14:00:10 <abhishekk> #startmeeting glance 14:00:11 <openstack> Meeting started Thu Feb 6 14:00:10 2020 UTC and is due to finish in 60 minutes. The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:13 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:15 <openstack> The meeting name has been set to 'glance' 14:00:15 <abhishekk> #topic roll call 14:00:22 <abhishekk> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:00:26 <abhishekk> o/ 14:01:12 <rosmaita> o/ 14:01:16 <jokke_> o/ 14:01:24 <abhishekk> \o 14:01:43 <abhishekk> Lets start 14:01:49 <abhishekk> #topic Updates 14:02:31 <abhishekk> I have requested a round table with 6 seats for Vancouver PTG 14:02:40 <jokke_> cool 14:02:55 <abhishekk> Hopefully we all able to make for the PTG :D 14:03:23 <abhishekk> #topic release/periodic jobs update 14:03:38 <abhishekk> M2 release is next week 14:04:02 <abhishekk> and we need to get multiple imports and copy existing images patches in anyhow 14:04:10 <abhishekk> Kindly put some efforts in review 14:04:17 <jokke_> will review them today 14:04:45 <abhishekk> I want to tag a release around Tuesday EOD 14:04:46 <abhishekk> jokke_, great 14:04:57 <abhishekk> rosmaita, kindly have a look as well 14:05:31 <abhishekk> As milestone release is near, we have started hitting parser error again 14:05:58 <abhishekk> daily once/twice zuul jobs are fails with parser error 14:06:25 <abhishekk> So, we need to keep this in mind as well 14:06:35 <abhishekk> We have very less time now 14:07:04 <jokke_> kk 14:07:16 <abhishekk> Moving ahead 14:07:29 <abhishekk> #topic deprecate 'checksum' this cycle? 14:07:44 <abhishekk> rosmaita, floor is your 14:07:58 <abhishekk> s/your/yours 14:08:25 <abhishekk> between, I went through the logs of last meeting and had general idea about this discussion 14:08:46 <rosmaita> yes, i guess the logs said it all 14:08:54 <abhishekk> If we want to deprecate checksum this cycle, we should do it now 14:09:18 <rosmaita> yes, i think we should deprecate in the sense that it will no longer be populated 14:09:27 <rosmaita> but we keep the 'checksum' in hte image response 14:09:34 <rosmaita> for backward compat 14:09:42 <smcginnis> That seems safe. 14:09:49 <abhishekk> I like the idea and keeping the image property for backward compatibility 14:09:56 <jokke_> ++ 14:10:01 <rosmaita> i guess the other option would be 14:10:12 <rosmaita> glance checks to see if md5 is available 14:10:17 <rosmaita> and computes it if possible? 14:10:25 <rosmaita> probably better to just stop using it, i think 14:10:35 <abhishekk> First one is simple and better 14:10:46 <rosmaita> ok, works for me 14:10:46 <rosmaita> we will have to make some changes in the client 14:10:52 <jokke_> I agree, people are compaining more and more about us doing it and depending on md5 libs 14:11:03 <rosmaita> the client will have to fail gracefully if md5 is not around 14:11:24 <abhishekk> yes 14:11:34 <rosmaita> but it should probably still support computing md5 if that's all that's on the image 14:11:49 <jokke_> the client should handle already not having md5 just fine as it's not in all images 14:12:04 <abhishekk> +1 14:12:19 <rosmaita> no, what i mean is md5 is there but the os_hash stuff is not 14:12:28 <rosmaita> then client will try to compute the hash 14:12:40 <rosmaita> and crash & burn if it cannot do it 14:13:12 <rosmaita> s/md5/checksum/ 14:13:21 <rosmaita> not sure if i was clear there? 14:14:01 <abhishekk> this you are talking about legacy images, right? 14:14:15 <rosmaita> right 14:14:49 <jokke_> yep, that behaviour might be something worth of asking from operators. I think it would be bad to not check if the checksum is available but there might be other opinions 14:15:10 <abhishekk> good idea 14:15:27 <rosmaita> we have some kind of option now about use md5 as a last resort or something 14:15:34 <rosmaita> i don't remember 14:15:47 <abhishekk> I need to check as well 14:16:00 <jokke_> we just revert checking if checksum is there in cases multihash is not 14:16:09 <abhishekk> anyone volunteer for doing operators survey? 14:16:44 <rosmaita> what exactly would we be asking? 14:18:12 <abhishekk> what should be ideal way if checksum is there and os_hash is not available 14:18:30 <jokke_> I think 2 questions: 1) Do we want to expect that md5 checksum is computable if that's the only thing image has and fail if we can calculate it. 2) Do we want to have checksum around at all after deprecation or should we do db migration and get rid of it all together 14:18:50 <jokke_> "fail if we can't calculate it" 14:19:48 <rosmaita> here's what we have now: 14:19:51 <rosmaita> --allow-md5-fallback If os_hash_algo and os_hash_value properties are 14:19:51 <rosmaita> available on the image, they will be used to validate 14:19:51 <rosmaita> the downloaded image data. If the indicated secure 14:19:51 <rosmaita> hash algorithm is not available on the client, the 14:19:51 <rosmaita> download will fail. Use this flag to indicate that in 14:19:52 <rosmaita> such a case the legacy MD5 image checksum should be 14:19:52 <rosmaita> used to validate the downloaded data. You can also set 14:19:53 <rosmaita> the environment variable OS_IMAGE_ALLOW_MD5_FALLBACK 14:19:53 <rosmaita> to any value to activate this option. 14:20:22 <rosmaita> i think we should keep that behavior 14:20:41 <rosmaita> next question is, what to do when md5 not available? 14:20:49 <rosmaita> i think we fail the download by default 14:21:03 <rosmaita> but we will have to also have an override 14:21:11 <rosmaita> because otherwise the user is completely screwed 14:22:03 <jokke_> nope, if md5 is not there we just accept the image 14:22:22 <rosmaita> that seems counterintuitive 14:22:52 <abhishekk> what other option do we have? 14:22:57 <rosmaita> jokke_: when you say "md5 is not there" do you mean the algorithm or the checksum property? 14:23:49 <jokke_> ah, the property 14:24:18 <rosmaita> ok, so the situation is: no multihash, there *is* a checksum, but the algorithm is not available 14:24:37 <rosmaita> i don't think we want to silently accept the download without some kind of warning 14:25:22 <rosmaita> current behavior is: if multihash/checksum properties exist, and download succeeds, then something was verified 14:25:31 <rosmaita> i dont' think we want to break that 14:26:23 <jokke_> my point exactly, so I think we should fail if no multihash, but checksum and no md5 lib 14:26:35 <jokke_> or we should just get rid of checksum all together 14:27:05 <abhishekk> later founds more reasonable to me 14:27:06 <rosmaita> ok, i misunderstood your comment (09:22:03 AM) jokke_: nope, if md5 is not there we just accept the image 14:28:06 <jokke_> yeah, sorry so "if not multihash or checksum properties" 14:28:29 <abhishekk> I guess as jokke_ suggested we should do the survey 14:28:34 <rosmaita> so the issue is, if i am a user and my system doesn't have the md5 algo, and i want to download an image, and it only has 'checksum' ... it will fail 14:28:44 <rosmaita> do we want any way to override that? 14:28:54 <rosmaita> i guess you can just do a direct API call 14:28:55 <jokke_> I think it should 14:29:15 <rosmaita> yes, agree about the fail; question is do we allow an override in the client 14:29:49 <rosmaita> (sorry to be a PITA, but we have to be really clear about what we are asking if we do a survey) 14:30:13 <jokke_> like you said, there is the expectation currently that if we have hash in the image and download succeeds, it has been verified 14:30:57 <rosmaita> right, and if it fails, you figure a network disruption or something and try again 14:31:19 <rosmaita> but in this case there will be no chance of a retry succeeding 14:31:40 <jokke_> yep ... and if you happen to just be desktop user downloading the image for what ever reason and you land to the situation where it fails due no md5, you can fix your system :P 14:31:41 <rosmaita> i guess, the answer is: ask your system admin to install md5 ! 14:31:50 <rosmaita> ok, we agree then 14:32:27 <abhishekk> cool 14:32:48 <abhishekk> rosmaita, could you please create the survey? 14:33:23 <rosmaita> i dont' think there's anything to ask anymore? 14:33:49 <abhishekk> fine 14:33:50 <rosmaita> we will just fail when verification data exists, but there is no algorithm present to do the validation 14:33:55 <rosmaita> same as current behavior 14:34:02 <jokke_> well there is still the question do we want to keep checksum and that md5 stuff in the system at all 14:34:19 <rosmaita> well, the 'checksum' field definitely yes 14:34:26 <jokke_> or do we want to get rid of it when deprecated and free up the space from db 14:34:29 <rosmaita> but i thought we agreed just no pupulating ti at all 14:34:43 <rosmaita> we can't get rid of it unless we have a migration path 14:34:57 <rosmaita> and it will be a nightmare to convert all this crap to sha512 14:34:59 <abhishekk> which might be cumbersome 14:35:10 <rosmaita> i don't think any backend supports direct computation 14:35:19 <rosmaita> you will have to download, compute, and set the properties 14:35:28 <rosmaita> (whicih you arent' allowed to set) 14:35:35 <rosmaita> i mean, an admin would have to do that 14:35:43 <jokke_> when was it we implemented multihash? 14:35:44 <rosmaita> it's just one small column 14:35:54 <rosmaita> stein, maybe? 14:35:57 <rosmaita> possibly rocky 14:36:05 <abhishekk> rocky 14:36:36 <rosmaita> anyway, i think we have to continue to compute it in ussuri 14:36:36 <abhishekk> it tagged along with multiple stores 14:36:45 <abhishekk> yes 14:37:05 <rosmaita> key thing is to get the word out that it will not be computed or populated in victoria 14:37:45 <abhishekk> and that is why we should do it quickly 14:37:54 <jokke_> well if we deprecate it now, and give one cycle, we can stop doing it in X 14:38:17 <abhishekk> that is actual deprecation policy IMO 14:38:24 <jokke_> mhm 14:38:48 <rosmaita> yes, if deprecated in U can be removed in V 14:39:09 <rosmaita> it will still exist in U 14:39:14 <rosmaita> that satisfies the policy 14:39:19 <abhishekk> ok 14:39:25 <abhishekk> Moving ahead, as we have more topics to discuss 14:39:47 <abhishekk> In short we all agree to deprecate the checksum this cycle 14:39:59 <abhishekk> #topic Multiple store import plugins 14:40:30 <abhishekk> These two patches are very much important and needs to get merged before Tuesday 14:40:37 <abhishekk> multiple import impl - https://review.opendev.org/667132 14:40:47 <abhishekk> #link https://review.opendev.org/667132 14:41:12 <abhishekk> I guess yebinama is on leave but he promised to have a look if there are any review comments 14:41:53 <abhishekk> I have verified his patch, still need some doc changes but we can do it in separate patch 14:42:14 <abhishekk> Tested functionally with 2 ceph and 3 file stores 14:42:31 <abhishekk> and another one is; Copying existing image impl 14:42:40 <abhishekk> #link https://review.opendev.org/696457 14:42:54 <abhishekk> This one is depends on former patch 14:43:27 <abhishekk> Everything is complete with doc changes, functional tests (including revert check) as well as release notes 14:43:43 <abhishekk> Please, please review :D 14:43:52 <abhishekk> Moving ahead; 14:44:04 <abhishekk> #topic puppet-tripleo needs glance release to get merged 14:44:27 <abhishekk> So tripleo guys are working on adding multiple stores support in deployment 14:44:40 <abhishekk> but they are stuck as they need latest glance release 14:44:51 <jokke_> I thought it was glance_store they had issue with, not glance service 14:45:32 <abhishekk> nope, it's glance which was not returning unicode value for store id 14:45:57 <abhishekk> Unfortunately I have been testing everything on py3 so never encountered this issue 14:46:04 <abhishekk> #link https://review.opendev.org/704373 14:46:14 <abhishekk> see the last comment on the patch 14:46:54 <abhishekk> We need to release M2 on time to unblock them 14:47:32 <abhishekk> Moving ahead; 14:47:37 <abhishekk> #topic U Community Goal: Project PTL & Contrib Docs Update 14:47:46 <abhishekk> #link http://lists.openstack.org/pipermail/openstack-discuss/2020-February/012364.html 14:48:09 <abhishekk> We already have contributors guide, development policies in our repo 14:48:18 <jokke_> yup 14:48:21 <abhishekk> so do we need to follow this community goal? 14:49:25 <abhishekk> I guess we are good 14:49:32 <jokke_> I assume you can just mark it as complete 14:49:47 <jokke_> we have the release guide as well 14:50:08 <abhishekk> Ok, I will revert to that mail as well after marking it as complete 14:50:33 <smcginnis> That was my take too - that we already had what we needed. 14:50:49 <abhishekk> cool 14:51:11 <abhishekk> I will revert back to mail with appropriate links 14:51:39 <abhishekk> #topic Open Discussion 14:51:42 <jokke_> there should be storybord or bug for that somewhere you need to go and mark done 14:52:01 <abhishekk> jokke_, yes that is mentioned in the mail 14:52:06 <abhishekk> I will do it 14:52:29 <abhishekk> guys please review the patches 14:52:36 <jokke_> ok quick question. Anyone has a problem if I try to squeeze uncompress plugin in still this cycle? Seems that lots of image providers are doing compressed images which makes web-download useless 14:53:04 <abhishekk> fine by me 14:53:19 <rosmaita> no objection here 14:53:39 <jokke_> gr8 14:53:44 <jokke_> tht's all from me 14:54:08 <abhishekk> rosmaita, smcginnis anything from you? 14:54:25 <smcginnis> Nothing from me. 14:54:35 <rosmaita> nope -- should i do a spec lite for checksum deprecation? 14:54:54 <abhishekk> yes, that will be good 14:54:58 <rosmaita> i think there will be no code change, just a release note 14:55:19 <rosmaita> ok, i'll get that moving 14:55:25 <abhishekk> thanks 14:55:30 <abhishekk> Thank you all 14:55:38 <abhishekk> Keep reviewing :D 14:55:51 <jokke_> thanks! o7 14:56:24 <abhishekk> I will be online during night time from tomorrow 14:56:40 <abhishekk> till M2 release 14:56:55 <abhishekk> Thank you again!! 14:57:00 <abhishekk> Have a good day 14:57:00 <smcginnis> Thanks! 14:57:08 <abhishekk> #endmeeting