_k still doesn't know the spec :P 14:15:20 <kairat> Thanks guys=) 14:15:42 <flaper87> nikhil_k: http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html 14:15:46 <flaper87> #link http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html 14:15:57 <flaper87> ok, moving on (unless there are other questions) 14:16:06 <nikhil_k> flaper87: thanks. I was curious about kairat's one. 14:16:27 <flaper87> nikhil_k: ah, sorry. misunderstood 14:16:32 * flaper87 (facepalm) 14:16:38 <flaper87> #topic Glance v2 additional filtering https://blueprints.launchpad.net/glance/+spec/v2-additional-filtering https://review.openstack.org/#/c/197388/ (slow progress) <- required for Nova v2 adoption (mfedosin) 14:16:45 <flaper87> that's a long topic name 14:16:47 <kairat> nikhil_k, https://review.openstack.org/#/c/233687/ 14:16:50 <flaper87> :D 14:16:50 <mfedosin> oh yes 14:16:52 <flaper87> mfedosin: floor is yours 14:16:52 <abhishekk> https://review.openstack.org/#/c/233687/ 14:16:58 <abhishekk> nikhil_k: ^ 14:17:00 <mfedosin> I tried to explain the issue 14:17:31 <mfedosin> so, yeah - we have this spec merged in Liberty 14:17:49 <mfedosin> but the progress is slow :( 14:18:11 <flaper87> mfedosin: FWIW, I have re-propossed it for Mitaka 14:18:16 <mfedosin> and we really need this feature to port Nova to v2 14:18:17 <flaper87> but we need commitment from someone 14:18:34 * flaper87 can't find the link 14:18:47 <flaper87> #link https://review.openstack.org/#/c/230971/ 14:18:51 <flaper87> that one 14:19:02 <flaper87> What exactly do you need? 14:19:05 <mfedosin> so I'm okay to take it on and start writing the code 14:19:17 <flaper87> mind expanding a bit so we're all on the same page 14:19:17 <mfedosin> I need this feature asap 14:19:38 <mfedosin> because it blocks v2 image-list for Nova 14:19:43 <Jokke_> mfedosin: is that the piece we discussed with Jay in the Tokyo? 14:19:52 <mfedosin> Jokke_: yes 14:20:19 <mfedosin> not exactly - I wanted to implement it in the client 14:20:23 <mfedosin> but having it on the server side is perfect 14:20:35 <nikhil_k> thanks kairat, abhishekk, mfedosin 14:20:41 <Jokke_> well if we get it working ;P 14:20:42 <flaper87> mfedosin: I don't think ppl here know exactly what you need 14:20:48 <mclaren> Is anything in particular blocking this? Or is it just reviews? 14:20:50 <flaper87> I do :P 14:20:57 <flaper87> but please, explain to others 14:21:08 <flaper87> mclaren: I think we need to get the spec in again and the code up 14:21:10 <flaper87> :D 14:21:25 <mclaren> ok, so paperwork... 14:21:34 <flaper87> mclaren: right :D 14:21:50 <nikhil_k> wait, this is changes-since correct? 14:21:53 <kairat> mclaren, it doesn;t pass tests 14:22:03 <mfedosin> I wish Steve to be here to talk about it 14:22:07 <Jokke_> nikhil_k: yes 14:22:08 <kairat> and progress on this feature is quite slow 14:22:21 <mfedosin> nikhil_k: yes, it's kindof changed since 14:22:21 <flaper87> nikhil_k: yup 14:22:21 <mclaren> Ok, so Steve is blocking us :-) 14:22:22 <flaper87> sorta 14:22:41 <nikhil_k> I see, thanks all. 14:22:41 <Jokke_> so we need some way to filter our output to simulate changed-since so we can keep nova API unbroken 14:22:52 <flaper87> I'll ping Steve and get his feedback and ask him if he's fine with us taking this over 14:22:55 <mfedosin> so, if he doesn't mind we can implement it 14:23:09 <mfedosin> me and kairat 14:23:17 * flaper87 is not sure if his messages are reaching destination 14:23:36 <mfedosin> flaper87: please do :) 14:23:44 <flaper87> :D 14:23:47 <mfedosin> I can ping him as well 14:23:51 <flaper87> ok ok 14:23:55 <flaper87> Lets get this going 14:24:01 <mclaren> hey I'll ping him too! 14:24:03 <flaper87> mfedosin: then don't wait for me 14:24:05 <kairat> heh 14:24:10 <flaper87> mfedosin: when you do, please, update the spec 14:24:13 <flaper87> :) 14:24:17 <mfedosin> let's ping him all :D 14:24:30 <flaper87> it needs a nick of the person who's going to work on this 14:24:44 <mfedosin> flaper87: yep, I will update it 14:24:49 <nikhil_k> just send am email 14:24:54 <flaper87> after that, we can merge that spec. I'll re-read it to make sure it doesn't have weird impacts on the rest of the work 14:24:57 <nikhil_k> a* 14:25:05 <flaper87> email + ping + sms + telegram 14:25:08 <flaper87> done 14:25:12 <flaper87> :D 14:25:16 <nikhil_k> forgot pager 14:25:18 <nikhil_k> :P 14:25:21 <flaper87> damnit 14:25:24 <flaper87> :( 14:25:25 <flaper87> :D 14:25:29 <flaper87> mfedosin: anything else ? 14:25:42 <mfedosin> nope sir 14:25:52 <flaper87> sweet, thanks for working on that 14:25:55 <flaper87> #topic Glance upgrades (flaper87) 14:26:04 <Jokke_> flaper87: did you send a fax to the office? 14:26:34 <flaper87> I don't really have much to say here and it's perhaps an open question. How do we feel about the upgrade process in Glance? What are we missing? 14:27:02 <nikhil_k> which upgrades? API, DB, other (service) imports? 14:27:02 <mclaren> Documentation? 14:27:14 <flaper87> I think we haven't revisited this topic in a bit and, while we have migrations in place, I think it'd be great to check if there's something we need to do to improve it 14:27:25 <flaper87> Everything Juno -> Kilo -> Liberty -> Mitaka 14:27:34 <flaper87> It's a wide open question 14:27:48 <nikhil_k> yeah, good question 14:27:56 <nikhil_k> has anyone tried it ? 14:28:12 <flaper87> There's a lot of work on communicating what the services' upgrade story is 14:28:25 <flaper87> Whether they support upgrades AND whether they support rolling upgrades 14:28:43 <mclaren> nikhil_k: Not since a few releases ago unfortunately... 14:28:53 <flaper87> I've been meaning to take some time to test the above but I wanted to ask if ppl have given that a try 14:29:06 <nikhil_k> thanks mclaren 14:29:07 <flaper87> ok, I guess we need to clear that story a bit 14:29:23 * flaper87 wonders if rosmaita has done upgrades 14:29:30 <nikhil_k> I will put this in my TODO list for the first few items when fully back. 14:29:35 <nikhil_k> I doubt it 14:29:42 <flaper87> I'll start an etherpad to collect thoughts and issues about this 14:29:51 <flaper87> nikhil_k: ah, nice 14:29:52 <flaper87> thanks 14:29:55 <nikhil_k> flaper87: do you have time for explaining rolling upgrade expectations? 14:29:58 * flaper87 removes that from his todo list 14:29:58 <flaper87> :P 14:30:10 <flaper87> Sure 14:30:42 <flaper87> tl;dr: The expectation is that you can upgrade 1 glance-api node at a time to avoid having down times 14:30:46 <abhishekk> i have tried nova's online schema migration from juno >> kilo 14:30:58 <abhishekk> but they have reverted it now 14:31:13 <flaper87> sometimes that's complicated when there are schema migrations, hence versionobjects 14:31:33 <Jokke_> flaper87: I don't think the API side is our problem 14:31:47 <nikhil_k> gotcha, I am recollecting a bit on vo now. 14:31:59 <Jokke_> flaper87: problem is when we do the DB migration and need to roll the registries 14:32:04 <flaper87> If we have a problem in the db side, I believe it'll affect the API as well 14:32:09 <flaper87> :) 14:32:20 <nikhil_k> flaper87: I thought the same 14:32:44 * nikhil_k is unsure if we added virtual size in juno or not 14:33:13 <flaper87> if we have an old glance-api node running and we migrate the db under-the-hood, the glance-api node could break 14:33:15 <flaper87> and that will cause a downtime 14:33:15 <flaper87> nikhil_k: thanks for taking this 14:33:28 <flaper87> nikhil_k: I think it was Icehouse 14:33:31 <Jokke_> flaper87: our API <--> Registry communications have been really stable ... we really haven't introduced too huge expectations from the DB (on old functionality) 14:33:53 <flaper87> the same applies to the registry node 14:33:57 <flaper87> you need to upgrade those 14:34:07 <flaper87> and there are environments running without the registry service 14:34:13 <flaper87> pure glance-api envs 14:34:20 <Jokke_> flaper87: what I mean is, we most of the time survive just well if we upgrade API nodes and don't expect new features to work before reg/db has been upgraded 14:34:34 <nikhil_k> Also, can do do guarantees on sub-set of the API. say only CRUD on image+properties? 14:35:02 <flaper87> Jokke_: I believe that's not a good expectation and surviving that is pure luck 14:35:05 <flaper87> :D 14:35:07 <nikhil_k> We had a few API changes to metadef APIs but that's admin only and not sure of the operator expectations on those 14:35:09 <Jokke_> but as you said other way around is the pain and we need to roll our registries at the point we run db migrations 14:35:18 <mclaren> we need to document what order to upgrade things in (if we haven't done so) 14:35:30 <flaper87> mclaren: that was part of my question :D 14:35:50 <nikhil_k> huh 14:35:53 <flaper87> I don't think we've ever talked about this explicitly and we've just been happy with db migrations 14:36:07 <flaper87> which are great but not enough to make transitions smooth 14:36:19 <nikhil_k> it's interesting that a IT would want to upgrade API before DB 14:36:24 <nikhil_k> IT team 14:36:36 <flaper87> ok, it seems we need clarify our story here and, as mclaren said, document it 14:36:42 <flaper87> nikhil_k: indeed 14:36:58 <flaper87> nikhil_k: looking forward to your findings 14:37:03 <mclaren> my 2 cents is that things will probably mostly work ok, but if we really start looking we could find potential issues. Eg I think the way the v2 registry error handling is done assumes the same code is on the API and registry nodes 14:37:22 <flaper87> mclaren: ++ 14:37:45 <nikhil_k> especially given the possibility of DB sync going corrupt w/ restarts, extraneously long DB upgrades etc. 14:37:55 <flaper87> I think it's time for us to look for those issues and improve our story there. It'd be great to at least identify them and work on a long term plan to fix them 14:37:56 <Jokke_> and it will get trickier when you are running API only implementation 14:38:19 <mclaren> sounds like a mission for the next release :-) 14:38:31 <Jokke_> ++ 14:38:36 <flaper87> not saying this has to be all fixed in Mitaka - I mean, that'd be awesome - but definitely something for N 14:38:39 <flaper87> mclaren: out of my MIND! 14:38:40 <flaper87> >.> 14:38:48 <nikhil_k> oh, there was a question on the upgrades for libraries breaking stuff 14:39:06 <flaper87> Identifying the issues now will help us build a plan for N and O 14:39:16 <nikhil_k> ++ 14:39:20 <flaper87> ok 14:39:28 <flaper87> moving on, unless there are more questions 14:39:33 <mfedosin> NO plans :) 14:39:41 <nikhil_k> but I will take this item for mitaka 14:39:47 <nikhil_k> if ok 14:40:16 <Jokke_> nikhil_k: absolutely not, you must not try to upgrade ;) 14:40:18 * nikhil_k ties with co-qa liaison responsibilities 14:40:19 <flaper87> I'd like to have time for the reviews list 14:40:19 <flaper87> nikhil_k: we can discuss this further on -glance when you're back 14:40:19 <flaper87> :D 14:40:20 <flaper87> #topic Bug / Review Triage Day (flaper87) 14:40:42 <flaper87> real quick: I'm thinking of organizing a Bug/Review triage/squash day. I know some folks are still out or not fully back on brain power 14:40:42 <flaper87> nikhil_k: +1 14:40:56 <flaper87> so, I'm not going to propose it for this week, or next week. 14:41:02 <flaper87> What about the week after next week ? 14:41:08 <kairat> big + 1 on this 14:41:11 <mclaren> sure thing 14:41:23 <mfedosin> I'm in 14:41:24 <flaper87> We're getting closer to M-1 and I'd like to have 1 of these days on every milestone 14:41:26 <nikhil_k> works for me, thanks! 14:41:32 <flaper87> AWESOME! 14:41:34 <kairat> It would be useful for other to help glance fixin g the updated bugs 14:41:48 <flaper87> sweet 14:41:52 * flaper87 dances 14:42:00 <Jokke_> flaper87: So Mon 23rd it is? 14:42:03 <flaper87> I'll send an email out with a proposed day 14:42:05 <bpoulos> in the US, we have Thanksgiving week then 14:42:14 <flaper87> Jokke_: yeah, that week 14:42:21 <flaper87> bpoulos: oh uh, you US ppl 14:42:22 <nikhil_k> ohai bpoulos, you're lurking :) 14:42:23 <Jokke_> flaper87: not that week, Monday 14:42:24 <flaper87> >.> 14:42:32 <flaper87> bpoulos: do ppl take the whole week of ? 14:42:38 <Jokke_> exactly for the reason bpoulos brought up :P 14:42:41 <nikhil_k> can't believe he missed thanksgiving week 14:42:47 <bpoulos> everyone takes Thursday and Friday off, but some people take off the whole week 14:42:57 <bpoulos> it depends on how far away they live from family usually 14:42:59 <flaper87> well, Mon 23rd works me 14:43:11 <flaper87> I'll send 2 dates, one for next week and one for the week after next week 14:43:18 <flaper87> we can vote on the m-l 14:43:21 <Jokke_> ++ 14:43:24 <flaper87> bpoulos: thanks for brining that up 14:43:27 <flaper87> bringing, even 14:43:32 <bpoulos> flaper87: np 14:43:37 <flaper87> ok, moving on 14:43:44 <flaper87> #topic Reviews / Bugs 14:43:50 <flaper87> glance_store broken ceph gate -> https://review.openstack.org/#/c/243706/ 14:43:54 <flaper87> not sure who put that there 14:44:05 <flaper87> (or any of those) 14:44:06 <mfedosin> I did 14:44:08 <flaper87> mfedosin: was that you? 14:44:20 <mfedosin> yes 14:44:33 <Jokke_> mfedosin: so is glance_store breaking ceph or other way around? 14:44:41 <flaper87> anything specific you want to say? or just raise awareness ? 14:44:43 <mfedosin> we have it broken and we can't merge commits to glance_store 14:45:00 <flaper87> btw, I'll do a triage on the reviews today/tomorrow to refresh the dashboard 14:45:01 <mfedosin> just raise awareness 14:45:02 <nikhil_k> why don't we keep these optional 14:45:02 <flaper87> :D 14:45:19 <mfedosin> because I have no idea how to fix it 14:45:20 <nikhil_k> (Sorry that was a actual question) 14:45:25 <kairat> nikhil_k, there is a lot of installations with ceph+glance 14:45:26 <Jokke_> mfedosin: ok, and have you checked is it only master or are all branches same way broken? 14:45:30 <kairat> AFAIK 14:45:34 <mfedosin> and it blocks our trust work for swift driver 14:45:41 <nikhil_k> yeah, but not all drivers should have to wait on the gate 14:45:43 <flaper87> Multitenant swift driver doesn't work? https://bugs.launchpad.net/swift/+bug/1511025 14:45:43 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New] 14:45:43 <mclaren> is there a bug in for the broken gate? 14:45:49 <flaper87> nikhil_k: ++ 14:45:59 <flaper87> we need to fix our functional tests for glance_store 14:46:10 <flaper87> kragniz: was working on that but he doesn't like us anymore (joke) 14:46:12 <nikhil_k> I think the core reviewers would be wise enough to notice the failure and stop the ceph patches in this case 14:46:18 <mfedosin> functional test are ok 14:46:42 <mfedosin> tempest is broken :) 14:46:49 <flaper87> Multitenant swift driver doesn't work? https://bugs.launchpad.net/swift/+bug/1511025 14:46:49 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New] 14:46:52 <flaper87> ops 14:47:06 <flaper87> Trusts for Glance are ready btw :) welcome to review https://review.openstack.org/#/c/229878/ 14:47:06 <flaper87> that's the work for trusts 14:47:09 <mfedosin> and yeah - we can't make multitenant driver work 14:47:12 <flaper87> (please, note the spec hasn't landed) 14:47:29 <flaper87> feel free to review but abstain from approving until the spec lands 14:47:42 <mfedosin> and it seems like bunting can't neither 14:47:49 <nikhil_k> looks like a bunch of auth failures there 14:47:51 <mclaren> multitenant broken? :-( we really need all our stores tested in the gate 14:47:54 <bunting> bunting: Sorry? 14:48:15 <bunting> mfedosin: Sorry? 14:48:22 <mclaren> bunting: https://bugs.launchpad.net/swift/+bug/1511025 14:48:22 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New] 14:48:22 <kairat> bunting, you found a bug 14:48:27 <mfedosin> bunting: is it your bug https://bugs.launchpad.net/swift/+bug/1511025 ? 14:48:38 <flaper87> mclaren: ++ 14:48:57 <flaper87> I wish someone would take what kragniz started 14:49:04 <bunting> Ah right :) 14:49:14 <nikhil_k> #link http://logs.openstack.org/06/243706/1/check/gate-tempest-dsvm-full-ceph-src-glance_store/1420d1b/console.html#_2015-11-12_12_45_56_220 14:49:41 <mfedosin> mclaren: can you fix bug/1511025 ? 14:49:44 <mclaren> flaper87: bunting is the new kragniz ;-) 14:50:05 <kairat> heh 14:50:07 <mclaren> mfedosin: magically? :-) 14:50:08 <nikhil_k> I think we should move this to non-voting to avoid last minute screams for stuff like security patches blocked on unrelated gate 14:50:15 <flaper87> mclaren: w00000000h0000000000000000000000000 14:50:28 <flaper87> bunting: well, sir. You found yourself a new task 14:50:30 <flaper87> :D 14:50:38 <bunting> flaper87: Whooooo ): 14:50:39 <bunting> :) 14:50:46 <flaper87> :D 14:50:53 <flaper87> #topic Open Discussion 14:51:00 <mclaren> mfedosin: myself and bunting can hopefully take a look, I definitely want that fixed... 14:51:12 <mfedosin> mclaren: +1 14:51:16 <flaper87> anything folks want to bring up or talk about? 14:51:22 <mclaren> o/ 14:51:23 <bunting> mclaren: ++ 14:51:28 <mfedosin> after that we can start working on trusts for MT driver 14:51:31 <bpoulos> I'd like to bring something up about the image signature verification 14:51:33 <flaper87> mclaren: same here but I don't think I'll have time to make it happen other than providing reviews 14:51:43 <flaper87> bpoulos: shoot 14:51:52 <bpoulos> at the summit, we decided to leave the checksum as-is, and then add a second, configurable hash 14:51:58 <bpoulos> currently, the signature is of the checksum, which is MD5, which is insecure 14:52:03 <bpoulos> and discussing this feature with Nova, they are completely opposed to ever supporting anything with MD5 14:52:08 <bpoulos> they want to sign the image data directly, rather than signing a hash of the image data 14:52:14 <bpoulos> would the glance community be opposed to doing the signature verification where the checksum is computed? 14:52:21 <bpoulos> this would only occur if the signature properties are present 14:52:40 <bpoulos> initially, there was opposition to a second hash being done 14:52:52 <bpoulos> but now it seems that as long as the hash is optional, the community is ok with it 14:53:00 <bpoulos> based on the discussion about the configurable hash at the summit 14:53:29 <Jokke_> bpoulos: that kind of makes sense ... _but_ how big performance impact using more complex algo's there would cause? 14:53:43 <flaper87> mmh 14:53:46 <bpoulos> it's just doing a hash such as SHA-256 or SHA-512 14:53:58 <bpoulos> it would be the same as computing a separate configurable hash 14:54:09 <flaper87> gotcha 14:54:14 <nikhil_k> bpoulos: that would mean, we needing a published protected image property? 14:54:14 <bpoulos> and it would only be what the user requested for the signature 14:54:28 <bpoulos> we could use the existing signature metadata properties 14:54:30 <bpoulos> without issue 14:54:41 <bpoulos> we already define a signature hash method 14:54:45 <Jokke_> makes sense to me 14:54:49 <flaper87> bpoulos: has this been brought up on the m-l ? I still have some backlog there 14:54:59 <flaper87> where did the nova discussion happen? 14:55:00 <nikhil_k> flaper87: not yet 14:55:02 <bpoulos> no, the discussion has been on the nova spec 14:55:06 <bpoulos> let me grab the link 14:55:14 <tekentaro> any plans for adding new cores to team?, all other teams are expanding 14:55:24 <flaper87> tekentaro: there are plans 14:55:30 <bpoulos> https://review.openstack.org/#/c/188874/ 14:55:44 <flaper87> however, the fact that other teams are expanding, it doesn't mean we should (hope this doesn't come out harsh) 14:55:56 <Jokke_> flaper87: ++ 14:55:59 <tekentaro> flaper87: ok 14:56:20 <Jokke_> peer pressure might be difficult to resist 14:56:51 * flaper87 resists peer preasure very well unless there's alcohol involved 14:56:53 * flaper87 stfu 14:56:55 <nikhil_k> bpoulos: do we need to have published protected image property? 14:57:05 <bpoulos> no, i don't believe so 14:57:21 <flaper87> bpoulos: it makes sense to me as well, fwiw 14:57:25 <nikhil_k> how do we ensure the consistency/existence of it then? 14:57:38 <bpoulos> we check for the optional properties 14:57:40 <tekentaro> jokke_: i understood, I just remembered we have reduced 2-3 members month before 14:57:42 <bpoulos> just like we're doing now 14:57:43 <flaper87> and I trust Daniel's opinions 14:57:44 <flaper87> bpoulos: wonder if we could bring this up on the m-l ? 14:58:00 <bpoulos> flaper87: sure, if that's what you'd prefer 14:58:01 <nikhil_k> bpoulos: yeah, but I think we need to have it protected. 14:58:10 <bpoulos> nikhil_k: why? 14:58:12 <nikhil_k> and now I think we are different page 14:58:24 <rosmaita> don't mean to interrupt, but anyone interested in the image import refactor, please look at the spec and leave comments: https://review.openstack.org/#/c/232371/ ... so far only flaper87 and mclaren have commented (which is good, they are high-quality comments, but now is the time to get your opinion known) 14:58:42 <Jokke_> tekentaro: we really didn't ... those people reduced themselves long time ago. We just did the paperwork 14:58:45 <mclaren> rosmaita: got a few mins to chat after the meeting? 14:58:48 <nikhil_k> bpoulos: sorry, in my dictionary prot prop != base prop 14:59:15 <flaper87> not saying we should ask nova to accept it but rather discussing how we can do it in glance 14:59:16 <flaper87> and get feedback from nova and other folks 14:59:16 <flaper87> bpoulos: your work impacts several services and it's super important for the community 14:59:16 * flaper87 senses the lag slowing down his messages 14:59:18 <nikhil_k> bpoulos: so, we will have it optional but by default restricted to teh user and documented so that it will be used for signing 14:59:25 <rosmaita> mclaren: got searchlight meeting, how about 11:00 utc in openstack-glance ? 14:59:45 <bpoulos> i'll bring it up on the m-l so we can discuss further there 14:59:59 <flaper87> ok, we're running out of time 14:59:59 <flaper87> rosmaita: ++ 14:59:59 <flaper87> rosmaita: ++ 15:00:01 <mclaren> rosmaita: 11:00? 15:00:05 <flaper87> rosmaita: ++ 15:00:05 <flaper87> one more time 15:00:08 <flaper87> rosmaita: ++ 15:00:08 <flaper87> :D 15:00:13 <flaper87> ok, out of time 15:00:16 <flaper87> thanks ppl 15:00:21 <mclaren> thanks! 15:00:22 <kairat> thanks 15:00:23 <nikhil_k> rosmaita: I don't want to leave comments and disappear for a few days! 15:00:31 <nikhil_k> that is quite likely 15:00:41 <Jokke_> thanks folks 15:00:42 <abhishekk> thanks 15:00:49 <rosmaita> nikhil_k: that's ok, i will ignore your comments if i don't like them :) 15:00:51 <tekentaro> thank you! 15:00:59 <bpoulos> thanks! 15:01:09 <nikhil_k> rosmaita: sure! I have a treat for you in that case :) 15:01:42 * nikhil_k done 15:02:09 <nikhil_k> #chairs 15:02:11 <nikhil_k> #chair 15:02:20 <nikhil_k> not sure if flaper87 dropped off 15:02:51 <nikhil_k> wth, let's try 15:02:52 <flaper87> #endmeeting