#openstack-meeting log

14:09:23 <jokke> #startmeeting glance
14:09:25 <openstack> Meeting started Thu Jan 21 14:09:23 2021 UTC and is due to finish in 60 minutes.  The chair is jokke. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:09:26 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:09:28 <openstack> The meeting name has been set to 'glance'
14:09:32 <jokke> #topic roll-call
14:09:44 <jokke> o/
14:09:55 <rosmaita> o/
14:10:51 <jokke> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:11:09 <dansmith> o/
14:11:16 <dansmith> isn't abhishekk back today?
14:11:34 <jokke> Tomorrow, they had good Wedding week ;)
14:11:39 <dansmith> dang
14:12:21 <jokke> I think that's everyone so lets get started
14:12:35 <rosmaita> well, best wishes from the glance team to the newlyweds!
14:12:51 <dansmith> it is his sister I think
14:13:01 <jokke> #topic release updates
14:13:09 <jokke> #undo
14:13:10 <openstack> Removing item from minutes: #topic release updates
14:13:14 <rosmaita> dansmith: yes, but still
14:13:16 <jokke> indeed his sister
14:13:25 <jokke> and indeed big GZ!
14:13:33 <jokke> #topic release updates
14:13:51 <jokke> So we have m-2 release patch waiting ofr the release team to get it tagged
14:14:07 <jokke> nothing special on that
14:14:44 <jokke> #topic reserved image properties
14:14:57 <jokke> dansmith: I think this is yours
14:15:01 <rosmaita> i forget why i put that on the agenda
14:15:19 <dansmith> patches are up, would love some review :)
14:15:27 <rosmaita> oh, yeah, there are some side impacts
14:15:33 <jokke> #link https://review.opendev.org/q/topic:%22os-glance-namespace%22+(status:open%20OR%20status:merged)
14:15:42 <dansmith> I have a nova fix also because nova was abusing some props that this will prevent
14:16:33 <rosmaita> i think we need to remove that deprecated option that disallows custom image properties
14:16:44 <jokke> #link  https://specs.openstack.org/openstack/glance-specs/specs/ussuri/approved/glance/deprecate-allow-custom-props.html
14:16:47 <jokke> that one
14:16:52 <rosmaita> yep
14:17:07 <rosmaita> i guess it's assigned to me, but i wonder if cyril might pick it up
14:17:36 <dansmith> that needs to go before the reserved props? just because they could technically put reserved props in the additional list?
14:17:44 <jokke> I also think we should not count os_glance_* for the quota
14:18:18 <dansmith> oh, yeah, I was supposed to look at that, but this doesn't change behavior if we're already doing that
14:18:21 <rosmaita> i agree, though am not sure how easy that will be
14:18:42 <rosmaita> i think our quota management is onion-layered
14:18:56 <jokke> I'm pretty sure it is
14:19:24 <rosmaita> yeah, so the short-term fix would be set a min on the quota that allows for maybe 5 or so of those properties
14:20:01 <rosmaita> and dansmith to answer your question, i am not sure whether the reserved properties would be blocked if custom properties are disallowed
14:20:12 <rosmaita> not sure where that enforcement happens
14:20:21 <dansmith> rosmaita: the enforcement is at the API layer, so I think not
14:20:40 <rosmaita> ok, that would be good
14:21:05 <rosmaita> i think we still need to remove the custom properties turnoff, because all sorts of services rely on them
14:22:02 <rosmaita> but maybe we don't have to absolutely do it in wallaby
14:22:29 <jokke> I think we need to deprecate it and wait at least a cycle anyways
14:22:35 <dansmith> does that mean execute on the planned deprecation or cancel the deprecation?
14:22:42 <jokke> as per the standard deprecation policy
14:22:47 <rosmaita> i thought it was deprecated already
14:22:51 <rosmaita> i will check
14:23:22 <jokke> ohh, might be my bad. if it was indeed deprecated in ussuri where that spec is, we should be fine removing it now
14:24:00 <dansmith> right, so I'm asking if rosmaita is talking about undeprecating, or continuing on removal
14:24:02 <rosmaita> yes, glance conf is showing deprecated since ussuri
14:24:23 <rosmaita> i am talking about removing it
14:24:31 <rosmaita> continuing with the deprecation
14:24:43 <dansmith> okay, you said "remove the custom turnoff, because people rely on it" so I was all confused :)
14:24:47 <rosmaita> i wasn't sure if it would impact glance's own use of additional properties
14:24:57 <rosmaita> sorry, what i meant was
14:25:21 <rosmaita> all sorts of services use custom image properties (like cinder_encryption_key_id)
14:25:30 <rosmaita> and some hypervisor stuff for nova
14:25:48 <rosmaita> so if you turn them off, all sorts of stuff will break in your cloud
14:26:06 <rosmaita> so we should remove the temptation to turn them off
14:26:10 <dansmith> right, but this is just talking about removing the static list of allowed ones yeah?
14:26:19 <rosmaita> no
14:26:40 <rosmaita> there's an option that restricts whether *any* properties outside the image schema are allowed
14:26:48 <jokke> dansmith: we have config option that allows deployer to turn off all custom properties that are not supplied by glance
14:26:55 <dansmith> oh, it's a toggle I see
14:27:26 <dansmith> sorry, I thought it was a list for some reason. I'm caught up now
14:27:30 <rosmaita> yeah, not sure why it was there, but it was
14:27:53 <jokke> I think that's still remains from the Images API v1 times
14:28:45 <jokke> so very early days
14:29:15 <rosmaita> yeah, before the "quotas" were introduced
14:29:22 <rosmaita> i blame jay pipes!
14:29:28 <jokke> What I do not know is if we can change the minimum quota or if we just need to document it
14:30:04 <rosmaita> good question
14:30:34 <dansmith> what happens if the user uses all N on create,
14:30:50 <rosmaita> that would be a problem
14:30:51 <dansmith> and then when we go to import... will glance get stuck unable to add os_glance_importing_to_stores?
14:31:09 <rosmaita> that requires some investigation
14:31:25 <rosmaita> comes down to where the enforcement actually happens
14:31:41 <jokke> dansmith: that's why I was saying we just shouldn't count the os_glance_ in the quota at all now when we're preventing external setting of them
14:31:49 <dansmith> well, if it's onioned, I expect way below the api
14:32:06 <dansmith> jokke: yep, I'm totally on board with that,
14:32:13 <dansmith> I'm just saying maybe upping the minimum isn't good enough
14:32:22 <rosmaita> that's my worry, it was implemented while markwash was PTL iirc
14:32:28 <rosmaita> and he was big on the onion
14:32:48 <dansmith> oh, is that who I should name my voodoo doll after?
14:33:11 <jokke> dansmith: agreed and I don't know if we even can do that. Even changing some default values has been massive fight with QA, so I guess if tempest is testing any of the property quota stuff, changing it will be no-go
14:33:28 <rosmaita> i'm pretty sure they don't
14:34:00 <dansmith> I don't think that'd be a fight, FWIW, but that's a good reason to actually exclude it from the quota, in addition to the DoS problem
14:35:04 <jokke> Yeah I don't think enforcing minimum quota will do any good if someone decides that they want feck around
14:38:10 <jokke> anything else about this?
14:39:01 <rosmaita> only whether we have an action item
14:39:11 <rosmaita> i guess dansmith will look into this?
14:39:21 <dansmith> I still don't think either of these things are important to do before we land this enforcement,
14:39:31 <dansmith> because the enforcement doesn't change the results of either
14:40:10 <rosmaita> i don't disagree, just think we need to have a better understanding of the quota issue before RC time
14:40:13 <jokke> correct I don't see reason why they should land before landing the enforcement patch. Just need to make sure we get it sorted for the release.
14:40:21 <jokke> rosmaita: ++
14:41:02 <jokke> if it's not trivial to filter the quota enforcement, let file a bug for it so we have tracker
14:41:42 <dansmith> well, not sure why before the release,
14:41:50 <rosmaita> right, and if dansmith casts it as a DoS issue, should be backportable
14:41:52 <dansmith> since the enforcement patch isn't changing the number of keys we're using
14:42:05 <dansmith> but obviously it's a good idea to figure it out
14:42:26 <dansmith> rosmaita: it's kindof a self-dos really, so not super impactful I think
14:42:47 <rosmaita> i agree
14:42:50 <dansmith> "user can prevent ... themselves from using resources" :P
14:44:32 <jokke> well it's yet another very crappy user experience thing ... although I have no idea if anyone is actually using the property quotas
14:45:03 <jokke> Anyways we need to have it fixed or well documented before we push release out
14:45:13 <rosmaita> i think the default is 128
14:45:21 <rosmaita> so probably no one has run up against this
14:45:43 <jokke> and it's separate even without the enforcement as you can still shoot yourself into the foot as we are now
14:46:06 <jokke> rosmaita: yeah, haven't heard anyone asking about it yet
14:46:37 <jokke> moving on
14:46:53 <jokke> #topic bug fest
14:47:30 <jokke> Just reminder, bug scrub Tuesday next week as it will be milestone+1 week
14:47:51 <jokke> #topic Open discussion
14:48:02 <jokke> Anything else?
14:48:06 <dansmith> I have a hard stop in 13 minutes,
14:48:20 <dansmith> but would definitely like to talk about the distributed import stuff
14:48:34 <rajivmucheli> jokke did you get a chance to validate the version issue ? pbr commit ?
14:48:53 <rosmaita> jokke: left a comment on your ceph optimization spec
14:48:58 <rosmaita> dansmith: i am all ears
14:49:46 <dansmith> rosmaita: well, I'd mostly like to hear review comments :)
14:50:04 <rosmaita> oh
14:50:29 <jokke> rajivmucheli: still on my list to look. So all: just pointer what we're talking about. rajivmucheli is seeing glance-api reporting version 19.0.0 since Train. Not sure yet wether that is problem on our end or on their fork of the repo, but it's weird anyways
14:51:41 <rajivmucheli> i see the glance_store upgraded but not glance-api version.
14:52:31 <jokke> rosmaita: thanks, just quick remark. I will need to double check that but IIUC that feature has been in RADOSLib for ages, we're just not using it
14:52:42 <rosmaita> cool
14:52:48 <jokke> rosmaita: as that's what cephclient is using
14:52:52 <jokke> for long time
14:55:44 <jokke> If there's nothing else, lets give dansmith 4min to stretch and rest of us can get back to work :D
14:56:21 <rosmaita> nothing from me
14:56:56 <jokke> kk, we can continue is #openstack-glance for anything else. Thanks All!
14:57:02 <jokke> #endmeeting