14:09:23 #startmeeting glance 14:09:25 Meeting started Thu Jan 21 14:09:23 2021 UTC and is due to finish in 60 minutes. The chair is jokke. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:09:26 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:09:28 The meeting name has been set to 'glance' 14:09:32 #topic roll-call 14:09:44 o/ 14:09:55 o/ 14:10:51 #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:11:09 o/ 14:11:16 isn't abhishekk back today? 14:11:34 Tomorrow, they had good Wedding week ;) 14:11:39 dang 14:12:21 I think that's everyone so lets get started 14:12:35 well, best wishes from the glance team to the newlyweds! 14:12:51 it is his sister I think 14:13:01 #topic release updates 14:13:09 #undo 14:13:10 Removing item from minutes: #topic release updates 14:13:14 dansmith: yes, but still 14:13:16 indeed his sister 14:13:25 and indeed big GZ! 14:13:33 #topic release updates 14:13:51 So we have m-2 release patch waiting ofr the release team to get it tagged 14:14:07 nothing special on that 14:14:44 #topic reserved image properties 14:14:57 dansmith: I think this is yours 14:15:01 i forget why i put that on the agenda 14:15:19 patches are up, would love some review :) 14:15:27 oh, yeah, there are some side impacts 14:15:33 #link https://review.opendev.org/q/topic:%22os-glance-namespace%22+(status:open%20OR%20status:merged) 14:15:42 I have a nova fix also because nova was abusing some props that this will prevent 14:16:33 i think we need to remove that deprecated option that disallows custom image properties 14:16:44 #link https://specs.openstack.org/openstack/glance-specs/specs/ussuri/approved/glance/deprecate-allow-custom-props.html 14:16:47 that one 14:16:52 yep 14:17:07 i guess it's assigned to me, but i wonder if cyril might pick it up 14:17:36 that needs to go before the reserved props? just because they could technically put reserved props in the additional list? 14:17:44 I also think we should not count os_glance_* for the quota 14:18:18 oh, yeah, I was supposed to look at that, but this doesn't change behavior if we're already doing that 14:18:21 i agree, though am not sure how easy that will be 14:18:42 i think our quota management is onion-layered 14:18:56 I'm pretty sure it is 14:19:24 yeah, so the short-term fix would be set a min on the quota that allows for maybe 5 or so of those properties 14:20:01 and dansmith to answer your question, i am not sure whether the reserved properties would be blocked if custom properties are disallowed 14:20:12 not sure where that enforcement happens 14:20:21 rosmaita: the enforcement is at the API layer, so I think not 14:20:40 ok, that would be good 14:21:05 i think we still need to remove the custom properties turnoff, because all sorts of services rely on them 14:22:02 but maybe we don't have to absolutely do it in wallaby 14:22:29 I think we need to deprecate it and wait at least a cycle anyways 14:22:35 does that mean execute on the planned deprecation or cancel the deprecation? 14:22:42 as per the standard deprecation policy 14:22:47 i thought it was deprecated already 14:22:51 i will check 14:23:22 ohh, might be my bad. if it was indeed deprecated in ussuri where that spec is, we should be fine removing it now 14:24:00 right, so I'm asking if rosmaita is talking about undeprecating, or continuing on removal 14:24:02 yes, glance conf is showing deprecated since ussuri 14:24:23 i am talking about removing it 14:24:31 continuing with the deprecation 14:24:43 okay, you said "remove the custom turnoff, because people rely on it" so I was all confused :) 14:24:47 i wasn't sure if it would impact glance's own use of additional properties 14:24:57 sorry, what i meant was 14:25:21 all sorts of services use custom image properties (like cinder_encryption_key_id) 14:25:30 and some hypervisor stuff for nova 14:25:48 so if you turn them off, all sorts of stuff will break in your cloud 14:26:06 so we should remove the temptation to turn them off 14:26:10 right, but this is just talking about removing the static list of allowed ones yeah? 14:26:19 no 14:26:40 there's an option that restricts whether *any* properties outside the image schema are allowed 14:26:48 dansmith: we have config option that allows deployer to turn off all custom properties that are not supplied by glance 14:26:55 oh, it's a toggle I see 14:27:26 sorry, I thought it was a list for some reason. I'm caught up now 14:27:30 yeah, not sure why it was there, but it was 14:27:53 I think that's still remains from the Images API v1 times 14:28:45 so very early days 14:29:15 yeah, before the "quotas" were introduced 14:29:22 i blame jay pipes! 14:29:28 What I do not know is if we can change the minimum quota or if we just need to document it 14:30:04 good question 14:30:34 what happens if the user uses all N on create, 14:30:50 that would be a problem 14:30:51 and then when we go to import... will glance get stuck unable to add os_glance_importing_to_stores? 14:31:09 that requires some investigation 14:31:25 comes down to where the enforcement actually happens 14:31:41 dansmith: that's why I was saying we just shouldn't count the os_glance_ in the quota at all now when we're preventing external setting of them 14:31:49 well, if it's onioned, I expect way below the api 14:32:06 jokke: yep, I'm totally on board with that, 14:32:13 I'm just saying maybe upping the minimum isn't good enough 14:32:22 that's my worry, it was implemented while markwash was PTL iirc 14:32:28 and he was big on the onion 14:32:48 oh, is that who I should name my voodoo doll after? 14:33:11 dansmith: agreed and I don't know if we even can do that. Even changing some default values has been massive fight with QA, so I guess if tempest is testing any of the property quota stuff, changing it will be no-go 14:33:28 i'm pretty sure they don't 14:34:00 I don't think that'd be a fight, FWIW, but that's a good reason to actually exclude it from the quota, in addition to the DoS problem 14:35:04 Yeah I don't think enforcing minimum quota will do any good if someone decides that they want feck around 14:38:10 anything else about this? 14:39:01 only whether we have an action item 14:39:11 i guess dansmith will look into this? 14:39:21 I still don't think either of these things are important to do before we land this enforcement, 14:39:31 because the enforcement doesn't change the results of either 14:40:10 i don't disagree, just think we need to have a better understanding of the quota issue before RC time 14:40:13 correct I don't see reason why they should land before landing the enforcement patch. Just need to make sure we get it sorted for the release. 14:40:21 rosmaita: ++ 14:41:02 if it's not trivial to filter the quota enforcement, let file a bug for it so we have tracker 14:41:42 well, not sure why before the release, 14:41:50 right, and if dansmith casts it as a DoS issue, should be backportable 14:41:52 since the enforcement patch isn't changing the number of keys we're using 14:42:05 but obviously it's a good idea to figure it out 14:42:26 rosmaita: it's kindof a self-dos really, so not super impactful I think 14:42:47 i agree 14:42:50 "user can prevent ... themselves from using resources" :P 14:44:32 well it's yet another very crappy user experience thing ... although I have no idea if anyone is actually using the property quotas 14:45:03 Anyways we need to have it fixed or well documented before we push release out 14:45:13 i think the default is 128 14:45:21 so probably no one has run up against this 14:45:43 and it's separate even without the enforcement as you can still shoot yourself into the foot as we are now 14:46:06 rosmaita: yeah, haven't heard anyone asking about it yet 14:46:37 moving on 14:46:53 #topic bug fest 14:47:30 Just reminder, bug scrub Tuesday next week as it will be milestone+1 week 14:47:51 #topic Open discussion 14:48:02 Anything else? 14:48:06 I have a hard stop in 13 minutes, 14:48:20 but would definitely like to talk about the distributed import stuff 14:48:34 jokke did you get a chance to validate the version issue ? pbr commit ? 14:48:53 jokke: left a comment on your ceph optimization spec 14:48:58 dansmith: i am all ears 14:49:46 rosmaita: well, I'd mostly like to hear review comments :) 14:50:04 oh 14:50:29 rajivmucheli: still on my list to look. So all: just pointer what we're talking about. rajivmucheli is seeing glance-api reporting version 19.0.0 since Train. Not sure yet wether that is problem on our end or on their fork of the repo, but it's weird anyways 14:51:41 i see the glance_store upgraded but not glance-api version. 14:52:31 rosmaita: thanks, just quick remark. I will need to double check that but IIUC that feature has been in RADOSLib for ages, we're just not using it 14:52:42 cool 14:52:48 rosmaita: as that's what cephclient is using 14:52:52 for long time 14:55:44 If there's nothing else, lets give dansmith 4min to stretch and rest of us can get back to work :D 14:56:21 nothing from me 14:56:56 kk, we can continue is #openstack-glance for anything else. Thanks All! 14:57:02 #endmeeting