#openstack-meeting-4 log

14:02:42 <rosmaita> #startmeeting glance
14:02:43 <openstack> Meeting started Thu Nov  1 14:02:42 2018 UTC and is due to finish in 60 minutes.  The chair is rosmaita. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:02:44 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:02:46 <openstack> The meeting name has been set to 'glance'
14:02:53 <smcginnis> .o.
14:03:07 <rosmaita> #topic roll call
14:03:12 <abhishekk> o/
14:03:12 <mhen> o/
14:04:14 <openstack> jokke_: Error: Can't start another meeting, one is in progress.  Use #endmeeting first.
14:04:20 <rosmaita> #chair jokke_
14:04:21 <openstack> Current chairs: jokke_ rosmaita
14:04:27 <jokke_> oh, hello o/
14:04:28 <rosmaita> jokke_: you have the floor
14:04:45 <jokke_> sorry had ident issue with freenode
14:05:04 <rosmaita> those spammers have made everyone's life miserable
14:05:09 <jokke_> ikr
14:05:29 <jokke_> well the good news is that their activity has reduced significantly
14:06:32 <jokke_> ok, lets get on
14:06:44 <jokke_> #topic updates
14:07:09 <jokke_> Indeed no meeting on the summit week, or at least I won't be chairing it
14:07:22 <jokke_> is there any reason why we shouldn't have one next week?
14:07:37 <abhishekk> I have holiday here
14:07:48 <abhishekk> (next week)
14:08:48 <rosmaita> we can declare a glance holiday in abhishekk's honor
14:09:01 <abhishekk> lol
14:09:20 <jokke_> k, I will keep the next week in calendar in case there is something coming up, it might be very short one but at least we won't be unavailable for 2 weeks in a row
14:09:50 <abhishekk> if we don't have any urgent thing on agenda then we can skip next meeting
14:09:58 <abhishekk> rosmaita, smcginnis ^^
14:10:21 <rosmaita> ok
14:11:57 <jokke_> like said, I'll keep it there in case something comes up. So next weeks meeting start will be at the same time and we'll see how long we go with it. This means, abhishekk, you have your holiday and don't worry about it ;)
14:11:58 <abhishekk> rosmaita, thank you for honoring me :D
14:12:05 <smcginnis> We can always catch up in channel if something comes up.
14:12:10 <abhishekk> jokke_, yey
14:12:14 <rosmaita> happy to do it ... well deserved!
14:12:44 <jokke_> abhishekk: there is no reason for you to break out from your holidays for these meetings, just saying
14:12:51 <abhishekk> <3
14:12:56 <jokke_> gotta honour those holidays
14:13:08 <jokke_> ok, next
14:13:18 <jokke_> #topic periodic test jobs
14:13:50 <rosmaita> all green!!!
14:13:59 <rosmaita> also, the stable/rocky jobs have stopped
14:14:03 <jokke_> \\o \o/ o// o/7
14:14:09 <smcginnis> Woot
14:14:25 <rosmaita> i feel OK with handing this over to abhishekk now
14:14:43 <abhishekk> o/
14:14:45 <jokke_> so these jobs are now running as intended and we can move from tinkering with them every week to just monitoring them?
14:14:56 <rosmaita> yes, we should be good
14:15:02 <rosmaita> unless some new libraries are added
14:15:20 <jokke_> nice, well done rosmaita ... it was quite a bit more than what we expected
14:15:28 <abhishekk> which is unlikely
14:16:03 <rosmaita> well, maybe for the encrypted images
14:16:20 <abhishekk> right
14:17:07 <jokke_> yeah, we'll see. Everything is in place now so it should be quite trivial to add new lib into the list, right?
14:17:53 <rosmaita> yes
14:18:22 <jokke_> cool, thanks again and lets move on
14:18:29 <jokke_> #topic release updates
14:18:50 <abhishekk> so we have python-glanceclient release 2.13.0 from stable/rocky and 2.14.0 for Stein milestone 1
14:19:21 <jokke_> iiuc glanceclient should be good to go from both stable and master. Do we have them release patches up already?
14:19:29 <abhishekk> Also glance-store 0.27.0 for Stein milestone 1 is out
14:20:01 <abhishekk> jokke_, those were merged as well
14:20:01 <rosmaita> excellent
14:20:37 <rosmaita> looks like glanceclient has been released
14:20:45 <rosmaita> 2.13.0 and 1.14.0
14:20:56 <rosmaita> i mean 2.14.0
14:21:02 <jokke_> goodgood
14:21:18 <abhishekk> yep
14:22:34 <jokke_> and just for record, we did/do not tag the S-1 from glance itself
14:23:05 <jokke_> ok, next topic
14:23:27 <rosmaita> reminder: abhishekk is the release CPL now
14:23:36 <jokke_> yup
14:23:43 <jokke_> #topic image encryption
14:23:55 <abhishekk> yes, I will ping you if need any help
14:24:10 <mhen> o/
14:24:36 <jokke_> mhen: how is it going for you on this?
14:24:49 <mhen> so a topic I'd like to bring up regarding the image encryption is about the properties we propose
14:24:59 <jokke_> #link https://review.openstack.org/#/c/609667/
14:25:02 <mhen> like "os_encrypt_key_id" etc.
14:25:28 <mhen> currently, they are meant to be included in the "properties" field of an image which holds arbitrary content
14:26:00 <mhen> question here is, do you think we should/can have separate fields for this? maybe even database model extensions?
14:26:35 <mhen> they also need to be immutable - what is the best approach for this?
14:28:31 <jokke_> I think we should add them to the list of base properties like we did with the multihash
14:29:06 <jokke_> they would be always with the same keys and write only
14:29:34 <mhen> write-only?
14:30:00 <jokke_> yes so once they are set once they become immutable, you cannot remove nor update them
14:30:22 <jokke_> but not mandatory so you can leave them blank
14:30:32 <mhen> so you mean read-only?
14:30:59 <jokke_> yes sorry ... WORM to be exact
14:31:04 <jokke_> write once read many
14:31:12 <mhen> that's good
14:31:30 <mhen> so do new base properties require DB/model change?
14:31:51 <jokke_> yes that would be the case, rosmaita can correct me if I'm wrong
14:32:14 <rosmaita> yes, that is the case
14:32:32 <jokke_> it would need the db expansion, no migrate etc.
14:32:58 <mhen> any objections going that route for the "os_encrypt_*" properties?
14:33:14 <rosmaita> we could handle immutability with property protections
14:33:24 <jokke_> so quite straight forward with our alembic tooling in place
14:34:17 <jokke_> rosmaita: I really don't want to do that as that would mean that the deployer would need to configure them properly and I do not see literally any reason why these should be ever for example mutable
14:34:34 <rosmaita> true
14:36:20 <jokke_> I prefer the approach "You upgrade and it just works" :D
14:36:35 <rosmaita> and someday that will be true
14:37:29 <jokke_> hey, we have had couple of such things in past ... not everything needs to be 200 extra lines in config
14:38:11 <jokke_> ok, anything else about this or should we move on?
14:38:18 <rosmaita> quick question
14:38:36 <rosmaita> mhen: do you have the link to the etherpad about the library/osc situation?
14:38:44 <mhen> sure
14:38:45 <mhen> sec
14:39:14 <mhen> #link image encryption outsourcing discussion etherpad https://etherpad.openstack.org/p/library-for-image-encryption-and-decryption
14:39:21 <rosmaita> thanks!
14:40:30 <jokke_> rosmaita: did you have something specific about that or did you just wanted to include the link?
14:40:49 <rosmaita> no, i just want to follow up with monty about what he's thinking
14:40:55 <mhen> I guess we'll incorporate the base property extension into the spec and our code for now as it doesn't seem to be a no-go for you
14:41:47 <jokke_> I think it's much cleaner approach and just keep the column nullable so we don't consume space on db when they are not set
14:42:35 <jokke_> ok moving on
14:42:36 <mhen> ok, thanks for your input
14:42:51 <jokke_> #topic show store id in image-list
14:43:01 <LiangFang> o/
14:43:01 <jokke_> LiangFang: you're up
14:43:08 <LiangFang> hi jokke
14:43:17 <LiangFang> sorry to bother you again
14:43:44 <jokke_> #link https://review.openstack.org/#/c/612236/
14:43:44 <LiangFang> want to get your approval on this spec-lite
14:43:46 <LiangFang> https://review.openstack.org/#/c/612236/
14:45:24 <jokke_> yeah, seems that we have full quorum there, I will read it through once more and cast my vote on it. Anything specific you wanted to highlight/ask?
14:45:54 <LiangFang> no , thanks
14:46:07 <LiangFang> the code implementation is also ready
14:46:20 <LiangFang> https://review.openstack.org/#/c/605014/
14:46:35 <jokke_> cool, thnx
14:46:42 <LiangFang> thanks jokke
14:46:49 <jokke_> #topic glance FIPS compliance
14:46:53 <jokke_> #link https://etherpad.openstack.org/p/glance-stein-FIPS-compliance
14:46:59 <jokke_> rosmaita: you're up
14:47:27 <rosmaita> well, the info is on the etherpad
14:47:41 <rosmaita> key point is that eventually we'll have to do somehting
14:47:59 <rosmaita> i will investigate and try to get a timeline for when FIPS will hit upstream
14:48:22 <abhishekk> sounds good
14:48:27 <rosmaita> the problem is that md5 will not be available in particular environments
14:48:46 <rosmaita> so, yeah, i don't have as much to say as i thought i did when i put it on the agenda
14:49:24 <rosmaita> that's all
14:49:28 <jokke_> I think this is good to bring up, specially related to the heated discussion about the validation_data discussion
14:50:21 <jokke_> -one discussion
14:51:07 <smcginnis> I wonder if we can get a gate image with FIPS enabled. It would be interesting to see what all breaks.
14:51:09 <jokke_> so I guess we need to revisit our expectation of also glance always populating the checksum if we're expected to follow the FIPS standards
14:51:25 <smcginnis> I'm sure Glance would not be the only area of interest with those results.
14:52:26 <jokke_> smcginnis: that would indeed be interesting experiment.
14:52:49 * smcginnis makes note to raise the topic on the ML
14:53:30 <jokke_> I'd be also interested to see who is going to make the audits if the proposal of allowing non-certified hashes to be used for non-security purposes and what would be the definition of non-security purposes
14:54:29 <jokke_> rosmaita: _if_ you have time and interest to dig into the timeline and expectations ofif/ when we're supposed to be compliant, that would be amazing
14:54:56 <jokke_> ok, last 5min so lets open the discussion
14:55:00 <jokke_> #open discussion
14:55:04 <rosmaita> yeah, i will do that, it impacts cinder too so will be in my range of duties
14:55:04 <jokke_> anyting else?
14:55:20 <jokke_> #topic open discussion
14:55:30 <jokke_> anyting else?
14:55:58 <rosmaita> bug squad
14:56:11 <abhishekk> I am sorry, I completely forgot about bug squad meeting, will start it a week from after summit
14:56:14 <rosmaita> don't know if anyone has noticed htat i haven't actaully been holding meetings since rocky
14:56:32 <rosmaita> was wondering if abhishekk wants to take it over
14:56:52 <abhishekk> rosmaita, I will take it over
14:57:01 <rosmaita> ok, cool
14:57:03 <rosmaita> thanks!
14:57:05 <jokke_> yes, also we did not have our bug squash day at Monday
14:57:47 <jokke_> which I totally forgot/ignored as not tagging milestone got my checklist kind of thrown out of the window
14:58:21 <rosmaita> i will probably stop attending bug squad because the time will be really bad for me after we go off daylight savings here
14:58:38 <rosmaita> but you don't need me for that anyway
14:58:46 <jokke_> understandable
14:58:53 <jokke_> abhishekk: you're still working tomorrow?
14:59:35 <abhishekk> jokke_, yes
15:00:05 <jokke_> cool, lets go through our launchpads tomorrow and make sure we haven't missed anything critical?
15:00:12 <jokke_> and we're out of time. Thanks all!
15:00:17 <abhishekk> jokke_, yes
15:00:19 <rosmaita> bye!
15:00:22 <LiangFang> bye
15:00:22 <jokke_> #endmeeting