14:00:05 #startmeeting glance 14:00:06 Meeting started Thu Feb 11 14:00:05 2021 UTC and is due to finish in 60 minutes. The chair is abhishekk. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:00:07 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:00:09 The meeting name has been set to 'glance' 14:00:14 #topic roll call 14:00:19 #link https://etherpad.openstack.org/p/glance-team-meeting-agenda 14:00:22 o/ 14:00:27 o/ 14:00:34 o/ 14:00:49 lets wait for rosmaita for couple of minutes 14:00:56 o/ 14:01:02 cool lets start 14:01:12 #topic release/periodic jobs update 14:01:20 Final release of non-client libraries - 2 weeks 14:01:26 priority patch: https://review.opendev.org/c/openstack/glance_store/+/774703 14:01:35 This one patch is up for review in glance_store 14:02:10 This is type of blocker for some deployment tools to configure multiple cinder backends in glance 14:02:29 Please have a look at it 14:02:37 Milestone 3 - 3 weeks 14:02:54 We have series of open patches in glance along with secure RBAC 14:03:30 So need to gear up and start reviewing 14:03:38 Periodic jobs - green again 14:03:47 Moving to next topic 14:03:55 #topic Distributed image import 14:04:01 Dan's spec - https://review.opendev.org/c/openstack/glance-specs/+/763574 (2 +2 and 1 -2) 14:04:18 We still need to come into agreement 14:04:59 I am still hoping we can get this done in this cycle, I might also think of granting FFE if required 14:05:05 abhishekk: is that the correct url for the review? 14:05:37 mabye this: https://review.opendev.org/c/openstack/glance-specs/+/774097 14:05:51 my bad 14:05:54 #link https://review.opendev.org/c/openstack/glance-specs/+/774097 14:06:11 I think it's time to stop beating the dead horse and focus the little time we have left in the cycle on the stuff we have agreed on and inflight like the rbac 14:07:00 jokke, will think over your advice, thank you 14:07:07 except that there's already code for this proposal 14:07:21 so it's not speculative as a spec, it's basically working 14:07:33 basically working? :) 14:07:35 I also need to make sure that we have opted all the options to get this done 14:08:23 ok, as far as i can tell, it's really working without causing regressions 14:08:28 dansmith: how's that? 14:08:43 heh, better thanks :) 14:08:46 So I am still little bit positive about this 14:08:49 :D 14:09:07 next one is 14:09:07 given I extended devstack to have two isolated glance workers, 14:09:33 we can fully validate this in an automated test to a high degree of confidence I think 14:09:44 yes, this will be very useful 14:10:23 #topic Task show API 14:10:31 Spec - https://review.opendev.org/c/openstack/glance-specs/+/763740 (needs reviews, minor changes in specs) 14:10:44 I have spec ready to merge 14:10:54 also PoC is there if anyone wants to have a look 14:11:12 #link https://review.opendev.org/c/openstack/glance/+/763739 14:11:26 Working on tests and will be complete by Monday 14:11:29 rosmaita: I think you should be ready to go on this one too pretty much right? 14:11:41 jokke, rosmaita, smcginnis kindly review the spec 14:11:44 yeah, just need to look at the diff from PS7 14:11:49 yeah, cool 14:12:26 Cool, moving ahead 14:12:44 #topic Secure RBAC 14:12:57 at the moment we are Waiting for new version of oslo.policy - https://review.opendev.org/c/openstack/requirements/+/774290 14:13:13 lbragstad, have all the patches in place with working protection testing 14:13:18 Patches for reviews - https://review.opendev.org/q/project:openstack/glance+topic:secure-rbac 14:13:24 Functional tests against devstack - https://review.opendev.org/c/openstack/glance-tempest-plugin/+/773568 14:13:56 These tests are working in local environment, as I said just waiting for new oslo.policy release 14:14:29 If possible kindly review these patches as well 14:15:02 any questions about secure RBAC stuff? 14:15:40 I've been going through those patches few times now 14:15:53 cool, any concerns so far 14:16:01 there's couple of things that needs to be flagged, but I'm missing something as whole here 14:16:46 It will be good to record these somewhere either on reviews or testing etherpad 14:17:01 How do you turn this on/off? I mean using the policies from the policy file as they are defined at the moment vs. turning on the persona policies introduced by these patches 14:17:26 fwiw - there are still some bit in the database that build queries based on the roles associated to the context - which results in different responses for project-admins versus project-members and project-readers 14:17:29 abhishekk: yeah I will flag those in the relevant patches on the next pass 14:17:59 jokke, ack 14:18:09 i've added FIXMEs in the glance-tempest-plugin to highlight some of those cases 14:18:40 AFAIK at the moment there is no provision for on/off with old vs new policies checkup 14:19:01 lbragstad, am I right? 14:19:15 but either I've missed the patch or the mechanism but like said I haven't figured out how do you choose between policies as they are implemnted in Victoria vs. these new persona based policies 14:20:02 well - we have configuration options in oslo.policy that determine how to process the default rules with respect to the deprecated values 14:20:14 which is invoked from https://review.opendev.org/c/openstack/glance-tempest-plugin/+/773568/14/.zuul.yaml#1 14:20:41 and that calls this - https://opendev.org/openstack/glance/src/branch/master/devstack/plugin.sh 14:20:57 enforce_scope ? 14:21:11 https://opendev.org/openstack/glance/src/branch/master/devstack/plugin.sh#L15-L19 14:21:46 well - there are two, enforce_scope and enforce_new_defaults (which ignores any deprecated rule values during processing) 14:22:02 s/processing/enforcement/ 14:22:08 right 14:22:41 the tests i'm writing are forcing glance to use the new personas 14:23:15 ack 14:23:49 I will go through your FIXME comments 14:24:16 anything else you want to highlight here, lbragstad 14:24:37 not really - once the FIXMEs are handled, we should be able to consolidate the tests 14:25:00 ok, thank you 14:26:01 @all please try to have look at rbac patches and tests 14:26:09 moving ahead 14:26:15 #topic Open discussion 14:26:40 Last 3 weeks and we have lot to review and work 14:27:06 So please be focused and get things done 14:27:24 That's it from me today 14:27:44 ummm ... what did we decide about https://review.opendev.org/c/openstack/glance-specs/+/774097 ? 14:27:48 we still have 30 minutes to discuss anything else you have in your mind 14:29:22 I am thinking on that, on a positive note we might get this in before next meeting or apply for FFE 14:31:40 well, i don't know that anyone's attitude toward the proposal will change over the next week, and i'd kind of like to merge it sooner rather than later ... even though it's got great tests and tempest coverage, it *is* software, so the more it runs the better IMO 14:33:00 rosmaita, noted 14:34:13 anything else? 14:34:33 going once 14:34:43 Steap, you around? 14:35:22 Please push new revision for your patch, https://review.opendev.org/c/openstack/glance/+/763920 14:35:28 it is good to go 14:35:34 going twice 14:36:14 thank you all 14:36:18 see you next week 14:36:33 till then keep reviewing and have a nice weekend 14:36:37 will do :) 14:36:42 Steap, thank you 14:36:55 ok, bye all 14:37:02 #endmeeting