21:01:47 <timburke> #startmeeting swift 21:01:47 <opendevmeet> Meeting started Wed Apr 20 21:01:47 2022 UTC and is due to finish in 60 minutes. The chair is timburke. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:01:47 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 21:01:47 <opendevmeet> The meeting name has been set to 'swift' 21:01:57 <timburke> who's here for the swift meeting? 21:02:15 <mattoliver> o/ 21:02:22 <kota> o/ 21:03:52 <timburke> as usual, the agenda's at 21:03:54 <timburke> #link https://wiki.openstack.org/wiki/Meetings/Swift 21:03:59 <timburke> first up 21:04:05 <timburke> #topic pyeclib release 21:04:34 <timburke> we have https://github.com/openstack/pyeclib/releases/tag/1.6.1 now! 21:04:42 <mattoliver> \o/ 21:04:49 <kota> great 21:05:51 <timburke> it includes fixes for py310, as well as enabling people to build abi3 wheels (so you can build once for py35, for example, and still be able to install on later minor releases 21:06:35 <timburke> next up 21:06:46 <timburke> #topic s3api security bug 21:07:54 <timburke> i was reviewing some code and noticed that when s3api validates hmacs, it does it with a simple ==, which can reveal information about how much of the signature is valid 21:08:41 <timburke> fix was to use the same streq_const_time() function we've been using in tempurl and formpost 21:08:53 <timburke> thanks for reviewing https://review.opendev.org/c/openstack/swift/+/837773 mattoliver and acoles! 21:09:13 <mattoliver> nps, I learnt something :) 21:09:39 <timburke> the bug has been present as long as we've had s3api in-tree, so i plan on backporting all the way to rocky 21:09:51 <mattoliver> kk 21:11:01 <kota> ok 21:11:18 <timburke> fixes are already merged through victoria; i still need to propose patches for rocky, stein, train, and ussuri 21:11:31 <timburke> but it leads to my next topic... 21:11:38 <timburke> #topic state of the gate 21:12:13 <timburke> i'm pretty sure *every* stable gate was broken the last couple days 21:12:41 <timburke> there were a variety of problems -- the first also affected master 21:13:33 <timburke> basically, a fix for a recent git CVE didn't play well with how devstack installs things 21:13:36 <timburke> #link http://lists.openstack.org/pipermail/openstack-discuss/2022-April/028160.html 21:14:19 <timburke> that's been fixed back through ussuri at least, but it's still working its way through some branches 21:14:47 <timburke> see https://review.opendev.org/c/openstack/devstack/+/838556 and https://review.opendev.org/c/openstack/devstack/+/838679 for example 21:15:49 <timburke> even before that, though, stein through victoria have been broken since the start of the month due to some fixes for https://bugs.python.org/issue43882 21:16:34 <mattoliver> wow, thanks for getting on top of this. 21:16:35 <timburke> and for even longer, pike, queens, and rocky have been broken because they're inexplicably trying to build docs under py3 21:16:45 <mattoliver> I really need to pay more attention to the mailing list again. 21:17:02 <timburke> idk if i've been "on top of this" given how long they've been broken ;-) 21:17:44 <mattoliver> lol, true, when compared to me, you are. But fair point. 21:17:48 <timburke> the good news is, i've got patches to fix things, and we should have a functional gate again by the end of the week (i think) 21:18:04 <mattoliver> nice 21:18:45 <mattoliver> Ill make an active effort to better watch things in the mailing like and check the gerrit dashboard from time to time. 21:18:53 <mattoliver> *mailing list 21:19:35 <timburke> thanks! if anyone's interested in keeping up with stable gate failures, i recommend subscribing to http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-stable-maint and filtering for swift 21:19:57 <mattoliver> kk 21:20:13 <timburke> the main reason i've been prioritizing it is that i've been getting emails everyday about it ;-) 21:20:40 <timburke> all right, that's what i wanted to cover this week 21:20:44 <timburke> #topic open discussion 21:20:51 <timburke> anything else we should bring up? 21:22:39 <timburke> i've been getting more nervous about us dropping some of our extra monkey patching in https://review.opendev.org/c/openstack/swift/+/457110 21:23:16 <timburke> in particular, i rediscovered https://github.com/eventlet/eventlet/issues/546 -- apparently eventlet doesn't/can't green existing locks on py3 21:23:54 <mattoliver> ouch 21:25:56 <kota> :( 21:26:26 <mattoliver> I guess the question is it just doesn't or can't. Ie if the former, is there something we can do for it, provide a patch (or bug the project) or the latter. 21:26:45 <timburke> it's significant to point out that the failure mode is *not* greenthreads blocking more than needed, but rather that existing RLocks (including logging._lock) become basically worthless since the owning pthread is the same between different greenthreads 21:27:20 <timburke> i think i've got the start of an eventlet fix in https://github.com/eventlet/eventlet/pull/754 -- but it's currently only for py310 21:27:59 <mattoliver> ok, well a fix is a good direction. even if we pin to a minimum version of py3 21:28:14 <timburke> i'm going to look at at least greening logging._lock on older pythons, though 21:28:27 <timburke> not sure if there are other rlocks we need to worry about 21:30:03 <mattoliver> yeah, but logging is a great place to start 21:31:17 <mattoliver> wow, what an issue to find., thanks for looking into it and starting to come up with a solution 21:31:22 <mattoliver> need any help? 21:32:22 <timburke> i think i know what i need to do next for it, thanks 21:33:28 <mattoliver> Well I've been playing with a better way to deal with v2 serialiazation/deserialization. More of a stepping stone for if/when we want to start including builder data in the ring, but only load what we want when we only want the ring. Mostly in https://review.opendev.org/c/openstack/swift/+/834423 part of the chain 21:34:50 <mattoliver> still playing with it, but I think it's better then just having it all in one fuction that might need to be repeating in the builder too (when we put builder data structures in the ring too). 21:35:50 <timburke> nice! 21:36:24 <mattoliver> Does bring up some interesting thoughts though. the ring deserialization code needs the dev_bytes length from the "metadata" which is in a different RingSerialization concrete class. 21:37:25 <mattoliver> So metadata needs to come first. I wonder if in this version, the dev_bytes length should actually live with the ring datastructure (but would have to be replicated in the history rings). 21:39:03 <mattoliver> not a major issue, but could make it more self contained. 21:41:35 <mattoliver> the following patch in the chain adds the ring history stuff to the serialization, and seems to add in well to this approach. No change from the ringdata side. Just a new ring indexes and adding the concrete classes. No extra code to the serialization side :) 21:41:58 <timburke> maybe we could do something with the 64-bit length we put at the start of each section? use the top 8 bits to indicate whether the contents should be taken 1, 2, or 4 bytes at a time, then the rest as the number of bytes/words/dwords... 21:42:04 <timburke> nice 21:42:56 <mattoliver> yeah, something like that. or just add an extra 1 byte at the start. Dunno, wanted to feel people out about it. 21:43:22 <mattoliver> 64-bit is rather long, though 21:44:51 <mattoliver> anyway, wanted to play with this, cause interested in taking a look at what it'll look like with some builder components in the ring (so we wouldn't need builders anymore). Ie just give a ring to the ring builder tool. And check that it's v2 ring and act accordingly :) 21:46:19 <timburke> all right, i think i'll call it 21:46:35 <timburke> thank you all for coming, and thank you for working on swift! 21:46:40 <timburke> #endmeeting