#openstack-meeting log

14:00:01 <abhishekk> #startmeeting glance
14:00:03 <openstack> Meeting started Thu Apr  9 14:00:01 2020 UTC and is due to finish in 60 minutes.  The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:00:06 <openstack> The meeting name has been set to 'glance'
14:00:06 <abhishekk> #topic roll call
14:00:15 <abhishekk> #link https://etherpad.openstack.org/p/glance-team-meeting-agenda
14:00:18 <abhishekk> o/
14:01:53 <jokke_> o/
14:02:07 <abhishekk> looks like two of us
14:02:22 <abhishekk> wait for 2-3 minutes for rosmaita and smcginnis
14:02:41 <jokke_> yeah
14:03:11 <rosmaita> sorry, wasn't paying attention
14:03:29 <abhishekk> no problem, lets start
14:03:30 <abhishekk> #topic Updates
14:03:42 <abhishekk> I have created PTG etherpad,
14:03:55 <abhishekk> #link https://etherpad.openstack.org/p/Glance-Victoria-PTG-planning
14:04:09 <abhishekk> Will publish it to openstack-discuss mailing list as well
14:04:41 <abhishekk> Likely virtual PTG will be scheduled to start one week before from actual dates (not sure yet)
14:04:56 <abhishekk> Feel free to add topics to PTG for discussion
14:05:08 <abhishekk> Moving ahead
14:05:19 <abhishekk> #topic release/periodic jobs update
14:05:36 <smcginnis> o/
14:05:38 <abhishekk> This is Ussuri milestone 3 release week
14:05:42 <abhishekk> smcginnis, o/
14:05:56 <abhishekk> We still have couple of specs open
14:06:09 <abhishekk> 1. checksum computation
14:06:17 <abhishekk> 2. deprecate admin role
14:07:15 <abhishekk> IMO we should move deprecate admin role to next cycle
14:07:29 <abhishekk> what is your opinion about the same
14:07:41 <rosmaita> would rather deprecate now so we can remove next cycle
14:08:13 <smcginnis> If it's not a lot of work to just add the deprecation message, I think we should get it done.
14:08:26 <rosmaita> i think i already have patch up for that
14:08:48 <abhishekk> rosmaita, have you seen jokke_ comment on the specs
14:08:57 <rosmaita> no
14:09:14 <abhishekk> this is the link of etherpad with important patches, https://etherpad.openstack.org/p/glance-ussuri-important_patches
14:10:19 <abhishekk> jokke_, smcginnis I would like to have  your views on checksum computation specs
14:10:24 <rosmaita> i don't understand jokke_'s comment
14:10:29 <abhishekk> #link https://review.opendev.org/708761
14:10:43 <rosmaita> because if we change the default value, we need to give warning about that as well
14:11:05 <rosmaita> and i think my release note addresses that?
14:11:27 <rosmaita> https://review.opendev.org/#/c/716078/
14:12:19 <abhishekk> jokke_, rosmaita, smcginnis as per our glance-specs standard I can not get specs in unless every core voted +2 on it
14:12:32 <jokke_> What I'm saying is that while not under Embargo this is valid security concern and we should address is asap, not just make a note an expect deployers to act on it
14:12:36 <jokke_> all I'm saying
14:13:24 <jokke_> it's not like CVE worthy but definitely something we could do much better for our users
14:13:33 <abhishekk> Tomorrow will be holiday and most of the people will be on leave on Monday due to Easter, so I would like to have this decision made by today
14:14:17 <rosmaita> well, in the default config, you don't see any difference at all
14:14:33 <jokke_> I can't remember if it's still the case but iirc Glance treated project admin as admin in this regard
14:15:08 <rosmaita> it depends on how you make someone a "project admin"
14:15:34 <rosmaita> besides, i talked about this in public at the denver ptg
14:15:43 <rosmaita> or summit, rather
14:15:53 <rosmaita> there's even a slide making this exact point
14:16:31 <jokke_> rosmaita: indeed ... so how changing the default value based on this issue would not change anything?
14:17:37 <rosmaita> so is your point that we should both deprecate *and* change the default value?
14:18:06 <jokke_> rosmaita: yes, like I said we should do both so we address the current issue while we deprecate this
14:18:20 <jokke_> act now, not next cycle
14:18:52 <jokke_> and that way we can give a cycle more for removal if there's suddenly lots of people depending on this and needing time for it
14:19:27 <jokke_> but that all can be figured out after we have fixed the current "admin" overloading and informed that this is been deprecated
14:21:02 <rosmaita> so is your proposal: ussuri change default value, victoria deprecate option, wallaby remove option ?
14:21:39 <abhishekk> sorry, laptop restarted suddenly
14:22:16 <abhishekk> rosmaita, IMO he is saying deprecate and change the default value now, and remove in wallaby
14:22:29 <jokke_> rosmaita: that or change defaul & deprecate ussuri; remove V if no hard push from the operator community else remove W
14:23:08 <rosmaita> there's not going to be a hard push from operator community, the only things i have heard about this is that it messes up policy configuration
14:23:16 <jokke_> either way is fine by me as long as we change that default value and address it now as it has been talked in public way too much
14:23:35 <smcginnis> It will likely be 2-3 years before operators give any feedback, unfortunately.
14:24:07 <jokke_> rosmaita: that's great, we still need to initialize that discussion in the mailing list and give room for those voices as per the deprecation policy
14:24:41 <jokke_> smcginnis: that fine as well as long as we give them the opportunity so we actually follow the policy we assert on ;)
14:24:50 <abhishekk> rosmaita, how much efforts are required to change the default value?
14:25:09 <rosmaita> not much
14:25:36 <rosmaita> just have to change the value and revise the release note
14:25:50 <abhishekk> we should do it then
14:26:01 <rosmaita> but i strongly feel that we must deprecate in ussuri
14:26:15 <rosmaita> or this will be another one of those never ending deprecations
14:26:27 <rosmaita> i will also need to revise spec, i guess
14:26:37 <abhishekk> smcginnis, can I post m3 release patch on Tuesday/Wednesday
14:27:05 <abhishekk> we still have 3/4 patches to get in, then config refresh patch
14:27:21 <abhishekk> looking at the gate, it will easily take 3-4 days for the same
14:28:10 <abhishekk> jokke_, kindly look checksum computation specs as well
14:28:14 <jokke_> abhishekk: perhaps we should tag m-3 (or skip it) and make sure these gets into RC-1 ... not like we have any feature work going in
14:28:47 <smcginnis> Yeah, we can wait for RC1 if we want.
14:29:07 <abhishekk> can we skip m-3?
14:29:28 <smcginnis> Client lib needs to be released, but there is no requirement to do milestone releases for services anymore.
14:29:38 <abhishekk> cool
14:29:47 <jokke_> so the checksum deprecation I'm much more worried about. As I feel that might end up being on of those never removed deprecations as I'm pretty sure tempest is gating on checksums
14:29:48 <smcginnis> Only if we think someone might pick up those beta releases for testing.
14:30:21 <abhishekk> We already have released python-glanceclient
14:30:49 <rosmaita> jokke_: see if this describes what you want: https://review.opendev.org/#/c/714626/2/specs/ussuri/approved/glance/spec-lite-deprecate-admin_role.rst
14:32:01 <abhishekk> This is my action plan
14:32:23 <abhishekk> 1. Get important patch, https://review.opendev.org/#/c/718367/ in today
14:32:30 <jokke_> rosmaita: +2 on the deprecate admin role spec
14:32:34 <abhishekk> 2. Submit config refresh patch
14:32:46 <abhishekk> 3. Tag m-3 on monnday
14:33:12 <abhishekk> File FFE for checksum and deprecate admin role (if required) and get them in rc-1
14:33:59 <jokke_> rosmaita: and if we don't have security bug for it, lets open public one so we can actually backport it and already get it out for those who are now looking into deploying steing or train
14:34:13 <abhishekk> rosmaita, jokke_ smcginnis does it makes sense?
14:34:13 <jokke_> -g
14:35:07 <rosmaita> so jokke_ your concern about the checksum, that would *not* be a reason to deprecate it in ussuri, is that right?
14:35:56 <jokke_> rosmaita: I just want to make sure we can actually remove it before marking it deprecated. (preferably get rid of the tempest test and depend the deprecation on that removal)
14:36:25 <jokke_> rosmaita: we have too many of these things just hanging because we make a decision and then QA just cockblocks us
14:37:16 <rosmaita> well, this is a security concern
14:37:22 <rosmaita> two things here:
14:37:31 <rosmaita> (1) no change in the api or the response
14:37:45 <rosmaita> (2) if you are actually validating the download, you need to use the secure method
14:38:20 <rosmaita> so i think we can get this one through tempest, i can patch anything using checksum to validate to use multihash
14:38:47 <rosmaita> but i think we need to deprecate first so they know we are serious
14:38:48 <abhishekk> I second this
14:39:13 <jokke_> I thought that would have been the case with the default visibility as well and how well that went
14:39:25 <jokke_> or registry
14:39:51 <smcginnis> We need to either submit patches to tempest, or at least announce on the ML so they know about the change.
14:40:14 <jokke_> smcginnis: what we need is commitment from them to agree it can be removed
14:40:25 <rosmaita> it's not being removed
14:40:37 <rosmaita> it's just not being populated any more
14:40:46 <smcginnis> Honestly, if something isn't in refstack, they can't dictate to this team what stays or goes.
14:41:22 <jokke_> smcginnis: only way that statement is true is to drop tempest gating ... we've seen it too many times by now
14:41:53 <jokke_> as we have no way to force anything into tempest and they are in our gate
14:42:01 <smcginnis> Well, that's my point with submitting patches to tempest. If we change something there, it doesn't just impact glance code.
14:42:04 <jokke_> so they very much do dictate what we can do
14:42:25 <rosmaita> i think this is going to be different
14:42:36 <smcginnis> Yeah
14:42:40 <rosmaita> everyone thinks that download validation == security
14:42:46 <rosmaita> and md5 == really bad
14:42:56 <rosmaita> plus, we aren't modifying the image response
14:43:01 <rosmaita> so no breaking
14:43:09 <rosmaita> and multihash has been available since rocky
14:43:37 <rosmaita> and has been used in glanceclient since rocky (second release)
14:44:11 <rosmaita> so whereas the visibilility thing was kind of difficult to explain
14:44:18 <rosmaita> this is pretty straightforward
14:44:33 <abhishekk> I think we have discussed this when we have agreed on drafting the specs of checksum deprecation, and sounds straight forward
14:44:34 <rosmaita> but the big thing here, is no telcos will use glance pretty soon
14:45:07 <rosmaita> because they want no md5 anywhere
14:45:52 <smcginnis> And with federally mandated things like FIPS, they may not be allowed to even if they want to.
14:46:14 <abhishekk> Last 15 minutes,
14:46:34 <rosmaita> anyway, i think we need the deprecation clock started on this one right away
14:46:40 <rosmaita> i.e., in ussuri
14:46:59 <rosmaita> and much as it sucks, we can fight it out in victoria
14:47:11 <rosmaita> but i don't think there will be much fight on this one
14:47:23 <abhishekk> +1
14:48:27 <rosmaita> this is the actual deprecation note i am proposing: https://review.opendev.org/#/c/718147/1/releasenotes/notes/deprecate-checksum-a602853403e1c4a8.yaml
14:48:27 <abhishekk> jokke_, we should do it now
14:49:05 <jokke_> So how I see this is, we have 3 options: 1) we deprecate, we potentially fight with qa for next 3 years to get rid of it and might buy us some user time as it's deprecated 2) we change the tempest tests to make sure it's not blocked, and then we deprecate and get rid of it or 3) (possibly as outcome of 1 but we could do it right away) we get security bug opened about it based on any gov policies
14:49:11 <jokke_> like FIPS preventing it's usage as unsecure and get rid of it right away
14:49:32 <jokke_> I'd prefer either 2) or 3) but I just have no iterest to fight the 1) route through
14:50:16 <rosmaita> well, deprecating it now is consistent with security bug
14:50:20 <jokke_> some clients might have missed this: 16:49 < jokke_> like FIPS preventing it's usage as unsecure and get rid of it right away
14:51:29 <rosmaita> i don't see any reason *not* to deprecate now
14:51:34 <jokke_> rosmaita: nope, if we take the security bug route, we can get rid of it in Ussuri and even backport it, deprecating it now will be earliest V which means that the telcos will be stuck with md5 until like 2025 unless we later on backport the removal through a bug
14:52:48 <jokke_> so what I'm saying is, we can either get rid of it without even worryig about deprecation if there is F.E. gov policy mandating us to do so. Or we might end up stuck with it for non-determined time
14:53:30 <abhishekk> last 8 minutes, we can continue discussion on it #openstack-glance channel
14:53:37 <abhishekk> Moving ahead
14:53:52 <abhishekk> #topic glance-specs victoria patch
14:54:04 <abhishekk> I have created glance-specs patch for victoria
14:54:29 <abhishekk> please have a look at it so we can start adding specs for victoria
14:54:44 <abhishekk> #topic Open discussion
14:55:07 <abhishekk> jokke_, https://review.opendev.org/718367
14:55:14 <abhishekk> have a look at it
14:55:27 <smcginnis> Nothing from me.
14:55:54 <abhishekk> as per docs we expect bool values for all-stores and allow-failure, so We are rejecting requests if it is not bool
14:57:13 <jokke_> is the client actually sending JSON bool or did I mess that up?
14:57:32 <abhishekk> jokke_, fixed client yesterday
14:57:51 <abhishekk> now it is sending JSON bool
14:58:30 <abhishekk> last two minutes
14:59:06 <jokke_> I thought that might have been the case
14:59:59 <abhishekk> time is up, switching back to openstack-glance for further discussion
15:00:06 <abhishekk> thank you all
15:00:12 <abhishekk> #endmeeting