#openstack-meeting-4 log

13:59:48 <flaper87> #startmeeting Glance
13:59:48 <openstack> Meeting started Thu Nov 12 13:59:48 2015 UTC and is due to finish in 60 minutes.  The chair is flaper87. Information about MeetBot at http://wiki.debian.org/MeetBot.
13:59:49 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
13:59:51 <openstack> The meeting name has been set to 'glance'
13:59:55 <kairat> o/
13:59:57 <abhishekk> o/
14:00:09 <flaper87> #topic Roll Call
14:00:10 <dshakhray> o/
14:00:23 <flaper87> so, who's around ?
14:00:25 <flaper87> :D
14:00:27 <flaper87> pppppplllll
14:00:30 <flaper87> :D
14:00:34 * flaper87 has a terrible connection today
14:00:35 <gb21> o/
14:00:38 <flaper87> #topic Agenda
14:00:43 <flaper87> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:48 <bpoulos> o/
14:00:54 <flaper87> That's our agenda for today
14:01:17 <mfedosin> o/
14:01:35 <flaper87> not much to say today more than updates
14:01:43 <flaper87> #topic Updates from summit http://lists.openstack.org/pipermail/openstack-dev/2015-November/078235.html (flaper87)
14:02:04 <flaper87> So, that's the email with the summary from the summit
14:02:15 <flaper87> Hope you all read it and you all love it
14:02:18 <flaper87> :P
14:02:24 <flaper87> jokes apart, are there questions from that email?
14:02:40 <nikhil_k> o/
14:02:44 <flaper87> I'd like to take some time to answer questions and doubts from the summit
14:02:46 <flaper87> nikhil_k: yoooooooooooooooooo
14:02:54 <flaper87> Even for people that attended
14:03:16 <flaper87> During summits we discuss many things but nothing is written on stone
14:03:21 <mfedosin> flaper87: it was briefly and clearly :)
14:03:40 <flaper87> I'd like that to be clear to everyone and make sure ppl know that feedback is always welcome
14:03:45 <kairat> flaper87, I need to clarify one question :)
14:03:54 <kairat> it is related to priorities
14:03:57 <flaper87> kairat: shoot
14:04:05 <flaper87> I've priorities in the topics for today too
14:04:10 <kairat> Ok
14:04:20 <kairat> let's talk about it later)
14:04:21 <flaper87> :D
14:04:41 <flaper87> ok, any other questions I can delay answers for ?
14:04:45 <flaper87> :D
14:05:07 <flaper87> I'll take that as a no
14:05:18 <flaper87> #topic Priorities for Mitaka http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html (flaper87)
14:05:24 <flaper87> kairat: gimme 1s
14:05:37 <kairat> flaper87, ok
14:05:59 <flaper87> That's the list of priorities. That's what we should focus our review strengths on. However, that doesn't mean we won't review other patches
14:06:28 <flaper87> The priorities list helps reviews to know what to focus on when in doubt and to communicate to the community what the team wants to achieve during the cycle
14:06:34 <Jokke_> o/
14:06:40 <flaper87> there are things that have a clear plan forward (or focus)
14:07:00 <flaper87> and  there are others that will still happen (hopefully) but are less "critical"
14:07:22 <flaper87> Hope that it's clear that the priorities list *doesn't* mean other things won't be reviewed
14:07:30 <flaper87> that's it from me
14:07:36 <flaper87> kairat: shoot
14:07:52 <nikhil_k> sounds good. so, this is a immutable list, correct?
14:08:03 <kairat> So I got this: https://review.openstack.org/#/c/233687/
14:08:16 <flaper87> nikhil_k: yup
14:08:20 <kairat> and i was interesting if priorities is like restrictions
14:08:24 * nikhil_k has a small KB so typing very slow
14:08:32 <kairat> or like things that we should be focused on
14:09:07 <flaper87> kairat: to some extent it also works as a way to know what we would like to have in the cycle or not
14:09:28 <flaper87> if there are 10 specs impacting the API, we might need to choose which ones we'll let in
14:09:31 <kairat> I understand the reasoning but it is a correct to have -2 on all bp that is not included in priorities
14:09:50 <Jokke_> kairat: looking that change ... I don't think it was priority reason it got -2'd
14:09:51 * nikhil_k still absorbing new process & waiting for things to fan out before giving feedback (about feedback req before)
14:10:02 <flaper87> kairat: no, in fact, there are other specs there that don't have -2's
14:10:08 <mfedosin> kairat: I think that -2 is not related to priorities
14:10:18 <flaper87> and yeah, that
14:10:22 <flaper87> what mfedosin and Jokke_ said
14:10:36 <mfedosin> we just postponed your feature to N
14:11:00 <mfedosin> because there are a lot of changes in Mitaka
14:11:15 * flaper87 is scared about the import process work
14:11:25 <flaper87> that's gonna be huge and it'll require lots of time
14:11:34 <mclaren> he's not alone
14:11:35 <kairat> Ok, so no features except priorities?
14:12:02 <kairat> and bugs of course
14:12:12 <flaper87> kairat: no, that's not what we are saying
14:12:17 <flaper87> please, take a look at the list of specs
14:12:19 <nikhil_k> kairat: let's work on case by case basis, I think the break would be mostly on api changes
14:12:23 <flaper87> there *are* new features there
14:12:32 <flaper87> we simply can't afford them all
14:12:37 <flaper87> nikhil_k: ++
14:13:12 <kairat> flaper87, ok, is it mentioned in your spec?
14:13:15 * flaper87 has 10s lag
14:13:25 <flaper87> kairat: it is, AFAIK
14:13:44 <kairat> flaper87, ok, need to review it again, thanks
14:14:08 <flaper87> There's also a reason why we call it priorities list and not "exclusive list of things we'll accept"
14:14:20 <flaper87> The process is new and these questions are awesome
14:14:25 <nikhil_k> kairat: you potentially have 30 mins to move fwd for your spec at drivers' mtg
14:14:29 <Jokke_> kairat: the point is that due to the fact that we're doing major rework around our core functionalities, we do not want to have multiple things parallel poking those, so if we break something we have decent idea what actually broke it
14:14:35 <nikhil_k> dedicated mins
14:14:36 <flaper87> lets clarify them so we have a clearer process
14:15:04 <flaper87> kairat: if it's not clear enough on the priorities spec, let me know and I'll happily amend it
14:15:12 * nikhil_k still doesn't know the spec :P
14:15:20 <kairat> Thanks guys=)
14:15:42 <flaper87> nikhil_k: http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html
14:15:46 <flaper87> #link http://specs.openstack.org/openstack/glance-specs/priorities/mitaka-priorities.html
14:15:57 <flaper87> ok, moving on (unless there are other questions)
14:16:06 <nikhil_k> flaper87: thanks. I was curious about kairat's one.
14:16:27 <flaper87> nikhil_k: ah, sorry. misunderstood
14:16:32 * flaper87 (facepalm)
14:16:38 <flaper87> #topic Glance v2 additional filtering https://blueprints.launchpad.net/glance/+spec/v2-additional-filtering https://review.openstack.org/#/c/197388/ (slow progress) <- required for Nova v2 adoption (mfedosin)
14:16:45 <flaper87> that's a long topic name
14:16:47 <kairat> nikhil_k, https://review.openstack.org/#/c/233687/
14:16:50 <flaper87> :D
14:16:50 <mfedosin> oh yes
14:16:52 <flaper87> mfedosin: floor is yours
14:16:52 <abhishekk> https://review.openstack.org/#/c/233687/
14:16:58 <abhishekk> nikhil_k: ^
14:17:00 <mfedosin> I tried to explain the issue
14:17:31 <mfedosin> so, yeah - we have this spec merged in Liberty
14:17:49 <mfedosin> but the progress is slow :(
14:18:11 <flaper87> mfedosin: FWIW, I have re-propossed it for Mitaka
14:18:16 <mfedosin> and we really need this feature to port Nova to v2
14:18:17 <flaper87> but we need commitment from someone
14:18:34 * flaper87 can't find the link
14:18:47 <flaper87> #link https://review.openstack.org/#/c/230971/
14:18:51 <flaper87> that one
14:19:02 <flaper87> What exactly do you need?
14:19:05 <mfedosin> so I'm okay to take it on and start writing the code
14:19:17 <flaper87> mind expanding a bit so we're all on the same page
14:19:17 <mfedosin> I need this feature asap
14:19:38 <mfedosin> because it blocks v2 image-list for Nova
14:19:43 <Jokke_> mfedosin: is that the piece we discussed with Jay in the Tokyo?
14:19:52 <mfedosin> Jokke_: yes
14:20:19 <mfedosin> not exactly - I wanted to implement it in the client
14:20:23 <mfedosin> but having it on the server side is perfect
14:20:35 <nikhil_k> thanks kairat, abhishekk, mfedosin
14:20:41 <Jokke_> well if we get it working ;P
14:20:42 <flaper87> mfedosin: I don't think ppl here know exactly what you need
14:20:48 <mclaren> Is anything in particular blocking this? Or is it just reviews?
14:20:50 <flaper87> I do :P
14:20:57 <flaper87> but please, explain to others
14:21:08 <flaper87> mclaren: I think we need to get the spec in again and the code up
14:21:10 <flaper87> :D
14:21:25 <mclaren> ok, so paperwork...
14:21:34 <flaper87> mclaren: right :D
14:21:50 <nikhil_k> wait, this is changes-since correct?
14:21:53 <kairat> mclaren, it doesn;t pass tests
14:22:03 <mfedosin> I wish Steve to be here to talk about it
14:22:07 <Jokke_> nikhil_k: yes
14:22:08 <kairat> and progress on this feature is quite slow
14:22:21 <mfedosin> nikhil_k: yes, it's kindof changed since
14:22:21 <flaper87> nikhil_k: yup
14:22:21 <mclaren> Ok, so Steve is blocking us :-)
14:22:22 <flaper87> sorta
14:22:41 <nikhil_k> I see, thanks all.
14:22:41 <Jokke_> so we need some way to filter our output to simulate changed-since so we can keep nova API unbroken
14:22:52 <flaper87> I'll ping Steve and get his feedback and ask him if he's fine with us taking this over
14:22:55 <mfedosin> so, if he doesn't mind we can implement it
14:23:09 <mfedosin> me and kairat
14:23:17 * flaper87 is not sure if his messages are reaching destination
14:23:36 <mfedosin> flaper87: please do :)
14:23:44 <flaper87> :D
14:23:47 <mfedosin> I can ping him as well
14:23:51 <flaper87> ok ok
14:23:55 <flaper87> Lets get this going
14:24:01 <mclaren> hey I'll ping him too!
14:24:03 <flaper87> mfedosin: then don't wait for me
14:24:05 <kairat> heh
14:24:10 <flaper87> mfedosin: when you do, please, update the spec
14:24:13 <flaper87> :)
14:24:17 <mfedosin> let's ping him all :D
14:24:30 <flaper87> it needs a nick of the person who's going to work on this
14:24:44 <mfedosin> flaper87: yep, I will update it
14:24:49 <nikhil_k> just send am email
14:24:54 <flaper87> after that, we can merge that spec. I'll re-read it to make sure it doesn't have weird impacts on the rest of the work
14:24:57 <nikhil_k> a*
14:25:05 <flaper87> email + ping + sms + telegram
14:25:08 <flaper87> done
14:25:12 <flaper87> :D
14:25:16 <nikhil_k> forgot pager
14:25:18 <nikhil_k> :P
14:25:21 <flaper87> damnit
14:25:24 <flaper87> :(
14:25:25 <flaper87> :D
14:25:29 <flaper87> mfedosin: anything else ?
14:25:42 <mfedosin> nope sir
14:25:52 <flaper87> sweet, thanks for working on that
14:25:55 <flaper87> #topic Glance upgrades (flaper87)
14:26:04 <Jokke_> flaper87: did you send a fax to the office?
14:26:34 <flaper87> I don't really have much to say here and it's perhaps an open question. How do we feel about the upgrade process in Glance? What are we missing?
14:27:02 <nikhil_k> which upgrades? API, DB, other (service) imports?
14:27:02 <mclaren> Documentation?
14:27:14 <flaper87> I think we haven't revisited this topic in a bit and, while we have migrations in place, I think it'd be great to check if there's something we need to do to improve it
14:27:25 <flaper87> Everything Juno -> Kilo -> Liberty -> Mitaka
14:27:34 <flaper87> It's a wide open question
14:27:48 <nikhil_k> yeah, good question
14:27:56 <nikhil_k> has anyone tried it ?
14:28:12 <flaper87> There's a lot of work on communicating what the services' upgrade story is
14:28:25 <flaper87> Whether they support upgrades AND whether they support rolling upgrades
14:28:43 <mclaren> nikhil_k: Not since a few releases ago unfortunately...
14:28:53 <flaper87> I've been meaning to take some time to test the above but I wanted to ask if ppl have given that a try
14:29:06 <nikhil_k> thanks mclaren
14:29:07 <flaper87> ok, I guess we need to clear that story a bit
14:29:23 * flaper87 wonders if rosmaita has done upgrades
14:29:30 <nikhil_k> I will put this in my TODO list for the first few items when fully back.
14:29:35 <nikhil_k> I doubt it
14:29:42 <flaper87> I'll start an etherpad to collect thoughts and issues about this
14:29:51 <flaper87> nikhil_k: ah, nice
14:29:52 <flaper87> thanks
14:29:55 <nikhil_k> flaper87: do you have time for explaining rolling upgrade expectations?
14:29:58 * flaper87 removes that from his todo list
14:29:58 <flaper87> :P
14:30:10 <flaper87> Sure
14:30:42 <flaper87> tl;dr: The expectation is that you can upgrade 1 glance-api node at a time to avoid having down times
14:30:46 <abhishekk> i have tried nova's online schema migration from juno >> kilo
14:30:58 <abhishekk> but they have reverted it now
14:31:13 <flaper87> sometimes that's complicated when there are schema migrations, hence versionobjects
14:31:33 <Jokke_> flaper87: I don't think the API side is our problem
14:31:47 <nikhil_k> gotcha, I am recollecting a bit on vo now.
14:31:59 <Jokke_> flaper87: problem is when we do the DB migration and need to roll the registries
14:32:04 <flaper87> If we have a problem in the db side, I believe it'll affect the API as well
14:32:09 <flaper87> :)
14:32:20 <nikhil_k> flaper87: I thought the same
14:32:44 * nikhil_k is unsure if we added virtual size in juno or not
14:33:13 <flaper87> if we have an old glance-api node running and we migrate the db under-the-hood, the glance-api node could break
14:33:15 <flaper87> and that will cause a downtime
14:33:15 <flaper87> nikhil_k: thanks for taking this
14:33:28 <flaper87> nikhil_k: I think it was Icehouse
14:33:31 <Jokke_> flaper87: our API <--> Registry communications have been really stable ... we really haven't introduced too huge expectations from the DB (on old functionality)
14:33:53 <flaper87> the same applies to the registry node
14:33:57 <flaper87> you need to upgrade those
14:34:07 <flaper87> and there are environments running without the registry service
14:34:13 <flaper87> pure glance-api envs
14:34:20 <Jokke_> flaper87: what I mean is, we most of the time survive just well if we upgrade API nodes and don't expect new features to work before reg/db has been upgraded
14:34:34 <nikhil_k> Also, can do do guarantees on sub-set of the API. say only CRUD on image+properties?
14:35:02 <flaper87> Jokke_: I believe that's not a good expectation and surviving that is pure luck
14:35:05 <flaper87> :D
14:35:07 <nikhil_k> We had a few API changes to metadef APIs but that's admin only and not sure of the operator expectations on those
14:35:09 <Jokke_> but as you said other way around is the pain and we need to roll our registries at the point we run db migrations
14:35:18 <mclaren> we need to document what order to upgrade things in (if we haven't done so)
14:35:30 <flaper87> mclaren: that was part of my question :D
14:35:50 <nikhil_k> huh
14:35:53 <flaper87> I don't think we've ever talked about this explicitly and we've just been happy with db migrations
14:36:07 <flaper87> which are great but not enough to make transitions smooth
14:36:19 <nikhil_k> it's interesting that a IT would want to upgrade API before DB
14:36:24 <nikhil_k> IT team
14:36:36 <flaper87> ok, it seems we need clarify our story here and, as mclaren said, document it
14:36:42 <flaper87> nikhil_k: indeed
14:36:58 <flaper87> nikhil_k: looking forward to your findings
14:37:03 <mclaren> my 2 cents is that things will probably mostly work ok, but if we really start looking we could find potential issues. Eg I think the way the v2 registry error handling is done assumes the same code is on the API and registry nodes
14:37:22 <flaper87> mclaren: ++
14:37:45 <nikhil_k> especially given the possibility of DB sync going corrupt w/ restarts, extraneously long DB upgrades etc.
14:37:55 <flaper87> I think it's time for us to look for those issues and improve our story there. It'd be great to at least identify them and work on a long term plan to fix them
14:37:56 <Jokke_> and it will get trickier when you are running API only implementation
14:38:19 <mclaren> sounds like a mission for the next release :-)
14:38:31 <Jokke_> ++
14:38:36 <flaper87> not saying this has to be all fixed in Mitaka - I mean, that'd be awesome - but definitely something for N
14:38:39 <flaper87> mclaren: out of my MIND!
14:38:40 <flaper87> >.>
14:38:48 <nikhil_k> oh, there was a question on the upgrades for libraries breaking stuff
14:39:06 <flaper87> Identifying the issues now will help us build a plan for N and O
14:39:16 <nikhil_k> ++
14:39:20 <flaper87> ok
14:39:28 <flaper87> moving on, unless there are more questions
14:39:33 <mfedosin> NO plans :)
14:39:41 <nikhil_k> but I will take this item for mitaka
14:39:47 <nikhil_k> if ok
14:40:16 <Jokke_> nikhil_k: absolutely not, you must not try to upgrade ;)
14:40:18 * nikhil_k ties with co-qa liaison responsibilities
14:40:19 <flaper87> I'd like to have time for the reviews list
14:40:19 <flaper87> nikhil_k: we can discuss this further on -glance when you're back
14:40:19 <flaper87> :D
14:40:20 <flaper87> #topic Bug / Review Triage Day  (flaper87)
14:40:42 <flaper87> real quick: I'm thinking of organizing a Bug/Review triage/squash day. I know some folks are still out or not fully back on brain power
14:40:42 <flaper87> nikhil_k: +1
14:40:56 <flaper87> so, I'm not going to propose it for this week, or next week.
14:41:02 <flaper87> What about the week after next week ?
14:41:08 <kairat> big + 1 on this
14:41:11 <mclaren> sure thing
14:41:23 <mfedosin> I'm in
14:41:24 <flaper87> We're getting closer to M-1 and I'd like to have 1 of these days on every milestone
14:41:26 <nikhil_k> works for me, thanks!
14:41:32 <flaper87> AWESOME!
14:41:34 <kairat> It would be useful for other to help glance fixin g the updated bugs
14:41:48 <flaper87> sweet
14:41:52 * flaper87 dances
14:42:00 <Jokke_> flaper87: So Mon 23rd it is?
14:42:03 <flaper87> I'll send an email out with a proposed day
14:42:05 <bpoulos> in the US, we have Thanksgiving week then
14:42:14 <flaper87> Jokke_: yeah, that week
14:42:21 <flaper87> bpoulos: oh uh, you US ppl
14:42:22 <nikhil_k> ohai bpoulos, you're lurking :)
14:42:23 <Jokke_> flaper87: not that week, Monday
14:42:24 <flaper87> >.>
14:42:32 <flaper87> bpoulos: do ppl take the whole week of ?
14:42:38 <Jokke_> exactly for the reason bpoulos brought up :P
14:42:41 <nikhil_k> can't believe he missed thanksgiving week
14:42:47 <bpoulos> everyone takes Thursday and Friday off, but some people take off the whole week
14:42:57 <bpoulos> it depends on how far away they live from family usually
14:42:59 <flaper87> well, Mon 23rd works me
14:43:11 <flaper87> I'll send 2 dates, one for next week and one for the week after next week
14:43:18 <flaper87> we can vote on the m-l
14:43:21 <Jokke_> ++
14:43:24 <flaper87> bpoulos: thanks for brining that up
14:43:27 <flaper87> bringing, even
14:43:32 <bpoulos> flaper87: np
14:43:37 <flaper87> ok, moving on
14:43:44 <flaper87> #topic Reviews / Bugs
14:43:50 <flaper87> glance_store broken ceph gate -> https://review.openstack.org/#/c/243706/
14:43:54 <flaper87> not sure who put that there
14:44:05 <flaper87> (or any of those)
14:44:06 <mfedosin> I did
14:44:08 <flaper87> mfedosin: was that you?
14:44:20 <mfedosin> yes
14:44:33 <Jokke_> mfedosin: so is glance_store breaking ceph or other way around?
14:44:41 <flaper87> anything specific you want to say? or just raise awareness ?
14:44:43 <mfedosin> we have it broken and we can't merge commits to glance_store
14:45:00 <flaper87> btw, I'll do a triage on the reviews today/tomorrow to refresh the dashboard
14:45:01 <mfedosin> just raise awareness
14:45:02 <nikhil_k> why don't we keep these optional
14:45:02 <flaper87> :D
14:45:19 <mfedosin> because I have no idea how to fix it
14:45:20 <nikhil_k> (Sorry that was a actual question)
14:45:25 <kairat> nikhil_k, there is a lot of installations with ceph+glance
14:45:26 <Jokke_> mfedosin: ok, and have you checked is it only master or are all branches same way broken?
14:45:30 <kairat> AFAIK
14:45:34 <mfedosin> and it blocks our trust work for swift driver
14:45:41 <nikhil_k> yeah, but not all drivers should have to wait on the gate
14:45:43 <flaper87> Multitenant swift driver doesn't work? https://bugs.launchpad.net/swift/+bug/1511025
14:45:43 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New]
14:45:43 <mclaren> is there a bug in for the broken gate?
14:45:49 <flaper87> nikhil_k: ++
14:45:59 <flaper87> we need to fix our functional tests for glance_store
14:46:10 <flaper87> kragniz: was working on that but he doesn't like us anymore (joke)
14:46:12 <nikhil_k> I think the core reviewers would be wise enough to notice the failure and stop the ceph patches in this case
14:46:18 <mfedosin> functional test are ok
14:46:42 <mfedosin> tempest is broken :)
14:46:49 <flaper87> Multitenant swift driver doesn't work? https://bugs.launchpad.net/swift/+bug/1511025
14:46:49 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New]
14:46:52 <flaper87> ops
14:47:06 <flaper87> Trusts for Glance are ready btw :) welcome to review https://review.openstack.org/#/c/229878/
14:47:06 <flaper87> that's the work for trusts
14:47:09 <mfedosin> and yeah - we can't make multitenant driver work
14:47:12 <flaper87> (please, note the spec hasn't landed)
14:47:29 <flaper87> feel free to review but abstain from approving until the spec lands
14:47:42 <mfedosin> and it seems like bunting can't neither
14:47:49 <nikhil_k> looks like a bunch of auth failures there
14:47:51 <mclaren> multitenant broken? :-( we really need all our stores tested in the gate
14:47:54 <bunting> bunting: Sorry?
14:48:15 <bunting> mfedosin: Sorry?
14:48:22 <mclaren> bunting: https://bugs.launchpad.net/swift/+bug/1511025
14:48:22 <openstack> Launchpad bug 1511025 in OpenStack Object Storage (swift) "Image download with multi tenant true fails" [Undecided,New]
14:48:22 <kairat> bunting, you found a bug
14:48:27 <mfedosin> bunting: is it your bug https://bugs.launchpad.net/swift/+bug/1511025 ?
14:48:38 <flaper87> mclaren: ++
14:48:57 <flaper87> I wish someone would take what kragniz started
14:49:04 <bunting> Ah right :)
14:49:14 <nikhil_k> #link http://logs.openstack.org/06/243706/1/check/gate-tempest-dsvm-full-ceph-src-glance_store/1420d1b/console.html#_2015-11-12_12_45_56_220
14:49:41 <mfedosin> mclaren: can you fix bug/1511025 ?
14:49:44 <mclaren> flaper87: bunting is the new kragniz ;-)
14:50:05 <kairat> heh
14:50:07 <mclaren> mfedosin: magically? :-)
14:50:08 <nikhil_k> I think we should move this to non-voting to avoid last minute screams for stuff like security patches blocked on unrelated gate
14:50:15 <flaper87> mclaren: w00000000h0000000000000000000000000
14:50:28 <flaper87> bunting: well, sir. You found yourself a new task
14:50:30 <flaper87> :D
14:50:38 <bunting> flaper87: Whooooo ):
14:50:39 <bunting> :)
14:50:46 <flaper87> :D
14:50:53 <flaper87> #topic Open Discussion
14:51:00 <mclaren> mfedosin: myself and bunting can hopefully take a look, I definitely want that fixed...
14:51:12 <mfedosin> mclaren: +1
14:51:16 <flaper87> anything folks want to bring up or talk about?
14:51:22 <mclaren> o/
14:51:23 <bunting> mclaren: ++
14:51:28 <mfedosin> after that we can start working on trusts for MT driver
14:51:31 <bpoulos> I'd like to bring something up about the image signature verification
14:51:33 <flaper87> mclaren: same here but I don't think I'll have time to make it happen other than providing reviews
14:51:43 <flaper87> bpoulos: shoot
14:51:52 <bpoulos> at the summit, we decided to leave the checksum as-is, and then add a second, configurable hash
14:51:58 <bpoulos> currently, the signature is of the checksum, which is MD5, which is insecure
14:52:03 <bpoulos> and discussing this feature with Nova, they are completely opposed to ever supporting anything with MD5
14:52:08 <bpoulos> they want to sign the image data directly, rather than signing a hash of the image data
14:52:14 <bpoulos> would the glance community be opposed to doing the signature verification where the checksum is computed?
14:52:21 <bpoulos> this would only occur if the signature properties are present
14:52:40 <bpoulos> initially, there was opposition to a second hash being done
14:52:52 <bpoulos> but now it seems that as long as the hash is optional, the community is ok with it
14:53:00 <bpoulos> based on the discussion about the configurable hash at the summit
14:53:29 <Jokke_> bpoulos: that kind of makes sense ... _but_ how big performance impact using more complex algo's there would cause?
14:53:43 <flaper87> mmh
14:53:46 <bpoulos> it's just doing a hash such as SHA-256 or SHA-512
14:53:58 <bpoulos> it would be the same as computing a separate configurable hash
14:54:09 <flaper87> gotcha
14:54:14 <nikhil_k> bpoulos: that would mean, we needing a published protected image property?
14:54:14 <bpoulos> and it would only be what the user requested for the signature
14:54:28 <bpoulos> we could use the existing signature metadata properties
14:54:30 <bpoulos> without issue
14:54:41 <bpoulos> we already define a signature hash method
14:54:45 <Jokke_> makes sense to me
14:54:49 <flaper87> bpoulos: has this been brought up on the m-l ? I still have some backlog there
14:54:59 <flaper87> where did the nova discussion happen?
14:55:00 <nikhil_k> flaper87:  not yet
14:55:02 <bpoulos> no, the discussion has been on the nova spec
14:55:06 <bpoulos> let me grab the link
14:55:14 <tekentaro> any plans for adding new cores to team?, all other teams are expanding
14:55:24 <flaper87> tekentaro: there are plans
14:55:30 <bpoulos> https://review.openstack.org/#/c/188874/
14:55:44 <flaper87> however, the fact that other teams are expanding, it doesn't mean we should (hope this doesn't come out harsh)
14:55:56 <Jokke_> flaper87: ++
14:55:59 <tekentaro> flaper87: ok
14:56:20 <Jokke_> peer pressure might be difficult to resist
14:56:51 * flaper87 resists peer preasure very well unless there's alcohol involved
14:56:53 * flaper87 stfu
14:56:55 <nikhil_k> bpoulos: do we need to have published protected image property?
14:57:05 <bpoulos> no, i don't believe so
14:57:21 <flaper87> bpoulos: it makes sense to me as well, fwiw
14:57:25 <nikhil_k> how do we ensure the consistency/existence of it then?
14:57:38 <bpoulos> we check for the optional properties
14:57:40 <tekentaro> jokke_: i understood, I just remembered we have reduced 2-3 members month before
14:57:42 <bpoulos> just like we're doing now
14:57:43 <flaper87> and I trust Daniel's opinions
14:57:44 <flaper87> bpoulos: wonder if we could bring this up on the m-l ?
14:58:00 <bpoulos> flaper87: sure, if that's what you'd prefer
14:58:01 <nikhil_k> bpoulos: yeah, but I think we need to have it protected.
14:58:10 <bpoulos> nikhil_k: why?
14:58:12 <nikhil_k> and now I think we are different page
14:58:24 <rosmaita> don't  mean to interrupt, but anyone interested in the image import refactor, please look at the spec and leave comments: https://review.openstack.org/#/c/232371/ ... so far only flaper87 and mclaren have commented (which is good, they are high-quality comments, but now is the time to get your opinion known)
14:58:42 <Jokke_> tekentaro: we really didn't ... those people reduced themselves long time ago. We just did the paperwork
14:58:45 <mclaren> rosmaita: got a few mins to chat after the meeting?
14:58:48 <nikhil_k> bpoulos: sorry, in my dictionary prot prop != base prop
14:59:15 <flaper87> not saying we should ask nova to accept it but rather discussing how we can do it in glance
14:59:16 <flaper87> and get feedback from nova and other folks
14:59:16 <flaper87> bpoulos: your work impacts several services and it's super important for the community
14:59:16 * flaper87 senses the lag slowing down his messages
14:59:18 <nikhil_k> bpoulos: so, we will have it optional but by default restricted to teh user and documented so that it will be used for signing
14:59:25 <rosmaita> mclaren: got searchlight meeting, how about 11:00 utc in openstack-glance ?
14:59:45 <bpoulos> i'll bring it up on the m-l so we can discuss further there
14:59:59 <flaper87> ok, we're running out of time
14:59:59 <flaper87> rosmaita: ++
14:59:59 <flaper87> rosmaita: ++
15:00:01 <mclaren> rosmaita: 11:00?
15:00:05 <flaper87> rosmaita: ++
15:00:05 <flaper87> one more time
15:00:08 <flaper87> rosmaita: ++
15:00:08 <flaper87> :D
15:00:13 <flaper87> ok, out of time
15:00:16 <flaper87> thanks ppl
15:00:21 <mclaren> thanks!
15:00:22 <kairat> thanks
15:00:23 <nikhil_k> rosmaita: I don't want to leave comments and disappear for a few days!
15:00:31 <nikhil_k> that is quite likely
15:00:41 <Jokke_> thanks folks
15:00:42 <abhishekk> thanks
15:00:49 <rosmaita> nikhil_k: that's ok, i will ignore your comments if i don't like them :)
15:00:51 <tekentaro> thank you!
15:00:59 <bpoulos> thanks!
15:01:09 <nikhil_k> rosmaita: sure! I have a treat for you in that case :)
15:01:42 * nikhil_k done
15:02:09 <nikhil_k> #chairs
15:02:11 <nikhil_k> #chair
15:02:20 <nikhil_k> not sure if flaper87 dropped off
15:02:51 <nikhil_k> wth, let's try
15:02:52 <flaper87> #endmeeting