| *** zzzeek has quit IRC | 00:01 | |
| *** zzzeek has joined #openstack-glance | 00:02 | |
| *** zzzeek has quit IRC | 02:20 | |
| *** zzzeek has joined #openstack-glance | 02:21 | |
| *** zzzeek has quit IRC | 03:02 | |
| *** zzzeek has joined #openstack-glance | 03:06 | |
| *** gyee has quit IRC | 03:33 | |
| *** ratailor has joined #openstack-glance | 04:20 | |
| *** zzzeek has quit IRC | 05:08 | |
| *** zzzeek has joined #openstack-glance | 05:09 | |
| *** udesale has joined #openstack-glance | 05:20 | |
| *** whoami-rajat__ has joined #openstack-glance | 06:03 | |
| *** m75abrams has joined #openstack-glance | 06:13 | |
| *** ralonsoh has joined #openstack-glance | 06:49 | |
| *** CeeMac has joined #openstack-glance | 07:07 | |
| openstackgerrit | Rajat Dhasmana proposed openstack/glance_store master: Validate volume type during image creation https://review.opendev.org/c/openstack/glance_store/+/774703 | 09:15 |
|---|---|---|
| *** ralonsoh has quit IRC | 09:34 | |
| *** ralonsoh has joined #openstack-glance | 09:34 | |
| *** udesale_ has joined #openstack-glance | 10:28 | |
| *** udesale has quit IRC | 10:29 | |
| felixhuettner[m] | Hi everyone, | 10:38 |
| felixhuettner[m] | i have built a fix for glance deleting images that are still in use here: https://review.opendev.org/c/openstack/glance/+/772872 | 10:38 |
| felixhuettner[m] | what would be the best way to proceed from here? | 10:38 |
| *** admin0 has left #openstack-glance | 10:40 | |
| *** k_mouza has joined #openstack-glance | 10:53 | |
| jokke | felixhuettner[m]: let me have a look | 11:28 |
| *** zzzeek has quit IRC | 11:28 | |
| *** zzzeek has joined #openstack-glance | 11:30 | |
| jokke | felixhuettner[m]: bug for that would be amazing to start with. Would be great to get that fixed in stable as well | 11:32 |
| jokke | rosmaita: do you remember wasn't the intention that deactivated image would not be user deletable for investigation? | 11:34 |
| *** k_mouza has quit IRC | 11:49 | |
| *** k_mouza_ has joined #openstack-glance | 11:49 | |
| *** k_mouza_ has quit IRC | 12:03 | |
| *** k_mouza has joined #openstack-glance | 12:03 | |
| openstackgerrit | Stephen Finucane proposed openstack/glance master: Uncap PrettyTable https://review.opendev.org/c/openstack/glance/+/775141 | 12:22 |
| *** ratailor has quit IRC | 12:27 | |
| *** mgagne has quit IRC | 12:52 | |
| *** mgagne has joined #openstack-glance | 12:53 | |
| *** zzzeek has quit IRC | 13:07 | |
| *** zzzeek has joined #openstack-glance | 13:08 | |
| rosmaita | jokke: see the discussion on https://bugs.launchpad.net/glance/+bug/1522524 and https://review.opendev.org/c/openstack/glance/+/256381 | 13:14 |
| openstack | Launchpad bug 1522524 in Glance "User can delete deactivated images" [Wishlist,In progress] - Assigned to Niall Bunting (niall-bunting) | 13:14 |
| rosmaita | jokke: also https://review.opendev.org/c/openstack/glance-specs/+/301015 | 13:16 |
| *** zzzeek has quit IRC | 13:21 | |
| *** zzzeek has joined #openstack-glance | 13:26 | |
| jokke | rosmaita: thanks, I thought You might have better recall of this | 13:42 |
| abhishekk | jokke, rosmaita, smcginnis, dansmith weekly meeting in #openstack-meeting in 5 minutes | 13:53 |
| *** stand has quit IRC | 13:54 | |
| *** m75abrams has quit IRC | 15:01 | |
| openstackgerrit | Abhishek Kekane proposed openstack/glance_store stable/victoria: Adjust requirements and lower-constraints https://review.opendev.org/c/openstack/glance_store/+/775190 | 15:38 |
| -openstackstatus- NOTICE: Recent POST_FAILURE results from Zuul for builds started prior to 15:47 UTC were due to network connectivity issues reaching one of our log storage providers, and can be safely rechecked | 15:50 | |
| openstackgerrit | Cyril Roelandt proposed openstack/glance master: Remove unused option "owner_is_tenant" https://review.opendev.org/c/openstack/glance/+/763920 | 15:53 |
| *** k_mouza_ has joined #openstack-glance | 16:03 | |
| *** k_mouza has quit IRC | 16:05 | |
| *** gyee has joined #openstack-glance | 16:37 | |
| openstackgerrit | Rajat Dhasmana proposed openstack/glance_store master: Validate volume type during image creation https://review.opendev.org/c/openstack/glance_store/+/774703 | 16:51 |
| *** udesale_ has quit IRC | 17:47 | |
| openstackgerrit | Dan Smith proposed openstack/glance master: DNM Test glance_store lazy volume type check https://review.opendev.org/c/openstack/glance/+/775246 | 17:53 |
| dansmith | whoami-rajat__: this ^ should run glance's cinder job against your glance_store patch | 17:53 |
| *** ralonsoh has quit IRC | 17:54 | |
| *** k_mouza_ has quit IRC | 18:05 | |
| lbragstad | is anyone here familiar with the context behind https://docs.openstack.org/glance/latest/configuration/glance_api.html#DEFAULT.show_multiple_locations ? | 19:13 |
| dansmith | lbragstad: I assume you mean the context behind the warning and deprecation? | 19:18 |
| lbragstad | yeah - specifically "You cannot work around this option via policy configuration at the present time, though that is the direction we believe the fix will take. " | 19:18 |
| dansmith | yeah, unsure.. AFAIK, nova requires the ability to view the locations in order to do the right thing in a ceph environment, so I would assume there's some other details here | 19:19 |
| lbragstad | yeah - it seems so | 19:19 |
| lbragstad | i was digging around looking for where those policies are called | 19:19 |
| dansmith | and pretty sure nova uses the user's credentials for that, so can't really use a policy to get around showing it | 19:20 |
| dansmith | my experience in glance has been that nearly everything is enforced at the lowest possible layers | 19:20 |
| dansmith | which I think you already know | 19:20 |
| lbragstad | yeah | 19:20 |
| lbragstad | i see those policies are called here - https://opendev.org/openstack/glance/src/branch/master/glance/api/policy.py#L175 | 19:21 |
| dansmith | that one specifically is different than *seeing* the locations I think | 19:21 |
| lbragstad | which kind of makes sense - make sure the user can set the location | 19:21 |
| dansmith | I think only nova or a turbo admin would be expected to set the location of an image, AFAIK | 19:22 |
| dansmith | not anyone considered a "user" in the usual sense, | 19:22 |
| dansmith | although again, not sure how we let nova do that and not the user, so I'm sure I'm missing something | 19:22 |
| lbragstad | ok - that makes sense | 19:22 |
| lbragstad | well - can nova fetch an image using it's credentials? | 19:22 |
| lbragstad | its8 | 19:23 |
| dansmith | in nova, I think we do that when we do the snapshot directly in rbd and then just tell glance "oh by the way, here's the actual url to that thing" | 19:23 |
| dansmith | I think nova uses the user's credentials for that | 19:23 |
| lbragstad | ah | 19:23 |
| dansmith | otherwise nova would agree to boot things you can't access | 19:23 |
| dansmith | or shouldn't be able to access rather | 19:23 |
| lbragstad | right | 19:24 |
| lbragstad | i could see where fetching an image that has locations set, as a normal end user would fail if the policy for get_image_location was restricted to administrators | 19:24 |
| dansmith | well, AFAIK we should let them download the image if they can see it, | 19:25 |
| dansmith | but being able to see the backend url (i.e. the location) is a very different thing | 19:25 |
| lbragstad | i can't really find anything that enforces the set_image_location policy, then except an error and scrub the locations from the image | 19:25 |
| lbragstad | yeah - exactly | 19:26 |
| lbragstad | i guess i'm wondering if chaining two different policy enforcement calls together in the same API, with conflicting check strings, is the reason for the "this won't work with policy overrides" comment | 19:26 |
| dansmith | yeah idk | 19:27 |
| dansmith | could also be just that since they construct the api from the config, | 19:27 |
| dansmith | they either include them or don't and policy won't let you enable that or not | 19:27 |
| dansmith | there is a lot of config-driven api behavior in glance | 19:28 |
| * lbragstad nods | 19:28 | |
| lbragstad | i need to figure out how https://opendev.org/openstack/glance/src/branch/master/glance/api/policy.py#L274-L319 works depending on show_multiple_locations | 19:29 |
| lbragstad | based on my extremely limited experience spelunking through glance, they seem to be solving similar issues | 19:30 |
| dansmith | oh right, some of this is enforced on layer 32F of "the onion".. I forgot about that | 19:31 |
| lbragstad | i mean - glance puts a direct_url in the image properties, too | 19:31 |
| dansmith | I think that's the same as the location, but when configured for only one backend | 19:32 |
| dansmith | but could be wrong | 19:32 |
| lbragstad | you're probably right, the images i'm looking at only have one backend | 19:32 |
| dansmith | yeah, it's "the best" of the location urls | 19:32 |
| dansmith | https://github.com/openstack/glance/blob/2c893fbd80d0241fad2515221b61266ced12f92d/glance/api/v2/images.py#L1360-L1369 | 19:33 |
| lbragstad | ahh | 19:34 |
| *** rchurch has quit IRC | 19:34 | |
| *** rchurch has joined #openstack-glance | 19:34 | |
| dansmith | lbragstad: we have devstack knobs where you can get a multistore glance configured with ceph and file backends, if you want to poke | 19:38 |
| lbragstad | i should try that | 19:39 |
| dansmith | https://github.com/openstack/nova/blob/master/.zuul.yaml#L370 | 19:39 |
| lbragstad | excellent - thank you | 19:39 |
| dansmith | lbragstad: that job actually kinda does what you want, | 19:39 |
| dansmith | lbragstad: it uploads the cirros image to the file backend, and the first boot in nova makes nova copy the image to the rbd store, so it's in both places | 19:40 |
| dansmith | lbragstad: I would nuke the standalone=True in that devstack config btw | 19:40 |
| dansmith | that's just for coverage, but complicates the setup a bit | 19:41 |
| dansmith | also the whole import_conf part, again just for coverage and you don't need that extra layer either | 19:41 |
| lbragstad | sweet | 19:42 |
| dansmith | it also ups the debug level of oslo.policy because we had to figure out why that policy bit wasn't getting set, which you may also want :) | 19:43 |
| * lbragstad spins up a new env | 19:45 | |
| dansmith | lbragstad: are you asyncing your devstack yet? | 19:45 |
| dansmith | minimal config in five minutes for me :) https://review.opendev.org/c/openstack/devstack/+/771505 | 19:45 |
| lbragstad | yeah - i plan to pull that down | 19:46 |
| lbragstad | i haven't redeployed since you posted that | 19:46 |
| lbragstad | btw - thanks for all the work you've been doing to speed things up and starting the thread on openstack-discuss | 19:47 |
| lbragstad | i contribute minimally to projects like neutron, but i recently experienced the recheck pain and lag time | 19:48 |
| dansmith | thanks :) | 19:49 |
| dansmith | I really just want my patches to get test results faster, but glad it *looks* altruistic :P | 19:49 |
| lbragstad | spending half the week having a staring contest with zuul isn't exactly fun for anyone | 19:56 |
| dansmith | it's about my least favorite thing | 19:56 |
| dansmith | I run dash.py on a monitor above my normal ones and it's super depressing to see a stack of my own patches with no jobs running, which have been in the queue for four hours already | 19:56 |
| * lbragstad nods | 19:58 | |
| lbragstad | dansmith semi-related nova question - but the password associated to instance metadata is the password used to access the instance, if nova is configured to do so, right? | 20:14 |
| dansmith | yeah, but nowadays it requires something to process that, like cloud-init.. not sure if it does or not | 20:15 |
| dansmith | I always use ssh keys of course | 20:15 |
| lbragstad | https://opendev.org/openstack/nova/src/branch/master/nova/api/metadata/password.py#L84 | 20:15 |
| lbragstad | ok - interesting | 20:15 |
| dansmith | yeah, I think it's encrypted using the public part of the ssh host key, IIRC | 20:15 |
| dansmith | so that you can decrypt it inside the guest only with access to the private-to-system credentials | 20:16 |
| lbragstad | ok - cool | 20:17 |
| dansmith | I haven't looked at that stuff since probably grizzly, so it could be quite different by now, not sure | 20:17 |
| *** sangeet has joined #openstack-glance | 21:08 | |
| sangeet | I have glance train deployed. I am not able to upload images bigger than 5GB via cli (--file option). I get " ERROR glance.common.wsgi Got error from Swift: put_object('glance', 'e7b58c3e-3894-46bb-b8a8-a3798ca6446c-00023', ...) failure and no ability to reset contents for reupload." Any suggestions | 21:09 |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: trivial: Fix a typo in devstack plugin.sh https://review.opendev.org/c/openstack/glance/+/775276 | 21:09 |
| *** rcernin has joined #openstack-glance | 21:20 | |
| sangeet | Please help ^^ | 21:40 |
| *** k_mouza has joined #openstack-glance | 21:51 | |
| *** k_mouza has quit IRC | 21:56 | |
| *** gmann is now known as gmann_afk | 22:10 | |
| lbragstad | dansmith you're saying if i create an instance and then take a backup, nova should tell glance to put it in rbd even though the original image lives in the file backend? | 22:15 |
| dansmith | lbragstad: you mean snapshot not backup right? | 22:15 |
| *** k_mouza has joined #openstack-glance | 22:15 | |
| dansmith | lbragstad: if you have nova configured to use the same rbd pool as glance, nova should have asked glance to put it in rbd before it booted the instance | 22:16 |
| dansmith | if it didn't you might have caused nova to download an re-upload the image to rbd itself, which is pathologically bad behavior (and why we have a knob to disable that), but in that case, yes, nova will still snapshot in rbd and inform glance | 22:17 |
| dansmith | never_download_image_if_on_rbd: True | 22:17 |
| dansmith | this ^ should prevent nova from doing the stupid thing | 22:17 |
| * lbragstad checks | 22:17 | |
| *** k_mouza has quit IRC | 22:22 | |
| lbragstad | gah - glance isn't configured for multi-store because i misconfigured local.conf | 22:24 |
| lbragstad | nevermind - redeploying, and i'll try that all again... | 22:24 |
| *** PrinzElvis has quit IRC | 22:41 | |
| *** PrinzElvis has joined #openstack-glance | 22:41 | |
| *** gmann_afk is now known as gmann | 23:11 | |
| openstackgerrit | Lance Bragstad proposed openstack/glance master: WIP: Modify download_image policy to be read-only https://review.opendev.org/c/openstack/glance/+/775296 | 23:29 |
| *** whoami-rajat__ has quit IRC | 23:43 | |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!