Re: [openstack-dev] [Glance][TC][Heat][App-Catalog][Murano][Tacker] Glare as a new Project

2016-08-05 Thread stuart . mclaren
I think this makes sense. "Should Artifacts be part of Glance?" is something folks have been debating for several years now, with seemingly equal numbers on each side. Even though it was far from unanimous, several summits ago it was decided to aim for a a v3 Glance API which would support all

Re: [openstack-dev] [Glance][Glare] External locations design

2016-08-02 Thread stuart . mclaren
Hi Kairat, I think it's great to try and tease through the various issues here. I added some comments to the etherpad. -Stuart Hello all, I would like to start to describe some design decisions we made in Glare code (https://review.openstack.org/#/q/topic:bp/glare-api+status:open). If you

Re: [openstack-dev] [Glance][Heat][Horizon] Glance v2 and custom locations

2016-07-26 Thread stuart . mclaren
Hi Mike, Here's my $0.02 on setting locations directly: I think there will always be some (probably public cloud) operators who are wary of allowing regular users to do this. For this reason, and also because the API calls are backend specific (setting location isn't supported for a filesystem

[openstack-dev] [glance] Hiatus

2016-05-11 Thread stuart . mclaren
Hi, A change in focus means I'm going to be less involved upstream for the next while. I realise the timing isn't great for the DefCore image import stuff. I'm hoping someone else may be able to pick up where I've left off [1]. Thanks, -Stuart [1] https://review.openstack.org/#/c/312972,

[openstack-dev] [glance] Image import: operator plugins

2016-04-20 Thread stuart . mclaren
Hi, As part of Glance's image import [1] work we need to define how operators can run site specific code as part of the import process. For example an operator may want to perform some site-specific validation on the image bits. Note that I'm not so much interested in what we use to do this (ie

Re: [openstack-dev] [Glance] Block subtractive schema changes

2016-03-24 Thread stuart . mclaren
I think this makes sense (helps us spot things which could impact upgrade). Hi Glance Team, I have registered a blueprint [1] for blocking subtractive schema changes. Cinder and Nova are already supporting blocking of subtractive schema operations. Would like to add similar support here.

[openstack-dev] [glance] PTL candidacy

2016-03-18 Thread stuart . mclaren
Hi everyone, I'd like to be considered for Glance PTL. First: thanks (again) to Flavio for his leadership over the last cycle. Glance is in pretty good shape right now: we have a coherent team which is focussed on a well defined set of priorities. It's a relatively small team, but we're

Re: [openstack-dev] [cinder] v2 image upload from url

2016-02-08 Thread stuart . mclaren
Sorry, can you give an example of the exact command you are using, please? On 5 Feb 2016 22:45, "Fox, Kevin M" wrote: We've been using the upload image from http url for a long time and when we upgraded to liberty we noticed it broke because the client's defaulting to v2

Re: [openstack-dev] [API] [Glance] New v2 Image Import

2016-01-22 Thread stuart . mclaren
On 08/01/16 17:14 +, Ian Cordasco wrote: Hey all, Yo! Thanks for taking the time to read the spec and writing this email. Yes, the more eyes the better -- so thanks. Flavio asked me to document the various alternatives. At very least it's good to capture them in the spec.

Re: [openstack-dev] [glance][all] glance_store drivers deprecation/stabilization: Volunteers needed

2016-01-19 Thread stuart . mclaren
On 11/01/16 15:52 -0500, Flavio Percoco wrote: Greetings, Gentle reminder that this is happening next week. Cheers, Flavio - Original Message - From: "Flavio Percoco" To: openstack-dev@lists.openstack.org Sent: Thursday, December 10, 2015 9:16:09 AM Subject:

[openstack-dev] [glance] FFE for "Multi-tenant Swift store service token support"

2016-01-14 Thread stuart . mclaren
Hi, I'd like to request an exception for this spec: https://review.openstack.org/#/c/170564/ -Stuart __ OpenStack Development Mailing List (not for usage questions) Unsubscribe:

Re: [openstack-dev] [glance] Seeking FFE for "Support single disk image OVA/OVF package upload"

2016-01-11 Thread stuart . mclaren
Hello Glance Team! Hope you had a wonderful vacation and wishing you health and happiness for 2016. Would very much appreciate your considering https://review.openstack.org/194868 for a feature freeze exception. I believe the spec is pretty solid, and we can deliver on the

Re: [openstack-dev] [glance] Seeking FFE for "Support single disk image OVA/OVF package upload"

2016-01-08 Thread stuart . mclaren
Hello Glance Team! Hope you had a wonderful vacation and wishing you health and happiness for 2016. Would very much appreciate your considering https://review.openstack.org/194868 for a feature freeze exception. I believe the spec is pretty solid, and we can deliver on the

Re: [openstack-dev] [python-glanceclient] Return request-id to caller

2015-12-09 Thread stuart . mclaren
Excerpts from Flavio Percoco's message of 2015-12-09 09:09:10 -0430: On 09/12/15 11:33 +, Kekane, Abhishek wrote: Hi Devs, We are adding support for returning ?x-openstack-request-id? to the caller as per the design proposed in cross-project specs:

Re: [openstack-dev] [glance] Add Ian Cordasco back into glance-core

2015-12-08 Thread stuart . mclaren
+1 I'm delighted to hear this. Welcome back Ian. +1 from me! Glad to have Ian back. On 12/7/15, 11:36 AM, "Flavio Percoco" wrote: > Greetings, > > Not long ago, Ian Cordasco, sent an email out stepping down from his > core roles as he didn't have the time to dedicate

Re: [openstack-dev] [glance] Models and validation for v2

2015-10-01 Thread stuart . mclaren
We've been taking validation out as issues have been reported (it was removed from image-list recently for example). Removing across the board probably does make sense. Agree with you. That's why I am asking about reasoning. Perhaps, we need to realize how to get rid of this in glanceclient.

Re: [openstack-dev] [glance] proposed priorities for Mitaka

2015-09-15 Thread stuart . mclaren
I've been looking into the existing task-based-upload that Doug mentions: can anyone clarify the following? On a default devstack install you can do this 'task' call: http://paste.openstack.org/show/462919 Yup. That's the one. as an alternative to the traditional image upload (the bytes are

Re: [openstack-dev] [glance] proposed priorities for Mitaka

2015-09-15 Thread stuart . mclaren
After having some conversations with folks at the Ops Midcycle a few weeks ago, and observing some of the more recent email threads related to glance, glance-store, the client, and the API, I spent last week contacting a few of you individually to learn more about some of the issues confronting

Re: [openstack-dev] [glance] [nova] Verification of glance images before boot

2015-09-09 Thread stuart . mclaren
The glance client (running 'inside' the Nova server) will re-calculate the checksum as it downloads the image and then compare it against the expected value. If they don't match an error will be raised. How can I know that the image that a new instance is spawned from - is actually the image

Re: [openstack-dev] [Glance] upcoming glanceclient release

2015-08-28 Thread stuart . mclaren
I've compiled a list of backwards incompatabilities where the new client will impact (in some cases break) existing scripts: https://wiki.openstack.org/wiki/Glance-v2-v1-client-compatability On 27/08/15 15:32 -0400, Nikhil Komawar wrote: As a part of our continued effort to make the v2

Re: [openstack-dev] [Glance] upcoming glanceclient release

2015-08-28 Thread stuart . mclaren
I've compiled a list of backwards incompatabilities where the new client will impact (in some cases break) existing scripts: https://wiki.openstack.org/wiki/Glance-v2-v1-client-compatability Awesome! To be honest there's a little more red there than I'd like. Of the 72 commands I tried,

Re: [openstack-dev] [Nova] [Cinder] [Glance] glance_store and glance

2015-08-14 Thread stuart . mclaren
I got zero responses on the mailing list raising a problem with Glance v2 [1]. I got zero responses on cross project meeting raising a problem with Glance v2 [2]. I'm very happy with my choice of words, because I think this hand slap on Glance is the first time I got acknowledgement in my

Re: [openstack-dev] [glance] V3 authentication to swift

2015-07-17 Thread stuart . mclaren
Thanks for the heads up Jamie, I'll try to take a look. -Stuart Glancers, A while ago I wrote an email outlining a couple of ways we could support keystone v3 authentication when using swift as a backend for glance_store. In the long term it would be best to transition swiftclient to use

Re: [openstack-dev] [glance] V3 Authentication for swift store

2015-06-18 Thread stuart . mclaren
Hi Jamie, Glance has another way of specifying the swift credentials for the single tenant store which may (?) be useful here. In glance-swift.conf you can specify something like: [ref1] user = tenant:user1 key = key1 auth_address = auth...@example.com which means that in the database 'ref1'

Re: [openstack-dev] [Glance][Keystone] Glance and trusts

2015-06-08 Thread stuart . mclaren
On Jun 5, 2015, at 19:25, Bhandaru, Malini K malini.k.bhand...@intel.com wrote: Continuing with David?s example and the need to control access to a Swift object that Adam points out, How about using the Glance token from glance-API service to glance-registry but carry along extra data in

[openstack-dev] [eventlet][requirements] Issue with eventlet = 0.17.2 and ssl

2015-05-05 Thread stuart . mclaren
All, When using a version of python which has the new SSLContext (ie python 3, 2.7.9 and at least some 2.7.8 versions) this issue: https://github.com/eventlet/eventlet/issues/226 (where the combination of a newer python with https/eventlet and requests doesn't handle SSL certs propertly)

[openstack-dev] [taskflow][glance][debian] Issue with ordereddict

2015-04-20 Thread stuart . mclaren
Hi, Debian are hitting this issue https://bugs.launchpad.net/glance/+bug/1445827. Currently glance and glance_store include ordereddict in their requirements.txt. Since Glance no longer gates on py26 I think it should be ok to remove that requirement from glance and glance_store (both repos

[openstack-dev] [infra][glanceclient][cinderclient] Problems with juno check jobs

2015-04-13 Thread stuart . mclaren
Hi Gorka, Glance is seeing something very similar [3]. I've updated the two bugs ([1],[3]) with some extra info. Both issues seem to have started around April 7th. Would anyone from infra be able to take a quick look? Thanks, -Stuart [3] https://bugs.launchpad.net/glance/+bug/1442682

[openstack-dev] [glance] zero downtime conf/kilo

2015-03-24 Thread stuart . mclaren
All, The main zero downtime config patch has merged (thanks to everyone, especially Abhishek, for their help). There's a couple of small, follow on corner case patches, that, eg ensure a config change to logging (INFO-DEBUG) can be picked up dynamically. Are we planning/hoping to merge them

[openstack-dev] [glance] reminder to check 'Author' of patch set when reviewing

2015-03-23 Thread stuart . mclaren
A quick reminder for Glance cores to check if the 'Author' changes between patch sets. When someone other than the original submitter uploads a new patch set they should, if appropriate, add themselves as a co-author rather than replace the original patch author. (It's the 'Author' rather than

Re: [openstack-dev] [glance] security and swift multi-tenant fixes on stable branch

2014-11-14 Thread stuart . mclaren
On 2014-11-13 18:28:14 +0100 (+0100), Ihar Hrachyshka wrote: [...] I think those who maintain glance_store module in downstream distributions will cherry-pick the security fix into their packages, so there is nothing to do in terms of stable branches to handle the security issue. [...] As a

[openstack-dev] [glance] security and swift multi-tenant fixes on stable branch

2014-11-13 Thread stuart . mclaren
All, The 0.1.9 version of glance_store, and glance's master branch both contain some fixes for the Swift multi-tenant store. This security related change hasn't merged to glance_store yet: https://review.openstack.org/130200 I'd like to suggest that we try to merge this security fix and

[openstack-dev] [glance] multi-tenant store in Juno

2014-10-24 Thread stuart . mclaren
All, On my devstack setup neither image upload or image download work for the Swift multi-tenant store in Juno (I'm getting E500s). I'd be interested if someone can confirm. With these changes upload/download worked for me: glance upload https://review.openstack.org/#/c/130757/ glance store

Re: [openstack-dev] [Glance] PTL Non-Candidacy

2014-09-23 Thread stuart . mclaren
Hi Mark, Many thanks for your leadership, and keeping glance so enjoyable to work on over the last few cycles. -Stuart From: Mark Washenberger mark.washenber...@markwash.net To: OpenStack Development Mailing List openstack-dev@lists.openstack.org Subject: [openstack-dev] [Glance] PTL

[openstack-dev] [glance] 0.14.0 client - v2 requests broken

2014-09-10 Thread stuart . mclaren
All, The 0.14.0 client breaks all v2 requests when pointed at a glance server which is running code which is more than a few days old (ie pretty much any production server). There's a band-aid patch here: https://review.openstack.org/#/c/120143/ and a longer term patch here:

Re: [openstack-dev] [glance] 0.14.0 client - v2 requests broken

2014-09-10 Thread stuart . mclaren
On 09/10/2014 11:52 AM, stuart.mclaren at hp.com wrote: All, The 0.14.0 client breaks all v2 requests when pointed at a glance server which is running code which is more than a few days old (ie pretty much any production server). There's a band-aid patch here:

Re: [openstack-dev] [glance] Use Launcher/ProcessLauncher in glance

2014-09-01 Thread stuart . mclaren
I've been looking at the most recent patch for this (https://review.openstack.org/#/c/117988/). I'm wondering what behaviour do folks feel is best in the following scenario? 1) an image download starts (download1) 2) send SIGHUP to glance-api 3) start another download (download2) 4)

Re: [openstack-dev] [Glance]: V2 api support for download_image policy?

2014-06-03 Thread stuart . mclaren
Hi Abishek, download_image *should* apply to v2 in the same way as v1 I think. If that's not what you're seeing can you enter a bug (with details) in launchpad? https://bugs.launchpad.net/glance Typically you'd mark it with 'private security' but 'public security' makes sense now. Thanks!

[openstack-dev] [TripleO] proxying SSL traffic for API requests

2014-03-26 Thread stuart . mclaren
All, I know there's a preference for using a proxy to terminate SSL connections rather than using the native python code. There's a good write up of configuring the various proxies here: http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html If we're not using native

Re: [openstack-dev] [TripleO] proxying SSL traffic for API requests

2014-03-26 Thread stuart . mclaren
Just spotted the openstack-ssl element which uses 'stunnel'... On Wed, 26 Mar 2014, stuart.mcla...@hp.com wrote: All, I know there's a preference for using a proxy to terminate SSL connections rather than using the native python code. There's a good write up of configuring the various

Re: [openstack-dev] [TripleO] proxying SSL traffic for API requests

2014-03-26 Thread stuart . mclaren
Thanks Chris. Sounds like you're saying building out the apache element may be a sensible next step? -Stuart Hi We don't have a strong attachment to stunnel though, I quickly dropped it in front of our CI/CD undercloud and Rob wrote

[openstack-dev] [Glance] FFE Request: Allow enabling both v1 and v2 registries

2014-03-13 Thread stuart . mclaren
Hi, Right now you can select running either the v1 or v2 registries but not both at the same time. I'd like to ask for an FFE for this functionality (Erno's patch in progress here: https://review.openstack.org/#/c/79957/) With v1 on the road to deprecation I think this may help migrating from a

[openstack-dev] [Glance] delayed delete and user credentials

2014-02-10 Thread stuart . mclaren
Hi Pete, See the comments in patch set 5 for scrubber.py and also this documentation: https://review.openstack.org/#/c/59471/ -Stuart Message: 2 Date: Thu, 6 Feb 2014 11:56:28 -0700 From: Pete Zaitcev zait...@redhat.com To: OpenStack Dev OpenStack-dev@lists.openstack.org Subject:

Re: [openstack-dev] [Nova][Glance] Support of v1 and v2 glance APIs in Nova

2013-10-18 Thread stuart . mclaren
I'd just like to echo Tim Bell's comments. From a rolling upgrade perspective where you have Glance nodes behind a load balancer we'd probably need a way to manually 'hold back' on v1 until all nodes are upgraded to support v2 aswell. (Otherwise your auto-discovery may hit an upgraded node

[openstack-dev] [glance] 'ordereddict' requirement

2013-10-16 Thread stuart . mclaren
All, There was a plan to use pypi's 'ordereddict' in Icehouse, to replace how we're currently providing that functionality. However, there are no ordereddict packages for Debian/Ubuntu and there are no plans to provide them. (See Thomas Goirand's comment here:

[openstack-dev] Nominating Zhi Yan Liu for glance-core

2013-10-07 Thread stuart . mclaren
+1 Hey, I would like to nominate Zhi Yan Liu(lzydev) for glance core. I think Zhi has been an active reviewer/contributor to the glance community [1] and has always been on top of reviews. Thanks for the good work Zhi! Iccha [1]

[openstack-dev] Nominating Fei Long Wang for glance core

2013-10-07 Thread stuart . mclaren
+1 Hey, I would like to nominate Fei Long Wang(flwang) for glance core. I think Fei has been an active reviewer/contributor to the glance community [1] and has always been on top of reviews. Thanks for the good work Fei! Iccha [1]

[openstack-dev] [glance] FFE Request: Add swift_store_ssl_compression param

2013-09-09 Thread stuart . mclaren
This change: https://review.openstack.org/#/c/32919/ is the final piece of a puzzle that allows a (potentially significant) performance improvement for image uploads (snapshots)/downloads when using ssl. Its the last change required for the following paths: (nova/cinder) - (glance client) -

[openstack-dev] [Glance] property protections -- final call for comments

2013-07-26 Thread stuart . mclaren
Hi Brian, Firstly, thanks for all your great work here! Some feedback: 1) Is there a clash with existing user properties? For currently deployed systems a user may have an existing property 'foo: bar'. If we restrict property access (by virtue of allowing only owner_xxx) can the user update

[openstack-dev] [nova/glance] performance related change

2013-07-17 Thread stuart . mclaren
All, This change: https://review.openstack.org/#/c/32562/ seems to have slipped off the radar, possibly because it has a '-1' -- but I'm waiting on some feedback before progressing. The patch can provide a good performance improvement (depending on your configuration): I measure 3x for image