#openstack-swift log

21:01:01 <timburke__> #startmeeting swift
21:01:01 <opendevmeet> Meeting started Wed Jun 29 21:01:01 2022 UTC and is due to finish in 60 minutes.  The chair is timburke__. Information about MeetBot at http://wiki.debian.org/MeetBot.
21:01:01 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
21:01:01 <opendevmeet> The meeting name has been set to 'swift'
21:01:08 <timburke__> who's here for the swift meeting?
21:01:30 <mattoliver> o/
21:03:27 <timburke> you and me, man ;-)
21:03:34 <timburke> as usual, the agenda's at https://wiki.openstack.org/wiki/Meetings/Swift
21:03:45 <timburke> (thanks for updating it mattoliver)
21:03:52 <mattoliver> Nps
21:04:01 <timburke> #topic tempurl digests
21:04:49 <kota> hello, sorry for late
21:05:01 <mattoliver> The swift client one has landed. There is the backport and your patch to make the deprecation softer.
21:05:15 <mattoliver> Hey kota o/
21:05:15 <timburke> how are we feeling about https://review.opendev.org/c/openstack/swift/+/845862 ? the idea there is basically to make the deprecation of sha1 a little more gradual
21:05:28 <timburke> no worries, kota -- glad to have you :-)
21:06:43 <timburke> the runtime warning is a little funny
21:06:59 <timburke> i meant to start emitting stats for which digest algorithm was in use for each authorized request, but haven't gotten around to writing the patch -- might be a better way to capture the same idea
21:08:11 <mattoliver> Well we're already running the deprecation patch, but it was a little frantic making sure we put sha1 back, just in case.. so I guess it makes sense (not that we need it now, but I feel for others rolling it out like I was responsible for) 😜
21:08:42 <mattoliver> Oh interesting
21:08:57 <mattoliver> That would tell us what's in use which is pretty cool
21:10:54 <mattoliver> As a metric I assume or log?
21:11:10 <timburke> yeah, metric -- a simple counter
21:13:03 <mattoliver> I like the idea, not sure it would be a replacement of that patch, but would complement it, ie knowing when to drerecate a digest.
21:14:06 <timburke> i'm still torn about how to advertise the deprecation, though -- i don't like having the default trigger a warning, nor pushing ops to configure something they previously were content to leave unconfigured (doubly so when we have every expectation that it will need to change again at some point -- surely eventually we'll need to deprecate the sha2 family, even if it's years off)
21:16:52 <mattoliver> True
21:16:56 <timburke> i probably just need to let go of my desire to have the default config not emit warnings. maybe i just add sha1 back to the default-allowed list (so we warn on start-up) and drop the runtime warnings...
21:18:10 <timburke> couple it with a metrics patch and ops should be able to feel confident about either explicitly configuring the algos without sha1, or upgrading to a swift that removes it from the default
21:19:28 <mattoliver> Yeah, if and it'll only warn until it's fully deprecated and removed... then they'll get other run time errors when using sha1 😜
21:20:23 <timburke> on the backport, i'm a little worried that the py2 func test is going to be difficult to get passing... but i'm also not clear on what changed to trip the RETRY_LIMITs
21:20:33 <mattoliver> Still giving them a sense of, well what digests are being used in my cluster would make them happier rather then flying blind like now.
21:21:05 <mattoliver> Oh that dang py2 stuff
21:23:39 <timburke> adding back support for sha1 by default server-side may also obviate the client issue, though -- presumably ironic's grenade jobs would be happy again
21:24:14 <mattoliver> well that's true.. maybe we fully derprecate sha1 when py2 is out of stable :P
21:25:09 <kota> sounds reasonable
21:25:34 <timburke> like, it's still not great -- i'm not sure whether we could land *any* client backports at the moment, which can't be terribly good. but at least we can continue kicking that can down the road a bit :P
21:26:27 <timburke> all right, i think i've got what i need to move forward on tempurl
21:26:36 <timburke> #topic formpost digests
21:26:58 <timburke> the next guy in the chain was to deprecate sha1 sigs
21:27:00 <timburke> #link https://review.opendev.org/c/openstack/swift/+/833713
21:27:13 <mattoliver> lol, back to this again :P
21:27:25 <mattoliver> well first I need to rebase it.
21:27:46 <timburke> and i'm thinking we'll want to stack it on top of a rework of the tempurl deprecation
21:28:13 <mattoliver> we've also only just added the new digests.. so do we need to wait some time, or go with the tempurl, warn on startup
21:28:15 <mattoliver> yeah
21:28:24 <timburke> but i think it'll come out looking very similar, with sha1 still enabled by default, but emitting warnings on startup
21:28:38 <mattoliver> +100
21:28:49 <mattoliver> and possible digest metrics?
21:29:05 <timburke> yes! good call
21:29:24 <timburke> i also still need to review the client patch
21:29:27 <timburke> #link https://review.opendev.org/c/openstack/python-swiftclient/+/833954
21:29:35 <mattoliver> either way, follow the tempurl path how ever that turns out :)
21:30:03 <mattoliver> oh yeah, please so, before the next client release anyway. Nice to get that in
21:30:21 <mattoliver> then at some point we can remove the sig generation from the server side
21:30:42 <timburke> #topic backend ratelimiting
21:31:12 <timburke> i don't think we've had much progress here, unfortunately. acoles is back this week, so he might be able to push on it some, though
21:31:54 <timburke> mattoliver and clayg both seem to like how it looks so far, though! so it's a good sign
21:32:10 <timburke> #topic ring v2
21:32:51 <timburke> i still want to make some progress on this, see if we can get some improvements ahead of our next expansion
21:33:00 <timburke> #link https://review.opendev.org/c/openstack/swift/+/834261
21:34:31 <mattoliver> yeah
21:34:31 <mattoliver> wasn't sure if he'd be here or not today
21:34:31 <mattoliver> I started going through it late yesterday arvo. We have a bunch more test coverage which is awesome
21:34:58 <mattoliver> There is an warning log that we're not covering but also not sure we can get to it..it's not a major issue, but want to poke at it.
21:35:45 <mattoliver> So I hope to have a proper (maybe final?) review done today
21:36:02 <timburke> \o/ thanks mattoliver, that'll be great
21:36:48 <timburke> then we can try restacking the last-part table patch on top :-)
21:36:57 <mattoliver> timburke: you and I have spent the most time on this.. but we've also given a lot of time for people to read and comment.. so getting close to say, lets land it when it looks good for us.
21:37:06 <mattoliver> yeah, totally
21:38:01 <timburke> all right, that's all i've got
21:38:07 <timburke> #topic open discussion
21:38:14 <timburke> anything else we should bring up this week?
21:39:26 <timburke> all right, i'll let you get back to your mornings :-)
21:39:36 <timburke> thank you for coming, and thank you for working on swift!
21:39:40 <timburke> #endmeeting
21:39:59 <timburke__> #endmeeting