14:01:01 <abhishekk> #startmeeting glance 14:01:02 <openstack> Meeting started Thu Jul 2 14:01:01 2020 UTC and is due to finish in 60 minutes. The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:01:03 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:01:05 <openstack> The meeting name has been set to 'glance' 14:01:08 <abhishekk> #topic roll call 14:01:13 <abhishekk> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:01:15 <abhishekk> o/ 14:01:18 <mhen> greetings o/ 14:01:22 <rosmaita> o/ 14:01:22 * dansmith lurks 14:01:36 <Steap> (croelandt here, this is my only registered nick) 14:01:38 <Steap> o/ 14:01:39 <jokke> o/ 14:01:58 <abhishekk> cool, lets start 14:02:20 <abhishekk> #topic release/periodic jobs update 14:02:33 <abhishekk> V2 is 3 weeks away 14:03:04 <abhishekk> we need reviews on specs and get those merged within next couple of weeks 14:03:17 <abhishekk> so please spend some time in reviewing specs 14:03:46 <dansmith> so I need to get a spec up for the admin delegation thing soon 14:04:07 <abhishekk> apart from specs, dansmith and I found 3-4 bugs around copy plugins, patches for those fixes are up as well 14:04:13 <abhishekk> kindly review them as well 14:04:22 <abhishekk> dansmith, yes 14:04:52 <abhishekk> After meeting I will send mail regarding review priorities of the week 14:05:25 <dansmith> are there no approved glance specs for v yet? 14:05:30 <dansmith> directory looks empty 14:05:45 <abhishekk> dansmith, nothing at the moment 14:05:50 <dansmith> yikes okay 14:06:10 <abhishekk> I know :( 14:06:49 <abhishekk> regarding periodic job we have 1 timeout for all days in a week to functional-py36 jobs 14:07:14 <abhishekk> will spend some time around it to identify the cause of timeout 14:08:00 <abhishekk> jokke, rosmaita, smcginnis please focus on specs reviews as much as possible 14:08:02 <abhishekk> moving ahead 14:08:37 <rosmaita> abhishekk: ack 14:08:52 <abhishekk> I am going to skip 2nd and 3rd topic which is about reviews, backport reviews which I will include in a review priority mail 14:09:17 <abhishekk> Directly jumping to Open discussion 14:09:25 <abhishekk> #topic Open Discussion 14:09:39 <abhishekk> Retry feature for glanceclient, like the one in neutronclient? 14:09:46 <Steap> Yep 14:09:55 <Steap> so this is asked by one of my customers 14:10:10 <Steap> Obviously this is useless if the network is terribly bad 14:10:24 <Steap> but the idea kind of makes sense to me 14:10:41 <Steap> The neutron client can retry certain requests after they failed 14:10:53 <rosmaita> Steap: can you give an example scenario for glanceclient 14:10:55 <Steap> this is something that can be done when the client is used as a library 14:11:00 <abhishekk> So in what kind of failures it does consider for retrying? 14:11:12 <abhishekk> just what rosmaita asked 14:11:35 <Steap> The customer who requested that failed that it could be useful when Glance is used with Cinder 14:12:04 <Steap> so Cinder would actually ask glance to retry N times 14:12:18 <Steap> as I said, I'm a bit afraid that the customer's network is at fault here :) 14:12:31 <Steap> but it can happen that something goes wrong, and retrying fixes the issue 14:12:48 <Steap> the default behaviour would be the same as right now: do not retry anything, ever. 14:12:52 <rosmaita> on the cinder side, i think we already retry when trying to get stuff out of glance 14:14:35 <abhishekk> at the moment I am not able to point out any scenario where we can retry on failure 14:14:40 <Steap> so you "manually" call client.method() multiple times 14:15:01 <Steap> abhishekk: let's say you want to get a list of all images and are hit with a network error 14:17:03 <abhishekk> I can relate it but imo this retry thing should be added in the consumer of client 14:17:07 <rosmaita> https://opendev.org/openstack/cinder/src/branch/master/cinder/image/glance.py#L205-L214 14:17:46 <abhishekk> same thing ^^ 14:17:50 <Steap> hehe 14:18:10 <jokke> yeah, for cli part I can see why it would be nce to have retry in image-list ... if you fail paging call 100 and the whole thing blows up at that point, it might be bit annoying ;) 14:18:21 <Steap> ok, it makes sense to not add the "retry" option in both the library and the consumer 14:19:00 <jokke> but for the python lib side, yes I do agree that the consumer should catch the errors they expect and handle retries if they so wish to do 14:19:22 <abhishekk> +1 14:19:47 <Steap> I was not aware Cinder already did this 14:19:57 <Steap> so let's forget about the generic retry in the library 14:20:06 <jokke> ++ 14:20:07 <Steap> I'll deal with my customer :) 14:20:09 <Steap> thanks 14:20:13 <rosmaita> and the number of retries is configurable in cinder 14:20:14 <jokke> Thanks Cyril 14:20:17 <abhishekk> Step (cyril :D) thank you 14:20:46 <abhishekk> mhen, you are next 14:21:26 <mhen> so I was playing around with Global Request IDs in OpenStack and l believe I identified two issues in Glance 14:21:39 <mhen> #link http://lists.openstack.org/pipermail/openstack-discuss/2020-June/015672.html 14:22:45 <mhen> If any of you could spare a few minutes to have a look and tell me whether/where to report this, I would appreciate it 14:22:58 <abhishekk> will go through your mail and comment/reply accordingly 14:23:08 <mhen> abhishekk, thank you 14:23:19 <mhen> it's not urgent for me 14:23:37 <mhen> but didn't receive any reply so far, so just wanted to make you aware 14:23:43 <abhishekk> this request-id work has been to old to remember now, so need some to time to remember it 14:23:46 <rosmaita> mhen: off topic, but i left a comment on your spec, but it basically looks ok to me 14:24:17 <abhishekk> I have seen that mail but didn't got time, but will try to put some time in this week 14:24:27 <mhen> abhishekk, appreciated 14:24:51 <abhishekk> mhen, no problem, thanks for bringing this in discussion 14:25:14 <jokke> Couple of qick things from my side: 14:25:31 <abhishekk> next one is also yours 14:25:58 <mhen> jokke, related to the global request id thingy? 14:26:15 <jokke> nope generally on open discussion 14:26:37 <mhen> I have one other topic if you don't mind 14:26:47 <abhishekk> mhen, we need support in python-glanceclient as well 14:27:07 <jokke> mhen: absolutely go for it 14:27:16 <mhen> abhishekk, support as in support when using it as an actual CLI client? 14:27:28 <mhen> (instead of as a library) 14:28:21 <abhishekk> mhen, need to revisit my comment might be I misjudged it 14:28:39 <mhen> because, python-glanceclient as a library (when used by others, such as Nova) already has support for it (albeit broken at times, see mail) 14:29:14 <abhishekk> ack 14:29:33 <jokke> mhen: I think abhishekk is already on your encryption topic ;) 14:29:46 <mhen> oh 14:30:02 <abhishekk> sorry, I was talking about encryption one 14:30:07 <mhen> sorry, I was still on about the global request id 14:30:11 <jokke> ;) 14:30:20 <mhen> okay about the image encryption 14:30:36 <mhen> so the argument was that we should support glanceclient in favor of openstackclient 14:31:04 <mhen> my question is: does glanceclient support using other clients as libraries (such as barbicanclient), like openstackclient does? 14:31:26 <mhen> we'd need to make some calls to Barbican during the image encryption process for key retrieval for instance 14:31:41 <jokke> mhen: nope, and as such I'm not convinced we should do the encryption in glanceclient 14:31:48 <abhishekk> no, that's why I said I need to revisit my comment again 14:32:43 <mhen> do you see any other alternative than openstackclient then? (I don't tbh) 14:34:51 <abhishekk> in openstack client you are going to do some changes to barbican commands or glance commands? 14:35:00 <jokke> mhen: honestly I personally think people actually doing this won't be using either. They will have their image build pipeline doing all this without human interaction and thus I think we as Glance community need to make sure we can handle the metadata etc. in our end, I think openstack client is good place to put the "manual" functionality so people can test it and handle the manually created 14:35:06 <jokke> images. 14:35:45 <jokke> But I don't see huge urge to have actual client for encrypting images per se and definitely not the usecase for glanceclient doing it 14:36:04 <mhen> as an example, we added: "openstack image create --file myimage.raw --encryption-secret-id $BARBICAN_SECRET_ID my-encrypted-image" which locally encrypts an image and uploads it 14:37:03 <abhishekk> hmm 14:37:17 <mhen> tbh having to fiddle with encryption stuff manually is tedious and error-prone 14:37:46 <mhen> that's why we also added image signing automation into openstackclient (contributed upstream) 14:38:21 <jokke> mhen: yep .. and like said I think the osc for the "manual" usecase is great for testing and people to fiddle around, but I really don't expect majority of production users who would need this using that 14:38:22 <abhishekk> ack 14:40:08 <mhen> so, you think they'd be using the API directly and push their encrypted images this way (which they encrypted beforehand using some other pipeline)? 14:40:09 <abhishekk> Ok I will revisit my comment 14:40:43 <jokke> mhen: yeah, I'd expect these being integrated to what ever image building pipeline they are using. 14:40:50 <jokke> Being it Jenkins or something else 14:41:33 <mhen> I see your point but would it actually hurt to add this option to the client? Our architecture outsources the required methods to os-brick lib anyway - so essentially it's just method calls. 14:42:44 <jokke> mhen: glanceclient, I'd prefer not bloating it with all the dependencies to do it, like said osc is great place for it as it has pretty much all the dependency integrations already 14:43:35 <mhen> glanceclient does not provide the necessary requirement (using other client libs) anyway, it would need to be osc or none 14:44:26 <jokke> mhen: it doesn't mean you can't create encrypted images with glanceclient (and we need to make sure that is the case and that our schemas etc. works for that) as long as you have the key id and the excrypted payload 14:44:34 <abhishekk> So we need to document about this 14:44:39 <jokke> yup! 14:45:46 <abhishekk> last 15 minutes 14:45:55 <tosky> just a reminder for this backport of the zuulv3 migration backport to ussuri: https://review.opendev.org/#/c/738693/ (which I will backport to train) and this train-specific zuul change (already applied in other way on >=ussuri): https://review.opendev.org/#/c/739056/ 14:46:01 <tosky> EOF 14:46:29 <abhishekk> tosky, I will include these in review priority mail 14:46:31 <mhen> jokke, I thought you were against it altogether but when you are fine with us putting it in osc then that's good 14:46:41 <jokke> mhen: my point was kind of if we expected the main use case being people doing this by hand, we probably should look into automating it with glanceclient or independent tooling. But for testing/development/odd manual usage purposes the osc is perfect place to do it 14:47:00 <mhen> jokke, agreed 14:48:35 <abhishekk> anything else mhen ? 14:49:16 <mhen> no, that's it, thanks for your attention :) 14:49:41 <jokke> mhen: if oyu could do it a way that one can also just encrypt the image locally without directly uploading it to glance from osc, that would be amazing 14:50:12 <mhen> jokke, will consider that, thanks for the suggestion 14:51:05 <abhishekk> jokke, you want to discuss something right? 14:51:06 <tosky> abhishekk: thanks! It's not supercritical but the sooner they (and the last one which will be created after merging the ussuri patch) are merged, the better (easier maintenance) 14:51:15 <jokke> abhishekk: yeah couple of things 14:51:24 <abhishekk> please go ahead 14:51:29 <abhishekk> tosky, ack 14:52:14 <jokke> 1) Relating to what dansmith has been working on (big hand Dan!) we kind of realized how bad idea it is to run the plugins as part of copy-image ... so there is patch up for it 14:52:43 <jokke> #link https://review.opendev.org/#/c/738675/ 14:52:55 <jokke> The tests need bit more refining, but working on thta 14:53:04 <abhishekk> ack 14:53:06 <jokke> thanks abhishekk helping out with those tests 14:53:15 <abhishekk> :D 14:53:15 <jokke> the second one is a beast 14:53:34 <jokke> #link https://review.opendev.org/#/c/738672/ 14:53:59 <jokke> deprecation removals including remains of registry and Images API v1 14:54:47 <jokke> 3 patches to go, the linked oe should be ready. The one after that I need to create dummy wsgi entry for v1 (sorry, QA/grenade) hit us again 14:55:33 <abhishekk> registry removal patch is merged 14:55:35 <jokke> should have it ready when the enable_v2_api removal merges and the last one is just config cleanup for all the stuff that was thrown away in the process 14:55:51 <abhishekk> the link you pasted here is removal of enable_v2_api 14:55:51 <jokke> yes the first one of the chain merged this morning, thank you 14:56:00 <jokke> abhishekk: correct 14:56:07 <jokke> it's the first one still in review 14:56:37 <abhishekk> hmm, I will include those on review priority mail as well 14:57:05 <abhishekk> we need to get these big patches in to avoid merge conflicts :D 14:57:08 <jokke> As these patches touches all over our codebase, please lets not keep them hanging as it will be absolute rebase nightmare 14:57:26 <abhishekk> ack 14:57:26 <jokke> that's all from me 14:57:46 <abhishekk> thank you jokke 14:57:54 <abhishekk> anything else guys? 14:58:36 <abhishekk> cool, keep eye on priority mail 14:58:54 <abhishekk> thank you all, have a nice time ahead 14:59:02 <jokke> thanks all! 14:59:12 <Steap> Thanks! 14:59:17 <mhen> thank you, see ya 14:59:24 <abhishekk> #endmeeting