| *** akekane_ is now known as abhishekk | 06:32 | |
| *** slaweq_ is now known as slaweq | 08:29 | |
| *** Steap_ is now known as croelandt | 13:40 | |
| abhishekk | #startmeeting glance | 14:00 |
|---|---|---|
| opendevmeet | Meeting started Thu Jul 1 14:00:37 2021 UTC and is due to finish in 60 minutes. The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:00 |
| opendevmeet | The meeting name has been set to 'glance' | 14:00 |
| croelandt | o/ | 14:00 |
| abhishekk | #topic roll call | 14:00 |
| abhishekk | #link https://etherpad.openstack.org/p/glance-team-meeting-agenda | 14:00 |
| dansmith | o~ | 14:00 |
| abhishekk | o/ | 14:00 |
| rosmaita | o/ (though i am not really paying attention) | 14:01 |
| abhishekk | lets wait couple of minutes for others | 14:01 |
| croelandt | wait we're supposed to pay attention? | 14:01 |
| croelandt | this job keeps getting harder | 14:01 |
| jokke_ | o/ | 14:01 |
| abhishekk | cool | 14:02 |
| abhishekk | lets start | 14:02 |
| abhishekk | #topic Updates | 14:02 |
| abhishekk | VPTG is announced - October 18-22, 2021! | 14:02 |
| abhishekk | #link https://openinfra-ptg.eventbrite.com | 14:03 |
| abhishekk | Registration is open as well | 14:03 |
| abhishekk | #topic release/periodic jobs update | 14:03 |
| abhishekk | M2 2 weeks from now | 14:03 |
| abhishekk | Same goes for spec freez | 14:03 |
| abhishekk | Policy refactoring spec is waiting for reviews, kindly have a look (it already has 2 +2s and 1 -1) | 14:04 |
| abhishekk | We need to get it merged in 2 weeks | 14:04 |
| abhishekk | Periodic jobs, all green, so we haven't broke anything yet :D | 14:05 |
| abhishekk | #topic M2 Target progress check | 14:05 |
| abhishekk | Unified quota spec | 14:05 |
| abhishekk | Good progress and most of the patches are merged | 14:05 |
| abhishekk | we have docs and releasenote up as well | 14:06 |
| jokke_ | I got distracted from the cache api work, should have patch up today | 14:06 |
| abhishekk | ack | 14:06 |
| abhishekk | For cache-api glanceclient spec needs reviews so that it can be merged | 14:06 |
| abhishekk | I think we should move client support for cache API to M3 | 14:07 |
| jokke_ | kk | 14:07 |
| abhishekk | and only target server side changes in this milestone | 14:07 |
| abhishekk | moving ahead | 14:07 |
| abhishekk | #topic Policy refactoring | 14:07 |
| abhishekk | Master spec: https://review.opendev.org/c/openstack/glance-specs/+/796753 | 14:08 |
| abhishekk | There are some concerns raised by jokke_ and provided answers as well | 14:08 |
| abhishekk | jokke_, kindly have a look to get it moving | 14:08 |
| abhishekk | Tests refactoring lite spec: https://review.opendev.org/c/openstack/glance-specs/+/797593/1 | 14:08 |
| abhishekk | Patch for this change is already in gate, I will move this dependency on the policy refactoring spec so that we can get this merged | 14:09 |
| abhishekk | Authorization layer and its use? | 14:09 |
| abhishekk | I am seeing most of the concerns are about authorization layer | 14:09 |
| abhishekk | AFAIK we have similar kind of checks in db layer as well | 14:10 |
| abhishekk | I am going to write on lite spec which will highlight how we are going to move out of authorization layer | 14:10 |
| dansmith | are you thinking about the hard-coded "is admin or owner" checks on db update? | 14:10 |
| abhishekk | we already have it on delete | 14:11 |
| abhishekk | so similar we can have on update as well, know? | 14:11 |
| jokke_ | dansmith: yeah update and destroy are covered on the sqlalhemy api | 14:11 |
| dansmith | yeah, this: https://github.com/openstack/glance/blob/master/glance/db/sqlalchemy/api.py#L135 | 14:12 |
| abhishekk | yeah | 14:12 |
| dansmith | that's obviously going to have to change in order to do secure rbac | 14:12 |
| abhishekk | Lets keep secure rbac out as of now | 14:13 |
| abhishekk | So AFAIK we have these mutation checks in db for metadefs also | 14:14 |
| abhishekk | Lets discuss this on the lite-spec, I will try to have it up for review by tomorrow EOD | 14:15 |
| abhishekk | anything else? | 14:16 |
| abhishekk | I take that as know, moving ahead | 14:17 |
| abhishekk | #topic Bi-weekly Bug discussion (4th Meet) | 14:17 |
| abhishekk | While analyzing metadef code for policy refactor related changes I found that couple of APIs does not have full client support | 14:17 |
| abhishekk | glanceclient has no support to add/specify description while creating metadef object using md-object-create command. | 14:17 |
| abhishekk | #link https://docs.openstack.org/api-ref/image/v2/metadefs-index.html?expanded=create-object-detail,create-property-detail,create-namespace-detail#create-object | 14:18 |
| abhishekk | and second one is more critical | 14:18 |
| abhishekk | glanceclient has no support to add 'type' while creating md-property for namespace using md-property-create command | 14:18 |
| croelandt | is there a bug open for these 2 issues? | 14:19 |
| abhishekk | So type is required property for creating metadef properties | 14:19 |
| abhishekk | croelandt, no, need to report it | 14:19 |
| abhishekk | I found these issues around midnight | 14:19 |
| abhishekk | #link http://paste.openstack.org/show/807083/ | 14:20 |
| abhishekk | So both these issues needs to be reported and fixed on priority | 14:20 |
| abhishekk | Also I am wondering now usage of metadef APIs | 14:21 |
| jokke_ | I think that just tells quite obvious story how widely those commands are used ;) | 14:21 |
| abhishekk | exactly | 14:21 |
| abhishekk | our devstack uses glance-manage command to load the metadefs from json file | 14:22 |
| abhishekk | I am not sure how others are using it (or really using it) | 14:22 |
| abhishekk | There might be more issues around metadefs, I will have more close look at the code | 14:23 |
| abhishekk | That's it from me today | 14:23 |
| abhishekk | moving to Open discussion | 14:23 |
| abhishekk | #topic Open discussion | 14:23 |
| abhishekk | Nothing from me | 14:24 |
| jokke_ | abhishekk: I think those two you mentioned above are great bugs to include in your list of low hanging fruit and not necessarily something we need to spend our time urgently | 14:24 |
| abhishekk | croelandt, I have mentioned these issues in our bug tracker as well | 14:24 |
| rajiv_mucheli_ | Hi jokke_ any update on the swift bugs i raised ? | 14:25 |
| croelandt | abhishekk: thanks | 14:25 |
| croelandt | jokke_: yeah, they could go into the "for interns" pile :D | 14:25 |
| jokke_ | rajiv_mucheli_: I have revert of that change that broke the trusts in review waiting. Thanks for figuring that out | 14:26 |
| abhishekk | jokke_, I also thought about that, lets see | 14:26 |
| jokke_ | rajiv_mucheli_: can move on with the rest once we get over that bump | 14:26 |
| rajiv_mucheli_ | oh ok, we tried few code changes to fix bulk deletes but had no luck, would increasing the delete_concurrency in swift help ? | 14:27 |
| jokke_ | rajiv_mucheli_: I'm not sure. Either that or we need to start throttling the bulk deletes in Glance side to give swift room to get them done. | 14:28 |
| jokke_ | rajiv_mucheli_: I think the delete_concurrency is good place to start as in general swift is very good with lot of parallel operations and performs better that way than serialized | 14:29 |
| jokke_ | But I'm not sure how far that needs to be stretched if we're talking about 400GiB NFV image or something, so we might need to throttle it anyways from our side | 14:30 |
| abhishekk | anything else guys otherwise we can use remaining time in reviews | 14:32 |
| rajiv_mucheli_ | okay, i will try this | 14:32 |
| abhishekk | cool, lets warp this up | 14:33 |
| abhishekk | thank you all! | 14:33 |
| abhishekk | have a nice weekend ahead | 14:33 |
| abhishekk | #endmeeting | 14:34 |
| opendevmeet | Meeting ended Thu Jul 1 14:34:09 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 14:34 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/glance/2021/glance.2021-07-01-14.00.html | 14:34 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/glance/2021/glance.2021-07-01-14.00.txt | 14:34 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/glance/2021/glance.2021-07-01-14.00.log.html | 14:34 |
| gagehugo | #startmeeting security | 15:00 |
| opendevmeet | Meeting started Thu Jul 1 15:00:14 2021 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'security' | 15:00 |
| gagehugo | #link https://etherpad.opendev.org/p/security-agenda agenda | 15:00 |
| gagehugo | o/ | 15:00 |
| fungi | ohai | 15:01 |
| gagehugo | hi | 15:02 |
| fungi | i stuck something on the agenda in case we don't have anything else to talk about | 15:02 |
| gagehugo | I hope everything is going alright over there | 15:03 |
| gagehugo | I saw, it's an interesting read | 15:03 |
| gagehugo | #link https://github.com/irsl/gcp-dhcp-takeover-code-exec | 15:03 |
| gagehugo | The only topic I had was related to the discussions about moving the irc meetings to their respective channels | 15:06 |
| gagehugo | Is that something we could do? Move the weekly meeting to #openstack-security? | 15:06 |
| fungi | we can if you want, the channel is very low traffic already anyway | 15:07 |
| fungi | i have no real preference | 15:07 |
| gagehugo | yeah | 15:07 |
| fungi | i'm in both channels so it doesn't really matter to me which we use | 15:08 |
| gagehugo | Plus I figured that frees us up for more timeslots too if we want to move the meeting | 15:08 |
| gagehugo | I know this is the tc meeting time too | 15:08 |
| gagehugo | and I have a work meeting I'm always double booked in | 15:08 |
| gagehugo | so that may be the next step | 15:08 |
| fungi | yep, same slot as the tc meeting | 15:10 |
| gagehugo | ok, I'll make the modifications then to move the meeting channel, then we can talk about moving the meeting time | 15:11 |
| gagehugo | probably in the ML | 15:11 |
| fungi | cool | 15:15 |
| fungi | thanks! | 15:15 |
| gagehugo | Do you have anything else you want to discuss? | 15:15 |
| fungi | nah, just wanted to bring up the gcp dhcp vulnerability as the sort of thing we should be keeping an eye out for, even though i don't think openstack deployments are specifically vulnerable to that exactly | 15:16 |
| gagehugo | Ok | 15:20 |
| gagehugo | Thanks fungi! | 15:20 |
| gagehugo | #endmeeting | 15:21 |
| opendevmeet | Meeting ended Thu Jul 1 15:21:05 2021 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:21 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/security/2021/security.2021-07-01-15.00.html | 15:21 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/security/2021/security.2021-07-01-15.00.txt | 15:21 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/security/2021/security.2021-07-01-15.00.log.html | 15:21 |
| fungi | thanks as always, gagehugo! | 15:21 |
Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!