14:00:16 <pranali> #startmeeting glance
14:00:16 <opendevmeet> Meeting started Thu Jan 11 14:00:16 2024 UTC and is due to finish in 60 minutes.  The chair is pranali. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:16 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:16 <opendevmeet> The meeting name has been set to 'glance'
14:00:16 <pranali> #topic roll call
14:00:16 <pranali> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:26 <pranali> o/
14:00:34 <mrjoshi> o/
14:00:53 <croelandt> o/
14:01:34 <pranali> lets wait few minutes for others to join
14:03:35 <pranali> abhishekk, dansmith , rosmaita we are starting
14:03:42 <rosmaita> o/
14:03:49 <rosmaita> (thanks for the ping!)
14:03:52 * abhishekk in different meeting
14:04:00 <pranali> :)
14:04:05 <pranali> ok, let's start then
14:04:09 <pranali> #topic Updates
14:04:30 <pranali> 2024.2 virtual PTG dates are announced, it will take place during April 8-12, 2024
14:04:32 <pranali> #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/MIK6GXZXUFS5M3UOVILLDNDGURGH7UQV/
14:04:45 <pranali> I've registered our team for the same
14:05:13 <pranali> moving to next
14:05:16 <pranali> #topic release/periodic jobs update
14:05:35 <pranali> We are in M2 release week and we are tagging m2
14:05:43 <pranali> release patch is submitted
14:05:44 <pranali> #link https://review.opendev.org/c/openstack/releases/+/905219
14:06:12 <pranali> Periodic jobs are all green except TIME_OUT for fips jobs
14:06:42 <pranali> couldn't find the exact cause , need to dig more on this
14:07:08 <pranali> moving to next
14:07:13 <pranali> #topic length of image additional properties values (rosmaita)
14:07:25 <pranali> bug: #link https://bugs.launchpad.net/glance/+bug/2048103
14:07:43 <rosmaita> this came up in a potential security bug, that was discussed and decided could be worked in the open
14:07:44 <pranali> related ML discussion thread: #link https://lists.openstack.org/archives/list/openstack-discuss@lists.openstack.org/thread/B7UET4JKHQU5SHH44KLSKHFBMFN3ZZYV/#B7UET4JKHQU5SHH44KLSKHFBMFN3ZZYV
14:08:23 <rosmaita> the issue is that we have no formal restriction on the length of image additional properties
14:08:42 <rosmaita> the only restriction is the db length of 65535 bytes
14:09:29 <rosmaita> so, it's possible to stuff a lot of junk into additional image properties and cause performance slowdown when doing image-detail-list
14:10:21 <rosmaita> we decided it's not a security issue because there's a config setting limiting the max number of properties per image
14:10:34 <rosmaita> and we have quota on how many images a project can own
14:11:17 <rosmaita> in that ML thread, we discussed limiting the length to 255
14:11:29 <rosmaita> erno was against that in his reply
14:11:51 <rosmaita> on the other hand, we also asked for use cases for really long image property values, and no one responded
14:12:03 <rosmaita> so my aim here is to bring up the issue
14:12:27 <croelandt> It would be interesting to have a vague idea of how these properties are used in real life
14:12:30 <rosmaita> and see if maybe we want to put some kind of limit, maybe 512 bytes or 1024 bytes or something
14:12:37 <rosmaita> croelandt: exactly
14:12:39 <croelandt> and how many of them/what their size is in a real use case
14:13:09 <croelandt> The rule of thumb here is that if it is possible to do X and you remove X, someone is going to complain
14:13:14 <croelandt> (insert relevant XKCD)
14:13:22 <rosmaita> the person who proposed the patch and started that ML thread ran into an issue where some kind of tool wanted to put a really long value
14:13:48 <rosmaita> so they wanted to add it to their volume's image_metadata before uploading the volume as an image
14:14:15 <rosmaita> but cinder wouldn't let them add it (had a 255 char limit)
14:15:15 <rosmaita> cinder decided to open up the limit to 65535 bytes because cinder *was* allowing really long values when you created a volume from an image ... it basically copied over all the image properties as volume image_metadata without complaining
14:15:25 <rosmaita> so we went for symmetry
14:15:45 <rosmaita> but my point is, i guess, that the patch author was willing to consider the 255 char limit
14:15:59 <rosmaita> so i guess it wasn't that big a deal?
14:16:43 <rosmaita> in any case, we know of 1 person using image metadata of len > 255 chars, i will reach out to him and find out what the use case is exactly
14:17:04 <rosmaita> so to summarize:
14:17:52 <rosmaita> the glance team feels like given the limits on number of properties per image, and number of images per project, we don't need to do an emergency change
14:18:17 <rosmaita> instead, we should gather info about the use cases and see if some kind of limit < 65535 bytes makes sense
14:18:23 <rosmaita> (end of summary)
14:18:49 <rosmaita> (and i will shut up now)
14:19:11 <croelandt> could we have a summary of the summary?
14:19:21 <croelandt> Seriously, it makes sense not to rush anything
14:19:54 <croelandt> It's not a security issue, and if some malicious user uses this "feature" to cause performance issues or whatever, I guess the admin can permaban them and that's it :)
14:20:35 <pranali> yeah agreed
14:21:46 <croelandt> Shall we move on?
14:22:36 <rosmaita> nothing more from me about this
14:22:51 <pranali> ohh yeah
14:22:54 <pranali> moving ahead
14:22:56 <pranali> #topic Spec Reviews
14:23:43 <pranali> so again , reminder for the spec reviews incase if you have not yet given your vote :)
14:23:46 <pranali> #link https://review.opendev.org/c/openstack/glance-specs/+/899804 - [Spec Lite] Deprecate location strategy
14:23:46 <pranali> #link https://review.opendev.org/c/openstack/glance-specs/+/899805 - [Spec Lite] Deprecate cachemanage middleware
14:23:46 <pranali> #link https://review.opendev.org/c/openstack/glance-specs/+/899367 - Use Centralized database for cache operations
14:23:46 <pranali> #link https://review.opendev.org/c/openstack/glance-specs/+/899856 - Image Encryption
14:23:47 <pranali> #link https://review.opendev.org/c/openstack/glance-specs/+/899857 - Caracal project priorities
14:24:30 <pranali> today is the last day for approving specs, so if I don't see any objection on the specs today, I will go ahead and approve it tmrw
14:24:35 * croelandt still has the centralized DB to review
14:25:05 <pranali> we need reviews on Image Encryption as well
14:25:24 <rosmaita> i will take an action to review image encryption spec
14:25:44 <pranali> Thanks
14:25:54 <pranali> The implementation patch is also up for the same
14:26:08 <pranali> #link https://review.opendev.org/c/openstack/glance/+/902648
14:26:13 <rosmaita> i didn;t have any objections to the spec-lites, but i didn't feel like i had enough context to give a positive vote
14:27:22 <pranali> ohh
14:30:26 <pranali> do you want it to be more elaborative ?
14:31:12 <rosmaita> no, the problem is that i missed the ptg discussion and didn't want to dig in further
14:31:21 <pranali> ohh ok ok
14:32:22 <pranali> let's move to open discussion
14:32:28 <pranali> #topic Open Discussion
14:33:05 <pranali> I have updated the new location api patch with the suggested changes,
14:33:07 <pranali> #link https://review.opendev.org/c/openstack/glance/+/886749/33/glance/async_/flows/location_import.py
14:34:00 <dansmith> the nova patch was merge-failing yesterday and thus has no test results after the latest changes
14:34:03 <pranali> and nova-ceph-multistore job is also passing on the nova POC patch
14:34:04 <dansmith> have you got that worked out?
14:34:05 <pranali> #link https://review.opendev.org/c/openstack/nova/+/891207
14:34:15 <dansmith> it was complaining about one of the deps, which I assume was maybe the client patch
14:34:24 <dansmith> ah, I see, good
14:34:36 <pranali> yeah
14:35:47 <pranali> it was because of glance patches, few jobs were failed with some other issues
14:36:13 <pranali> that's it from me for today !
14:36:58 <croelandt> Thanks!
14:37:06 <pranali> anyone has anything else ?
14:38:43 <mrjoshi> nothing from me
14:38:43 <pranali> ok, so let's conclude for the day then
14:38:51 <pranali> Thanks everyone for joining !!
14:38:59 <pranali> #endmeeting