14:00:01 <abhishekk> #startmeeting glance 14:00:01 <opendevmeet> Meeting started Thu Mar 10 14:00:01 2022 UTC and is due to finish in 60 minutes. The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:01 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:01 <opendevmeet> The meeting name has been set to 'glance' 14:00:03 <abhishekk> #topic roll call 14:00:10 <abhishekk> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:00:14 <abhishekk> o/ 14:00:27 <pdeore> o/ 14:00:57 <abhishekk> lets wait few minutes for others to join 14:01:17 <pdeore> yeah 14:01:33 <mrjoshi> o/ 14:02:47 <abhishekk> I don't see anyone else around, lets start and others can join us in between 14:03:07 <abhishekk> We have small agenda today as well, with some review requests 14:03:12 <abhishekk> lets start 14:03:21 <abhishekk> #topic Updates 14:03:37 <abhishekk> Zed PTG planning etherpad is up 14:03:59 <abhishekk> if you haven't added your name to the list of attendees, kindly do it earliest 14:04:07 <abhishekk> #link https://etherpad.opendev.org/p/zed-ptg-glance-planning 14:04:20 <abhishekk> moving ahead 14:04:28 <abhishekk> #topic release/periodic jobs update 14:04:59 <abhishekk> We are done with the Yoga cycle with the rc1 release, so nothing is pending from our side 14:05:13 <rosmaita> o/ 14:05:37 <abhishekk> periodic jobs all green \o/ 14:05:50 <pdeore> \o/ 14:05:56 <abhishekk> next one is rosmaita 14:06:11 <abhishekk> #topic lock_path required for glance_store cinder driver 14:06:21 <rosmaita> hello 14:06:30 <abhishekk> floor is yours 14:07:01 <rosmaita> doing a context switch - hope i put info in the etherpad, because i don't remember what this was about 14:07:23 <abhishekk> related to lock_path config option 14:07:29 <rosmaita> oh yeah, it's an issue that applies to the glance_store cinder driver 14:08:12 <abhishekk> #link https://docs.openstack.org/glance/latest/configuration/configuring.html#configuring-the-cinder-storage-backend 14:08:21 <jokke_> I thought Eajat already implemented that, no? 14:08:25 <jokke_> Rajat even 14:09:05 <abhishekk> I think rosmaita is talking about documenting the option 14:09:08 <rosmaita> probably not, it was fixed in koll-ansible, though 14:09:12 <rosmaita> yeah 14:09:30 <rosmaita> silly me, i looked at the glance_store docs and didn't see anything 14:09:36 <abhishekk> :D 14:09:43 <rosmaita> we can just add something to this page 14:09:52 <rosmaita> by "we" i mean i will put up a patch 14:09:59 <jokke_> ;) 14:10:03 <abhishekk> yes, this is the right place to mention 14:10:16 <rosmaita> that was really my question, how/where to doc this 14:10:18 <rosmaita> thanks! 14:10:22 <rosmaita> related, though 14:10:36 <rosmaita> the glance_store docs are out of date, still mention that it's used for Glare 14:10:54 <abhishekk> I will have a look at those and clean it up 14:11:03 <rosmaita> cool, that's all from me 14:11:15 <abhishekk> great, thank you 14:11:18 <abhishekk> moving ahead 14:11:30 <abhishekk> #topic Fips backports 14:11:41 <abhishekk> There are some backports posted for fips 14:12:02 <abhishekk> and owner wants our opinion about them 14:12:34 <abhishekk> Problem is the job which we converted to fips on master was non-voting during wallaby 14:13:05 <abhishekk> So I think that is not a valid backport (as per our policy) 14:13:13 <abhishekk> what is your opinion about it? 14:13:37 <jokke_> I don't think I have seen that job passing either so I'm pretty much against running it in stable branches just wasting infra resources 14:14:04 <abhishekk> https://review.opendev.org/q/project:openstack/glance+-branch:master+owner:afariasa 14:14:04 <jokke_> If we are talking just the testing job definitions to stable 14:14:08 <rosmaita> the owner wants to backport some changes, or just running the job in stable/wallaby 14:14:11 <rosmaita> ? 14:14:29 <abhishekk> rosmaita, above is the list of patches we have 14:14:43 <abhishekk> it has some changes to correct the old behavior in tests 14:15:31 <abhishekk> I think other option we can have is periodic job running against the stable/wallaby and stable/xena branch 14:15:59 <rosmaita> i agree with jokke_ that the first step is to have the fips jobs actually green on these patches 14:16:49 <rosmaita> in fact, i suggest we ask them to make the job voting in the patch so the zuul result is relevant 14:17:09 <rosmaita> and once it is good, they can revise the patch to make the job non-voting 14:17:24 <rosmaita> right now, zuul gives +1 and there's still a failure 14:17:35 <abhishekk> I also told the same, will convey the decision to him 14:17:49 <abhishekk> They are still debugging the issue for the job 14:17:54 <jokke_> I kind of disagree seeing how unstable that test run has been. Like it's fine for non-woting until it actually passes more than fails on it's own. Lets get it blocking the gate only after the job is stable 14:18:12 <abhishekk> agree 14:18:18 <rosmaita> jokke_: it will only vote on the patch that contains the change 14:18:24 <rosmaita> we won't make it actually voting 14:19:00 <rosmaita> i entirely agree that this job is too unstable to run in the stable branches 14:19:13 <abhishekk> ack, will discuss this with the owner 14:19:26 <jokke_> rosmaita: well the thing is it's flaky ... so if it's marked voting there, DNM needs to be flagged for now 14:19:35 <rosmaita> jokke_: right 14:19:50 <abhishekk> +1 14:20:17 <jokke_> and that really won't get him anywhere closer to merge them :P 14:20:29 <rosmaita> well, it helps us 14:20:44 <rosmaita> right now , it looks like we are the blocker, because this green patch is sitting there 14:20:53 <rosmaita> so let' make zuul give it a -1 14:20:55 <jokke_> but yeah I'd say to get the test stable and perhaps voting in master is good start before worrying bringing it to stable 14:21:05 <jokke_> rosmaita: fail 14:21:05 <rosmaita> well, that too 14:21:08 <jokke_> fair even 14:21:18 <abhishekk> ok 14:21:43 <abhishekk> that's all, moving to Open discussion 14:21:49 <abhishekk> #topic Open discussion 14:22:05 <abhishekk> I think croelandt and pdeore added some patches for review requests 14:22:11 <abhishekk> 1st one is merged 14:22:28 <abhishekk> I will just add the others for reference here 14:22:43 <abhishekk> https://review.opendev.org/c/openstack/python-glanceclient/+/821409 Remove lower-constraints.txt (If4881229) - Agreed on during the review party 14:22:43 <abhishekk> https://review.opendev.org/c/openstack/python-glanceclient/+/797779 glance help <subcommand>: Clearly specify which options are mandatory (I51ea4c43) 14:22:43 <abhishekk> https://review.opendev.org/c/openstack/glance-tempest-plugin/+/802792 Implement API protection testing for metadef resource types ( Removed the lock as per suggestions) 14:22:43 <abhishekk> https://review.opendev.org/c/openstack/glance-tempest-plugin/+/802794/14 Implement API protection testing for metadef properties ( Removed the lock as per suggestions) 14:22:45 <croelandt> yes, only the first 3 14:22:46 <abhishekk> https://review.opendev.org/c/openstack/glance-tempest-plugin/+/802795/12 Implement API protection testing for metadef tags ( Removed the lock as per suggestions) 14:23:06 <abhishekk> Last 3 are from glance-tempest-plugin and related to s-rbac function tests 14:23:07 <croelandt> 2) and 3) we agreed on during the party but never re-reviewed iirc 14:23:16 <abhishekk> I did :D 14:23:39 <croelandt> :D 14:23:47 <abhishekk> If you guys have some time, please review these patches 14:24:01 <abhishekk> 2 and 3 is trivial 14:24:22 <abhishekk> last 3 are functional and related to metadef s-rbac tests 14:24:26 <pdeore> So, as per Dan's suggestion about removing the lock and namespacing the namespace, I've updated these patches... 14:25:50 <jokke_> ack 14:26:48 <abhishekk> anything else guys? 14:27:07 <alistarle> Yep, I have a question about a new glance import method to match multi-region use-case 14:27:42 <alistarle> I have prepared a patch about a "glance-download" (instead of web-download) import method, to allow a glance image to be download directly from another glance, what do you think about that ? 14:28:14 <abhishekk> another glance deployment? 14:28:42 <alistarle> Yes my use-case is more about a glance in other region 14:29:29 <alistarle> Let's say you uploaded an image in RegionOne (VM snaphshot by example), and you want this image to be present in RegionTwo (as a backup), currently I need to download locally and use glance-direct, or use web-download 14:29:47 <abhishekk> do you know we have copy-imge import method? 14:30:09 <alistarle> Yes but copy-image is to copy an image between backends of the same glance 14:30:21 <jokke_> alistarle: are you using glanceclient for it or requests directly? 14:30:33 <alistarle> Here it is to copy image between multiple region, so multiple glance deployments 14:30:49 <jokke_> I kind of like the idea as long as we're not adding p-gc as requirement 14:31:21 <alistarle> jokke_: good question, I POC it with glanceclient, but it add a lot of mess (and maybe a circular dependency to add glanceclient as a glance requirements), maybe requests is better 14:32:03 <abhishekk> and also it will be better if we have this discussion in PTG with a proposal/spec up for reference 14:32:20 <jokke_> alistarle: specially as I assume it's just one API call, it probably is fairly simple case 14:32:31 <alistarle> True 14:32:50 <alistarle> Only thing is we need to forward the RequestContext into the tasks API, to use client keystone token to call the remote glance, otherwise we can have a security issue if using admin credentials here 14:33:14 <alistarle> That was my only concern in my patch, that's why I wanted to get your opinion before going further 14:33:33 <jokke_> alistarle: yeah I was just going to say, what you need to pass as the import call body is the auth uri for the target deployment and token 14:34:10 <jokke_> So bit more json parsing there which is annoyance for testing but very trivial to do in client 14:34:23 <alistarle> Hmmm I would say image ID and region is enough, as the token will be valid in all regions 14:34:56 <alistarle> so we can rely on the token the user give use by calling the /import route 14:35:08 <jokke_> alistarle: that's only if you have federated keystone though ... does exclude your second usecase of separate deployments out 14:36:21 <jokke_> so maybe poc it like that to have the mechanics in place and then add the parsing of the body for optional keystone auth uri and token in case the source is actual separate deployment 14:36:50 <alistarle> jokke_: Yep it require ferederated keystone, but do you think it is ok to send a token and auth information in the JSON body of import ? 14:37:25 <jokke_> alistarle: sure, why not. Just need to make sure we don't log it 14:37:33 <abhishekk> alistarle, can you build/submit a proposal for the same with actual solution you are using 14:37:43 <abhishekk> we dont log import body anywhere 14:37:53 <jokke_> no different than sending your token as header on the request itself security wise 14:38:31 <alistarle> Hmm true 14:39:18 <jokke_> that said, I'd implement it only accepting token, not username & password 14:39:28 <jokke_> at least that's timelimited exposure 14:39:35 <alistarle> Ok so I will make a POC and a spec for that, at least it sound good to you :) 14:39:53 <abhishekk> yeah, interesting feature 14:39:54 <alistarle> jokke_: I agree yes 14:39:57 <jokke_> for me, can't speak for abhishekk & rest :P 14:40:04 <abhishekk> :D 14:40:15 <jokke_> but I like the idea 14:40:35 <abhishekk> ++ 14:40:48 <abhishekk> thank you alistarle 14:41:00 <abhishekk> anything else guys 14:41:06 <jokke_> not from me 14:41:25 <abhishekk> croelandt, pdeore ? 14:41:25 <alistarle> That's ok for me too, thanks :) 14:41:45 <pdeore> no, nothing from me too 14:41:48 <abhishekk> One more thing I almost forget to mention 14:42:03 <abhishekk> pdeore, has volunteered to chair the weekly meeting from next week 14:42:13 <abhishekk> thank you very much pdeore 14:42:32 <rosmaita> nice, thank you 14:42:38 <jokke_> \\o \o/ o// o/7 14:42:49 <croelandt> goo for me 14:42:58 <abhishekk> :D 14:43:00 <croelandt> pdeore: congrats! 14:43:11 <rosmaita> croelandt: "goo"? do you mean "goulash"? 14:43:25 <abhishekk> thank you all 14:43:28 <pdeore> Thanks to you abhishekk for believing on me :) 14:43:41 <croelandt> rosmaita: I always want goulash 14:43:46 <jokke_> croelandt: I'm sure she will let you chair one every once in a while if you ask nicely 14:43:56 <abhishekk> haha 14:43:56 <croelandt> jokke_: what if I don't ask? 14:44:18 <jokke_> croelandt: then you better not miss one ... we're good at voluntolding people :P 14:44:27 <abhishekk> then we have different role for you :D 14:44:28 <pdeore> :D :D 14:44:50 <croelandt> there is no escaping the pain 14:45:00 <abhishekk> absolutely not :P 14:45:17 <abhishekk> lets wrap up for the day, thank you again 14:45:22 <abhishekk> have a nice weekend ahead 14:45:27 <jokke_> thanks all 14:45:35 <abhishekk> #endmeeting