21:01:01 <timburke__> #startmeeting swift 21:01:01 <opendevmeet> Meeting started Wed Jun 29 21:01:01 2022 UTC and is due to finish in 60 minutes. The chair is timburke__. Information about MeetBot at http://wiki.debian.org/MeetBot. 21:01:01 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 21:01:01 <opendevmeet> The meeting name has been set to 'swift' 21:01:08 <timburke__> who's here for the swift meeting? 21:01:30 <mattoliver> o/ 21:03:27 <timburke> you and me, man ;-) 21:03:34 <timburke> as usual, the agenda's at https://wiki.openstack.org/wiki/Meetings/Swift 21:03:45 <timburke> (thanks for updating it mattoliver) 21:03:52 <mattoliver> Nps 21:04:01 <timburke> #topic tempurl digests 21:04:49 <kota> hello, sorry for late 21:05:01 <mattoliver> The swift client one has landed. There is the backport and your patch to make the deprecation softer. 21:05:15 <mattoliver> Hey kota o/ 21:05:15 <timburke> how are we feeling about https://review.opendev.org/c/openstack/swift/+/845862 ? the idea there is basically to make the deprecation of sha1 a little more gradual 21:05:28 <timburke> no worries, kota -- glad to have you :-) 21:06:43 <timburke> the runtime warning is a little funny 21:06:59 <timburke> i meant to start emitting stats for which digest algorithm was in use for each authorized request, but haven't gotten around to writing the patch -- might be a better way to capture the same idea 21:08:11 <mattoliver> Well we're already running the deprecation patch, but it was a little frantic making sure we put sha1 back, just in case.. so I guess it makes sense (not that we need it now, but I feel for others rolling it out like I was responsible for) 😜 21:08:42 <mattoliver> Oh interesting 21:08:57 <mattoliver> That would tell us what's in use which is pretty cool 21:10:54 <mattoliver> As a metric I assume or log? 21:11:10 <timburke> yeah, metric -- a simple counter 21:13:03 <mattoliver> I like the idea, not sure it would be a replacement of that patch, but would complement it, ie knowing when to drerecate a digest. 21:14:06 <timburke> i'm still torn about how to advertise the deprecation, though -- i don't like having the default trigger a warning, nor pushing ops to configure something they previously were content to leave unconfigured (doubly so when we have every expectation that it will need to change again at some point -- surely eventually we'll need to deprecate the sha2 family, even if it's years off) 21:16:52 <mattoliver> True 21:16:56 <timburke> i probably just need to let go of my desire to have the default config not emit warnings. maybe i just add sha1 back to the default-allowed list (so we warn on start-up) and drop the runtime warnings... 21:18:10 <timburke> couple it with a metrics patch and ops should be able to feel confident about either explicitly configuring the algos without sha1, or upgrading to a swift that removes it from the default 21:19:28 <mattoliver> Yeah, if and it'll only warn until it's fully deprecated and removed... then they'll get other run time errors when using sha1 😜 21:20:23 <timburke> on the backport, i'm a little worried that the py2 func test is going to be difficult to get passing... but i'm also not clear on what changed to trip the RETRY_LIMITs 21:20:33 <mattoliver> Still giving them a sense of, well what digests are being used in my cluster would make them happier rather then flying blind like now. 21:21:05 <mattoliver> Oh that dang py2 stuff 21:23:39 <timburke> adding back support for sha1 by default server-side may also obviate the client issue, though -- presumably ironic's grenade jobs would be happy again 21:24:14 <mattoliver> well that's true.. maybe we fully derprecate sha1 when py2 is out of stable :P 21:25:09 <kota> sounds reasonable 21:25:34 <timburke> like, it's still not great -- i'm not sure whether we could land *any* client backports at the moment, which can't be terribly good. but at least we can continue kicking that can down the road a bit :P 21:26:27 <timburke> all right, i think i've got what i need to move forward on tempurl 21:26:36 <timburke> #topic formpost digests 21:26:58 <timburke> the next guy in the chain was to deprecate sha1 sigs 21:27:00 <timburke> #link https://review.opendev.org/c/openstack/swift/+/833713 21:27:13 <mattoliver> lol, back to this again :P 21:27:25 <mattoliver> well first I need to rebase it. 21:27:46 <timburke> and i'm thinking we'll want to stack it on top of a rework of the tempurl deprecation 21:28:13 <mattoliver> we've also only just added the new digests.. so do we need to wait some time, or go with the tempurl, warn on startup 21:28:15 <mattoliver> yeah 21:28:24 <timburke> but i think it'll come out looking very similar, with sha1 still enabled by default, but emitting warnings on startup 21:28:38 <mattoliver> +100 21:28:49 <mattoliver> and possible digest metrics? 21:29:05 <timburke> yes! good call 21:29:24 <timburke> i also still need to review the client patch 21:29:27 <timburke> #link https://review.opendev.org/c/openstack/python-swiftclient/+/833954 21:29:35 <mattoliver> either way, follow the tempurl path how ever that turns out :) 21:30:03 <mattoliver> oh yeah, please so, before the next client release anyway. Nice to get that in 21:30:21 <mattoliver> then at some point we can remove the sig generation from the server side 21:30:42 <timburke> #topic backend ratelimiting 21:31:12 <timburke> i don't think we've had much progress here, unfortunately. acoles is back this week, so he might be able to push on it some, though 21:31:54 <timburke> mattoliver and clayg both seem to like how it looks so far, though! so it's a good sign 21:32:10 <timburke> #topic ring v2 21:32:51 <timburke> i still want to make some progress on this, see if we can get some improvements ahead of our next expansion 21:33:00 <timburke> #link https://review.opendev.org/c/openstack/swift/+/834261 21:34:31 <mattoliver> yeah 21:34:31 <mattoliver> wasn't sure if he'd be here or not today 21:34:31 <mattoliver> I started going through it late yesterday arvo. We have a bunch more test coverage which is awesome 21:34:58 <mattoliver> There is an warning log that we're not covering but also not sure we can get to it..it's not a major issue, but want to poke at it. 21:35:45 <mattoliver> So I hope to have a proper (maybe final?) review done today 21:36:02 <timburke> \o/ thanks mattoliver, that'll be great 21:36:48 <timburke> then we can try restacking the last-part table patch on top :-) 21:36:57 <mattoliver> timburke: you and I have spent the most time on this.. but we've also given a lot of time for people to read and comment.. so getting close to say, lets land it when it looks good for us. 21:37:06 <mattoliver> yeah, totally 21:38:01 <timburke> all right, that's all i've got 21:38:07 <timburke> #topic open discussion 21:38:14 <timburke> anything else we should bring up this week? 21:39:26 <timburke> all right, i'll let you get back to your mornings :-) 21:39:36 <timburke> thank you for coming, and thank you for working on swift! 21:39:40 <timburke> #endmeeting 21:39:59 <timburke__> #endmeeting