14:00:33 #startmeeting glance 14:00:34 Meeting started Thu Oct 13 14:00:33 2016 UTC and is due to finish in 60 minutes. The chair is rosmaita. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:35 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:38 The meeting name has been set to 'glance' 14:00:39 o/ 14:00:44 \o 14:00:47 #topic roll call 14:00:47 o/ 14:00:48 o/ 14:00:52 o/ 14:00:52 o/ 14:00:54 o/ 14:00:55 \o 14:00:55 \o 14:01:08 now the wave \o/ 14:01:14 good turnout! 14:01:16 #topic agenda 14:01:17 #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:01:48 nikhil: kairat: please respond to myu email about coresec at your earliest convenience 14:01:58 #topic updates 14:02:21 #topic update: import refactor 14:02:23 rosmaita, ok 14:02:28 kairat: ty 14:02:53 nothing much to report, we had a productive sync on tuesday 14:03:17 meeting was logged, so please look at the log if you're interested 14:03:26 and this is where i should post a link 14:03:55 #link http://eavesdrop.openstack.org/meetings/image_import_sync/ 14:04:15 that's all from me about that 14:04:25 #topic update: community images 14:04:33 tsymanczyk: you have the mic 14:04:50 there's a lot to say but if everyone stays calm we'll get through it it's not that bad 14:05:08 and please hold your applause for the end 14:05:11 the first patchset is essentially finished, a lot of great feedback, all integrated 14:05:16 i don't mind interrupting applause 14:05:31 the second patchset is down to 8 failing tests which should be easy to solve this week if not today 14:06:07 now the "downside". last week's sync rosmaita mentioned an idea that i'd been putting off thinking of - that 'shared' possibly should be the default value going forward 14:06:27 o/ 14:06:48 and working on the second patchset and finally having to think about it - i agree. it make a lot of things better, and just in the "it really makes the code cleaner" way i believe it's the correct paradigm 14:06:53 so that left me with two choices 14:07:14 either the first patchset alters the table with private as teh default, and then the second patchset alters the table again changing just the default 14:07:27 or i just go and do the table alteration in the first patchset, leaving shared as teh default 14:07:45 note that this doesnt actual "harm" the first patchset's functionality as the backend always just treated that column as either public or not public 14:07:51 as per the original paradigm 14:08:06 this has resulted in one of the jobs failing because nova doesn't understand "shared" 14:08:18 so currently jenkins is -1ing the first patchset even though it's fine 14:08:43 but that's a problem we were going to have to deal with anyways, when that "would be" implemented with the second patchset 14:08:48 So how it is ok of Nova fails on it? 14:08:53 so there's pretty much two ways forward that i can see 14:09:06 s/of/if/ 14:09:17 nova is failing on it because it's seeing images come back as "Shared" which is what we intended and would've been the end goal with the 2nd patchset 14:09:32 is the problem that nova is using a versioned-object for the Image? 14:09:34 "in the end" this is a failure that is going to happen regardless. 14:09:55 we probably need to update the Image object in nova to accept the new visibility values 14:09:59 tsymanczyk: ah, gotcha 14:09:59 the nova api log complains about 'shared' not being one of 'public' or 'private' 14:10:12 anyways, there are two way forward 14:10:24 looks like a v1->v2 feature gap 14:10:47 nova should be using v2 in master, though 14:10:47 i can either back out my 1st patchset change, it can remain public/private, and we can have the literal noop firstpatchset pass 100% and be integrated and the second patchset does the dirty with a rather pointless default-value schema change 14:10:57 or i can collapse the two changesets into one 14:11:07 yeah, I though we've had shared already. So our shared image status was actually never tested? 14:11:07 rosmaita: yes it does 14:11:15 because if you look at the difference between teh two, the second really doesn't change much functionality. 14:11:25 Jokke_: no, never had 'shared' as actual 'visibility' value 14:11:37 i can't think of a reason to keep them seperate anymore beyond "We want to be able to say the 1st one passes 100%" for some reason. 14:11:48 yeah, shared images are exposed as 'private'. 14:11:56 oh ffs 14:12:32 pardon my french 14:12:35 going forward my preference is to collapse them into one unless someone else (rolling upgrades?) would benefit from keeping them separate and the rather weak 2nd schema change. 14:12:43 that is all i have to say 14:12:52 please remember and join the sync friday 9am pst if you want to yell at me 14:12:58 also i'll be on irc most of the day 14:13:02 yes, a design decision that has come back to bite us in the derriere, pardon my french also 14:13:16 but the takeaway is this is almost done 14:13:24 8 unit tests to fix, then "the new" unit tests to add 14:13:27 there's light, people. 14:13:27 * rosmaita applauds 14:13:38 tsymanczyk: I don't see you being responsible for another past feck up 14:13:58 * sigmavirus apologizes for being late 14:14:32 tsymanczyk: can you paste the nova api error you're seeing somewhere? 14:14:34 tsymanczyk: I'd say well done ... looking ofrward to have these fixed. Now how we address this backwards incompatibility towards nova 14:14:34 beyond fixing the code i have no idea how to move forward. this nova coordination thing is goign to be a drag i asume. 14:14:43 yeah sure one sec 14:14:47 i suspect it's a versioned object problem 14:15:34 #action rosmaita to look into what's necessary nova-side for image viz change 14:15:39 https://www.irccloud.com/pastebin/ma0Gnh8j/ 14:15:45 thanks! 14:15:49 rosmaita: solved by a versioned object approach or casued by v.o.s? 14:15:58 sigmavirus: both, i guess 14:16:39 i'm pretty sure nova already uses a versioned object to represent an Image 14:16:39 but i want to reiterate, if anyone sees benefit from my unbreaking the first patchset and doing a secodn migration that's fine i'm happy to do it. 14:16:56 just left on my own i'd collapse them to one and walk away. 14:17:16 let's talk about that at tomorrow's sync 14:17:53 community images sync: 16:00 UTC in #openstack-glance on friday 14:18:05 any questions, comments for tsymanczyk ? 14:19:11 ok, moving on ... i just took the liberty of moving agenda items around 14:19:18 #topic design summit 14:19:32 #link https://etherpad.openstack.org/p/ocata-glance-summit-planning 14:19:44 i've scheduled the Glance design sessions 14:19:55 but not yet permanently 14:20:09 anyway, session leaders, please check for conflicts 14:20:25 i checked, but only for obvious conflicts 14:20:39 flaper87: flwang: Jokke_: ^^ 14:21:18 i will send out an email a bit later to the ML and cc session leaders for final approval before updating the actual summit schedule 14:21:37 i want to add some "expected outcomes" to each session first 14:21:46 one thing i want to emphasize 14:21:55 we won't have a session on rolling upgrades 14:22:13 mainly because the key people working on them won't be present at the summit 14:22:36 as mentioned last week, we will have a video session about rolling upgrades shortly after the summit 14:22:40 is there CP session for that? 14:22:46 there is 14:22:59 and there's also one or two main summit sessions 14:23:01 need to make a note to be there 14:23:07 (main == not design summit track) 14:23:27 Jokke_: that's a good point 14:23:36 the cross-project sessions have been scheduled 14:23:42 i think they're pretty much all tuesday 14:24:02 i think this is the link 14:24:06 #link https://www.openstack.org/summit/barcelona-2016/summit-schedule/global-search?t=Cross%20Project%20workshops%3A 14:24:21 rosmaita: yeah I think it was supposed to be in a way that CPs collide as little as possible with project sessions so they are all on same day 14:24:55 we could try to coordinate like last summit so that glance is represented in various rooms 14:25:09 but there are so few of us, it might not be worth it 14:25:58 anyway, summit attendees: please look at the glance design summit etherpad and point out any conflicts 14:26:07 any questions, comments? 14:27:20 ok, moving along, then 14:27:23 lgtm 14:27:29 so far ;) 14:27:32 #topic "v2 route doesn't exist" 14:27:34 #link https://bugs.launchpad.net/glance/+bug/1632742 14:27:36 Launchpad bug 1632742 in Glance "/v2 route doesn't exist" [Undecided,Triaged] - Assigned to Brian Rosmaita (brian-rosmaita) 14:28:00 matt riedemann filed this, details are on the bug, but i have a quick question for the community 14:28:28 the situation is that in the "versions" response 14:28:45 i mean the response to GET / or GET /versions 14:28:56 #link http://developer.openstack.org/api-ref/image/versions/index.html?expanded=id1-detail#id1 14:29:12 key thing to notice is that the href in the links looks like this: 14:29:12 http://g.os.org:9292/v1/ 14:29:12 http://g.os.org:9292/v2/ 14:29:36 when you do GET http://g.os.org:9292/v1/ , you get an image-list response 14:29:49 which is a bit weird, but it's legacy behavior 14:30:04 when you do GET http://g.os.org:9292/v2/ , you get a 404 14:30:20 which isn't new behavior, but it is a bit odd also 14:30:55 my question is: we could return a list of v2 versions for GET http://g.os.org:9292/v2/ 14:31:09 but that would change the response code from 404 to 200 14:31:27 i'm just wondering whether that's a breaking change 14:32:19 it doesn't sound like a breaking change to me 14:32:30 also wondering whether the endpoint advertised in the "versions" response really has to give you some kind of content with a 200 14:32:46 or whether it's just supposed to be a starting point for constructing API calls 14:32:51 even if it is (which I think is) this change looks a good one 14:32:59 well like Sean pointed out the API ref does not claim /v2/ being valid url 14:33:37 is the uri /v2/ or just /v2 ? 14:34:07 any one know what other projects do? 14:34:09 nikhil: so /v2/ returns 404 and /v2 returns 302 + no content 14:34:23 ah, thx 14:34:58 imo don't return an image list for /v2/ just because v1 does that. 14:35:12 stevelle: ++ 14:35:16 +1 14:35:17 i agree with that entirely! 14:35:22 what I would expect from /v2/ would be a discovery endpoint that tells me what I can do with v2. 14:35:36 but that isn't on the table right now 14:36:00 stevelle: you mean like some kind of json home thing? 14:36:08 yes 14:36:23 redirect to api reference docs 14:36:37 lol 14:36:39 i missed sean's comment in the bug, otherwise i would have just agreed and not mentioned any of this! 14:37:13 i think we close as "won't fix" and wait for the api-wg to come to agreement on stevelle 's suggestion 14:37:28 otherwise, we'll be stuck wiht whatever we return now 14:37:43 so i think, return 404 14:38:08 +1 14:38:14 so only change I'd be ok doing atm. to that is to agree that we return the same thing from /v2 and /v2/ being that 404 or 302 without content 14:38:41 ok, i'll put my position on the bug, if anyone has second thoughts, please go to the bug and register them 14:39:05 Jokke_: i'm not sure i even want to do that 14:39:08 what ever it is we have documented the behavior being for either (I'm pretty sure we haven't documented 'em both) 14:39:25 yes, i think this is undocumented 14:39:43 if we are undocumented on both, lets not touch it 14:40:34 i think the current behavior makes sense; it's not documented, but that gives us flexibility in case it makes sense to change the 404 to some kind of content later 14:40:39 for people like Monty and Matt who like to talk to these APIs via curl, there is the API reference documentation telling them what they can/can't/should do 14:41:54 ok, works for me ... any other comments? 14:42:30 ok, one more topic for today 14:42:46 #topic glance_store (Shared & public images not working with multi-tenant swift backend) 14:42:59 dharinic brought this up a few meetings ago 14:43:17 i think she and hemanth have figured out the cause 14:43:25 and it is a bit unpleasant 14:43:36 I'm not surprised 14:43:53 publicized images though, some public imgs like admin provided work 14:44:04 as far as i can tell, image sharing and public image access is broken in the current glance_store if you use swift configured for multi-tenant storage 14:44:17 and I think the solution for that is document that these 2 wont work together? 14:44:41 no, they can work together 14:44:53 well the workaround is okay with me 14:45:09 uuh ... positive surprise for a change ;) 14:45:10 what can't work together is the swift+config setting plus swift-multi-tenant 14:45:22 actually, i dont' think we have a workaround 14:45:24 we can even add some validation for glance to not come up if both are configured 14:45:36 i think there are two separate bugs 14:45:44 k 14:45:51 Yes. cos wift+condif and multi-tenant causes the storage_url to be picked up from the swift config's auth address 14:46:04 swift+config 14:46:14 would be good to get info on the other part of the bug as a second bug 14:47:17 ok, so bug #1: (or is it a feature request?): Glance should not allow swift+config to be used with multi-tenant-store 14:47:17 bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1 - Assigned to MFauzilkamil Zainuddin (apogee) 14:47:17 dharinic: and why is it difficult to have a workaround that auth url? 14:47:41 lol 14:47:54 heh 14:47:58 * rosmaita can't wait to see what bug #2 is 14:48:10 bug #2 14:48:14 nikhil: should be possible in theory I think but it's just way it is right now 14:48:39 bug #2 is: there was a change in glance_store to get the swift endpoint from the caller's service catalog 14:48:58 when the caller is requesting a shared image, or a public image, this isn't going to work 14:49:05 nikhil, I am not sure I understood the question. 14:49:40 bug #2 is caused by a fix to bug #1 14:49:40 bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1 - Assigned to MFauzilkamil Zainuddin (apogee) 14:49:54 I see 14:49:55 well, a "fix", anyway 14:50:10 "fix" in some sense of the word 14:50:15 we're not setting the right read permissions on the swift container when it writes using multi-tenant-store? 14:50:29 stevelle: no, we are just reading from the wrong account 14:50:47 rosmaita: first one is defo RFE documenting it is bug "fix" 14:51:00 stevelle: we try to pull the image from the caller's account, not the actual image owner's account 14:51:03 stevelle: if you created the public/shared image, I'm be looking for that image under my account 14:51:13 *I'd 14:51:17 And just as the bug reporter said, the storage_url obtained from the users context causes it to be bound to the image downloader's project and so the GET fails. 14:51:52 does swift support symbolic links between accounts? :P 14:51:55 ok, so if trying to read a shared image we don't own we just need to use a different url construction 14:52:08 that makes sense 14:52:29 so i believe we will need to revert that "fix" to bug 1 in order to fix bug 2 14:52:29 bug 1 in Ubuntu Malaysia LoCo Team "Microsoft has a majority market share" [Critical,In progress] https://launchpad.net/bugs/1 - Assigned to MFauzilkamil Zainuddin (apogee) 14:52:45 (thought not using a # would fool it) 14:52:52 /kb openstack nuf is nuf 14:52:59 :P 14:53:01 bug1 14:53:06 and then we will have to release a new glance_store 14:53:22 that seems necessary, regardless 14:54:12 i want to bring it up here because i'm not sure how we can test this 14:54:42 our current tests didn't catch it 14:55:07 #action everyone put on thinking caps 14:55:25 maybe assert the swift url we are reading from? 14:55:25 Do we have tempest bringing that environment up? 14:55:41 I think that's the place this could/should be tested 14:55:57 Jokke_: i think you are correct about that 14:56:16 but i'm also wondering how many people use multi-tenant-swift-store ? 14:56:32 anyone here know of anyone who uses it? 14:56:42 i believe the bug was detected in devstack 14:56:43 based on how messed up it is and how little we hear about it, I'd say none :P 14:57:13 i wonder whether i should float a proposal to remove support and see what the reaction is 14:57:43 ++ 14:57:44 because setting up tempest tests for this would be an interesting exercise, but i don't want it to be pointless as well 14:57:46 let's not do it without a plan 14:58:06 nikhil: how do you mean? 14:58:10 tempest is the right place for this test 14:58:19 w/o a multi tenant swift store support the evolution for swift backend seems impossible 14:58:35 nikhil: evolution to what? 14:58:38 storing all images in one account is def a bad practice 14:59:03 but so is storing it in n accounts where n == number of end users 14:59:08 using the config file you can sanely scale that one account to may be 10 14:59:11 nikhil: with swift+config I think we can store images in multiple accounts 14:59:31 yes, i think they are different use cases? 14:59:33 and we are out of time 14:59:41 I don't care 14:59:50 we'll have to continue this discussion later 14:59:55 but doing it just for the sake of getting reaction doesn't seem fittin 15:00:16 #endmeeting