Wednesday, 2014-11-26

« Tuesday, 2014-11-25 Index Thursday, 2014-11-27 »
*** nealph has quit IRC00:05
*** eglynn has quit IRC00:14
*** sbfox has quit IRC00:29
openstackgerritMerged openstack/ceilometer: Enable pep8 on ./tools directory  https://review.openstack.org/13678100:32
openstackgerritMerged openstack/ceilometer: Fix order of arguments in assertEqual  https://review.openstack.org/13494000:33
*** ViswaV_ has quit IRC00:38
*** mc__ has joined #openstack-ceilometer00:39
*** ViswaV has joined #openstack-ceilometer00:39
*** julim has joined #openstack-ceilometer00:40
*** ViswaV has quit IRC00:44
openstackgerritMerged openstack/ceilometer: Remove Python 2.6 classifier  https://review.openstack.org/13711400:49
*** alexpilotti has quit IRC00:51
*** amalagon has joined #openstack-ceilometer01:06
*** Kennan has joined #openstack-ceilometer01:19
*** promulo__ has joined #openstack-ceilometer01:29
*** r-daneel has quit IRC01:32
*** promulo has quit IRC01:32
*** _cjones_ has quit IRC02:08
*** mc__ has quit IRC02:10
*** mc__2 has joined #openstack-ceilometer02:11
*** mc__2 is now known as mc__02:11
*** promulo has joined #openstack-ceilometer02:14
*** nosnos has joined #openstack-ceilometer02:14
*** promulo__ has quit IRC02:17
*** sbfox has joined #openstack-ceilometer02:32
*** sbfox has quit IRC02:44
*** sbfox has joined #openstack-ceilometer02:59
*** nosnos has quit IRC03:01
*** fnaval has quit IRC03:07
*** sbfox has quit IRC03:14
*** ryanpetrello has joined #openstack-ceilometer03:18
*** fnaval has joined #openstack-ceilometer03:23
*** fnaval has quit IRC03:23
*** zqfan has quit IRC03:24
*** zqfan has joined #openstack-ceilometer03:25
*** harlowja is now known as harlowja_away03:29
*** _cjones_ has joined #openstack-ceilometer03:36
*** _cjones_ has quit IRC03:37
*** _cjones_ has joined #openstack-ceilometer03:38
*** ryanpetrello has quit IRC03:41
*** promulo__ has joined #openstack-ceilometer04:00
*** promulo has quit IRC04:02
*** sbfox has joined #openstack-ceilometer04:03
*** ryanpetrello has joined #openstack-ceilometer04:07
*** nosnos has joined #openstack-ceilometer04:16
*** sbfox has quit IRC04:18
*** _cjones_ has quit IRC04:22
*** ryanpetrello has quit IRC04:23
*** asalkeld has joined #openstack-ceilometer04:24
*** deepthi has joined #openstack-ceilometer04:30
*** rainmantea has joined #openstack-ceilometer04:36
*** mc__ has quit IRC04:37
*** yatin has joined #openstack-ceilometer04:42
*** sbfox has joined #openstack-ceilometer04:43
*** ryanpetrello has joined #openstack-ceilometer04:49
*** nellysmitt has joined #openstack-ceilometer05:03
*** nellysmitt has quit IRC05:08
*** _cjones_ has joined #openstack-ceilometer05:09
*** ishant has joined #openstack-ceilometer05:12
*** _cjones_ has quit IRC05:13
*** mc__ has joined #openstack-ceilometer05:21
*** sbfox has quit IRC05:27
*** _cjones_ has joined #openstack-ceilometer05:28
*** Longgeek has joined #openstack-ceilometer05:38
*** amalagon has quit IRC05:43
*** Longgeek has quit IRC05:44
*** sbfox has joined #openstack-ceilometer05:57
*** _cjones_ has quit IRC05:59
*** k4n0 has joined #openstack-ceilometer06:03
*** ryanpetrello has quit IRC06:05
*** amalagon has joined #openstack-ceilometer06:07
*** _cjones_ has joined #openstack-ceilometer06:08
*** Longgeek has joined #openstack-ceilometer06:22
*** deepthi has quit IRC06:35
*** deepthi has joined #openstack-ceilometer06:47
*** nellysmitt has joined #openstack-ceilometer07:04
*** nellysmitt has quit IRC07:09
*** exploreshaifali has joined #openstack-ceilometer07:18
*** sbfox has quit IRC07:22
*** eglynn has joined #openstack-ceilometer07:26
*** IvanBerezovskiy has joined #openstack-ceilometer07:28
rainmanteaeglynn: just wanted you to have a look at this entry at compute.log  Obtaining CPU Util is not implemented for LibvirtInspector07:29
rainmanteaeglynn: and "Hello"...07:30
*** ala_ has joined #openstack-ceilometer07:37
*** ildikov has joined #openstack-ceilometer07:39
*** alla__ has joined #openstack-ceilometer07:41
*** ala_ has quit IRC07:44
*** eglynn has quit IRC07:46
*** jaypipes has quit IRC07:50
*** mitz- has joined #openstack-ceilometer07:51
*** ryanpetrello has joined #openstack-ceilometer07:51
*** mitz_ has quit IRC07:51
*** ryanpetrello has quit IRC07:56
*** nellysmitt has joined #openstack-ceilometer07:57
*** zqfan has quit IRC07:58
*** zqfan has joined #openstack-ceilometer07:59
*** ildikov has quit IRC08:07
*** _cjones_ has quit IRC08:15
*** ifarkas has joined #openstack-ceilometer08:16
*** eglynn has joined #openstack-ceilometer08:19
*** ildikov has joined #openstack-ceilometer08:22
rainmanteaeglynn,ildokov,nsage: I got the meters!!!yeaaaah08:23
*** nadya has joined #openstack-ceilometer08:26
*** nadya is now known as Guest2838108:27
*** ifarkas has quit IRC08:28
ildikovrainmantea: \o/ :)08:28
ildikovrainmantea: what was the solution finally?08:28
rainmanteaguess what---- # AMQP exchange to connect to if using RabbitMQ or Qpid # (string value) control_exchange=openstack08:30
rainmanteathis had to be uncommented08:30
rainmanteanow i know its preliminary troubleshoot.. but all i say is It wasnt in the DOC!!08:31
rainmanteain the ceilometer.conf file08:31
rainmanteaildikov:i know u must be thinking "whaat u didnt do that before..." //sigh08:32
rainmanteaannnnyway im off to auto scaling n stuff finally (damn couldnt get alarms to conjure up coz of missing meters..lol)08:32
ildikovrainmantea: you mean that you didn't change the default value, just uncommented that line?08:32
rainmanteayes08:33
openstackgerritLan Qi Song proposed openstack/ceilometer: Database.max_retries only override on sqlalchemy side  https://review.openstack.org/13696408:33
*** mitz_ has joined #openstack-ceilometer08:34
ildikovrainmantea: hmm, interesting, what I saw earlier in the ceilometer.conf to be set is the notifictaion_topics, I didn't remember that the control_exchange has to be explicitly set...08:35
rainmanteaildikov:yeah08:36
*** mitz- has quit IRC08:36
rainmanteaildikov: though my ceilometer.conf holds these also uncommented as i was doing all possible combinations08:37
rainmantea# Exchanges name to listen for notifications. (multi valued) http_control_exchanges=nova http_control_exchanges=glance http_control_exchanges=neutron http_control_exchanges=cinder08:37
ildikovrainmantea: a-ha, I see, well, I will check the code later, if I will have time today to see how the default values are configured08:40
ildikovrainmantea: have you changed anything else08:40
ildikovrainmantea: ?08:40
rainmanteaiildikov: well i commented the hypervisor : libvirt and domain: qemu option08:41
rainmanteaalso08:41
*** zqfan has quit IRC08:41
rainmanteathey were commented before..i uncommented to see results some time ag(2 days i think ago..)08:42
*** zqfan has joined #openstack-ceilometer08:42
*** safchain has joined #openstack-ceilometer08:54
openstackgerritIgor Degtiarov proposed openstack/ceilometer: [MongoDB] Fix bug with 'bad' chars in metadatas keys  https://review.openstack.org/12100308:56
openstackgerritIgor Degtiarov proposed openstack/ceilometer: Clean unused tables from mongodb and db2  https://review.openstack.org/13256108:58
*** promulo__ has quit IRC09:14
ildikovrainmantea: a-ha, ok09:15
ildikovrainmantea: didn't you say something about you're running your deployment above VMware?09:16
openstackgerritmizeng proposed openstack/ceilometer: fix for https://bugs.launchpad.net/ceilometer/+bug/1396473  https://review.openstack.org/13730809:20
openstackgerritZhiQiang Fan proposed openstack/python-ceilometerclient: Add apiclient to openstack-common.conf  https://review.openstack.org/13730909:24
*** mc__ has quit IRC09:31
*** cmyster has quit IRC09:35
*** cmyster has joined #openstack-ceilometer09:36
*** Longgeek_ has joined #openstack-ceilometer09:38
*** Longgeek has quit IRC09:39
*** zqfan has quit IRC09:41
*** zqfan has joined #openstack-ceilometer09:41
rainmanteaildokov: well my cloud nodes are CentOS boxes... on a physical node running vm ware09:58
rainmanteaon top of these CentOS boxes runs the Openstack cloud09:59
*** asalkeld has left #openstack-ceilometer10:01
*** zqfan has quit IRC10:08
*** zqfan has joined #openstack-ceilometer10:09
*** Guest28381 has quit IRC10:20
*** nadya_ has joined #openstack-ceilometer10:29
*** nadya_ has quit IRC10:38
openstackgerritmizeng proposed openstack/ceilometer: fix for https://bugs.launchpad.net/ceilometer/+bug/1396473 Rely on VM uuid (which is unique ID and immutable for VM resource) rather than instance name to fetch system metrics via libvert’s lookupByUUIDString API.  https://review.openstack.org/13730810:41
openstackgerritSylvain Afchain proposed openstack/ceilometer: Fix Opencontrail pollster according the API changes  https://review.openstack.org/10491310:42
ildikovrainmantea: a-ha, ok, got it10:45
openstackgerritMehdi Abaakouk proposed openstack/ceilometer: Add some rally scenarios  https://review.openstack.org/13264910:45
openstackgerritmizeng proposed openstack/ceilometer: fix for https://bugs.launchpad.net/ceilometer/+bug/1396473  https://review.openstack.org/13730810:52
jd__gentux: still working on aggregate method selection on Gnocchi?11:00
*** junhongl has quit IRC11:01
*** junhongl has joined #openstack-ceilometer11:02
*** nadya_ has joined #openstack-ceilometer11:04
gentuxjd__: I didn't had time these last few days :/11:05
gentuxjd__: still on it yes11:05
*** ildikov has quit IRC11:05
*** exploreshaifali has quit IRC11:20
*** deepthi has quit IRC11:22
*** claudiub has joined #openstack-ceilometer11:24
*** renatoarmani has joined #openstack-ceilometer11:28
openstackgerritIlya Tyaptin proposed openstack/ceilometer: Add encoding of rows and qualifiers in impl_hbase  https://review.openstack.org/12438011:36
eglynnEmilienM: hey, quick puppet-ceilometer merge policy question?11:44
eglynnEmilienM: ... any idea why this puppet-ceilometer patch hasn't merged https://review.openstack.org/134356 despite being +2/+A'd?11:44
eglynnI can't see a related stuck build in zuul11:45
* eglynn tries a "reverify" ...11:46
*** ildikov has joined #openstack-ceilometer12:11
*** rainmantea has quit IRC12:36
*** exploreshaifali has joined #openstack-ceilometer13:04
EmilienMeglynn: checking13:11
EmilienM(good morning)13:11
*** Longgeek_ has quit IRC13:11
eglynnEmilienM: good morning, thanks!13:11
eglynnEmilienM: (I manually triggered a reverify, but still not merged, I may be missing something obvious)13:12
EmilienMeglynn: you did not miss something13:17
EmilienMI'll figure that out13:17
eglynnEmilienM: thank you sir!13:17
*** julim has quit IRC13:19
EmilienMeglynn: I'm gonna +2 +A to try13:19
eglynncool13:20
*** nosnos has quit IRC13:20
*** alexpilotti has joined #openstack-ceilometer13:21
EmilienMeglynn: looking at http://status.openstack.org/zuul/ it's in the gate now. Should be merged in a few minutes.13:22
eglynnEmilienM: nice one, excellent :)13:22
EmilienMmerged13:27
*** alexpilotti has quit IRC13:32
*** yatin has quit IRC13:32
*** safchain has quit IRC13:33
*** safchain has joined #openstack-ceilometer13:33
*** jaypipes has joined #openstack-ceilometer13:36
*** ildikov has quit IRC13:36
*** Longgeek has joined #openstack-ceilometer13:37
*** ryanpetrello has joined #openstack-ceilometer13:42
*** gordc has joined #openstack-ceilometer13:42
*** ildikov has joined #openstack-ceilometer13:48
*** julim has joined #openstack-ceilometer13:49
*** nadya_ has quit IRC13:54
openstackgerritgordon chung proposed openstack/ceilometer: modify events sql schema to reduce empty columns  https://review.openstack.org/13086913:54
openstackgerritJulien Danjou proposed stackforge/gnocchi: rest: add and expose back_window attribute of archive policies  https://review.openstack.org/13611213:57
*** IvanBerezovskiy has left #openstack-ceilometer14:02
openstackgerritMerged openstack/ceilometer: Database.max_retries only override on sqlalchemy side  https://review.openstack.org/13696414:14
*** exploreshaifali has quit IRC14:15
openstackgerritgordon chung proposed openstack/ceilometer-specs: add ElasticSearch driver backend for events  https://review.openstack.org/12639514:17
*** Longgeek has quit IRC14:34
*** nadya_ has joined #openstack-ceilometer14:34
*** r-daneel has joined #openstack-ceilometer14:37
openstackgerritMerged openstack/ceilometer: Add encoding of rows and qualifiers in impl_hbase  https://review.openstack.org/12438014:38
*** Longgeek has joined #openstack-ceilometer14:40
openstackgerritDina Belova proposed openstack/ceilometer: Move central agent code to the polling agent module  https://review.openstack.org/12718614:58
openstackgerritDina Belova proposed openstack/ceilometer: Make compute discovery pollster-based, not agent-level  https://review.openstack.org/12718514:58
openstackgerritDina Belova proposed openstack/ceilometer: ==POC== Merge Central and Compute agents to *polling agent*  https://review.openstack.org/12471914:58
openstackgerritDina Belova proposed openstack/ceilometer: Merge Central and Compute agents to *polling agent*  https://review.openstack.org/12471915:01
*** Kennan has quit IRC15:09
*** ildikov has quit IRC15:11
*** exploreshaifali has joined #openstack-ceilometer15:19
*** Titilambert has quit IRC15:23
*** Titilambert has joined #openstack-ceilometer15:24
*** ildikov has joined #openstack-ceilometer15:24
openstackgerritMerged openstack/ceilometer: Internal error with period overflow  https://review.openstack.org/13441515:25
openstackgerritDina Belova proposed openstack/ceilometer: Merge Central and Compute agents to *polling agent*  https://review.openstack.org/12471915:34
*** ddieterly has joined #openstack-ceilometer15:36
*** alexpilotti has joined #openstack-ceilometer15:39
*** fnaval has joined #openstack-ceilometer15:40
openstackgerritMehdi Abaakouk proposed stackforge/gnocchi: Allows to filter out the gnocchi generated samples  https://review.openstack.org/12892215:42
openstackgerritMehdi Abaakouk proposed stackforge/gnocchi: Add a gnocchi dispatcher for ceilometer  https://review.openstack.org/9879815:42
*** alla__ has quit IRC15:53
*** ryanpetrello has quit IRC16:06
*** _cjones_ has joined #openstack-ceilometer16:08
*** ishant has quit IRC16:09
*** zigo has quit IRC16:16
*** ildikov has quit IRC16:24
*** zigo has joined #openstack-ceilometer16:27
*** nellysmitt has quit IRC16:30
*** k4n0 has quit IRC16:30
*** ryanpetrello has joined #openstack-ceilometer16:31
*** packet has joined #openstack-ceilometer16:35
*** packet has quit IRC16:37
*** eglynn is now known as eglynn-afk16:38
*** amalagon has quit IRC16:44
*** ryanpetrello_ has joined #openstack-ceilometer16:45
*** ryanpetrello has quit IRC16:48
*** ryanpetrello_ is now known as ryanpetrello16:48
*** ildikov has joined #openstack-ceilometer16:53
*** _cjones_ has quit IRC16:54
*** changbl has joined #openstack-ceilometer16:56
openstackgerritFabio Giannetti proposed openstack/ceilometer: RBAC Support for Ceilometer API Implementation  https://review.openstack.org/11571716:58
*** rbak has joined #openstack-ceilometer17:06
*** ryanpetrello has quit IRC17:12
*** Longgeek has quit IRC17:24
*** eglynn-afk is now known as eglynn17:25
*** atan8 has joined #openstack-ceilometer17:27
*** zul has quit IRC17:34
*** zul has joined #openstack-ceilometer17:35
*** ryanpetrello has joined #openstack-ceilometer17:35
*** _cjones_ has joined #openstack-ceilometer17:37
*** _cjones_ has quit IRC17:41
*** _cjones_ has joined #openstack-ceilometer17:41
*** amalagon has joined #openstack-ceilometer17:55
*** sbfox has joined #openstack-ceilometer17:58
*** claudiub has quit IRC17:59
*** amalagon has quit IRC18:00
*** nadya_ has quit IRC18:00
*** ryanpetrello_ has joined #openstack-ceilometer18:01
*** safchain has quit IRC18:04
*** harlowja_away is now known as harlowja18:04
*** ryanpetrello has quit IRC18:04
*** ryanpetrello_ is now known as ryanpetrello18:04
*** _cjones_ has quit IRC18:07
*** _cjones_ has joined #openstack-ceilometer18:08
*** exploreshaifali has quit IRC18:13
*** harlowja has quit IRC18:18
*** harlowja has joined #openstack-ceilometer18:19
*** ryanpetrello_ has joined #openstack-ceilometer18:30
*** nadya_ has joined #openstack-ceilometer18:30
*** ryanpetrello has quit IRC18:33
*** ryanpetrello_ is now known as ryanpetrello18:33
*** pradk has joined #openstack-ceilometer18:35
*** nadya_ has quit IRC18:39
*** harlowja_ has joined #openstack-ceilometer18:41
*** changbl has quit IRC18:44
*** harlowja has quit IRC18:45
*** sbfox has quit IRC18:49
*** sbfox has joined #openstack-ceilometer18:51
sbfoxHey Ceilometer folks, is anyone aware of an open sourced billing project designed with ceilometer in mind?18:53
*** amalagon has joined #openstack-ceilometer19:09
*** zqfan has quit IRC19:13
*** zqfan has joined #openstack-ceilometer19:14
*** ddieterly has quit IRC19:21
*** changbl has joined #openstack-ceilometer19:29
*** renatoarmani has quit IRC19:30
*** ddieterly has joined #openstack-ceilometer19:34
*** edmondsw has joined #openstack-ceilometer19:36
*** exploreshaifali has joined #openstack-ceilometer19:37
edmondswgordc, have a few minutes to chat about https://review.openstack.org/#/c/132097/ ?19:38
*** amalagon has quit IRC19:47
gordcedmondsw: sorry, was getting help setting something up... i have a few minutes now.19:55
*** rbak_ has joined #openstack-ceilometer19:55
*** rbak has quit IRC19:56
edmondswgordc, did you see my latest comment there, or the comments I put in https://review.openstack.org/#/c/115717/ ?19:57
edmondswthought it might be better to talk through that on IRC than via review comments19:58
*** ryanpetrello has quit IRC20:00
gordcedmondsw: just read it. i should think the RBAC work would cover this... is this a gap in Fabio's design?20:01
edmondswgordc, at least partially... but as I've dug into it, I think the problem goes deeper than that20:02
gordctbh, it looks really strange having http.request and http.response hardcoded everywhere.20:02
edmondswyeah, and that's not the extent of audit data, either...20:02
gordcespecially since there isn't audit data in those meters all the time (only if you use pycadf audit middleware)20:02
*** ryanpetrello has joined #openstack-ceilometer20:02
edmondswthat's a discussion that is going to affect any solution, though... something is going to have to distinguish what is audit data and what isn't20:03
edmondswthat's part of the problem... ceilometer doesn't distinguish that today... and it really needs to20:04
edmondswaudit data should not be lumped together with non-audit data that has different TTL requirements, different security requirements, etc.20:04
*** nadya_ has joined #openstack-ceilometer20:04
edmondsws/TTL/retention/20:04
gordcagreed. just to clarify, the RBAC solution can't cover it or doesn't cover it?20:04
edmondswprobably both20:05
edmondswat least doesn't20:05
edmondswthe middleware that I wrote as an alternative has to do a lot of crazy things to try to strip sensitive audit data out of places you wouldn't expect it to have been in the first plce20:06
gordci see... so i'm actually working on events and the http.* meters will probably end up going there in future...20:06
edmondswtbf, the changeset I have in https://review.openstack.org/#/c/132097/ doesn't go far enough... I'd have to expand on that to match the additional things I found while working on the middleware approach20:07
gordcwhat would be a good way to handle restriction (without hardcoding http.* into api20:07
edmondswlet's talk about the things I found so you understand the full picture20:07
gordci would assume different deployers would have different metrics which they would deem to be sensitive and not sensitive20:08
gordcok cool20:08
edmondswI should paste the code so you can see what I'm talking about... one sec20:09
gordcsounds good20:09
*** ryanpetrello has quit IRC20:10
edmondswgordc, http://paste.openstack.org/show/139034/20:12
edmondswso first, I had to add query parms specifying project id for all users (probably only necessary for admins, since non-admins were already restricted to their project, but better to be safe) and user_id for non-admin users20:14
edmondswbeing careful to account for the possibility of the user already specifying project/user in query parms20:15
edmondswthen around line 138 you start to see the other things we have to account for20:16
gordcwhat rules are we trying to enforce: if admin, see everything and only audit data for your project. if not admin, see only project and no audit data?20:18
edmondswthere are several things, starting there, that you can only filter out of responses rather than add query parms to requests for20:19
edmondswyes20:19
*** ryanpetrello has joined #openstack-ceilometer20:20
edmondswthe /v2/meters response is one interesting case... besides telling you what meters there are, it tries to tell you the project and user for a meter... maybe that makes sense for some meters, but for http.request/response there isn't really a user/project20:20
gordci guess if we added a flag to audit data, it'd make everything easier?20:21
edmondswthe user/project for http.request/response appears to be returned as the last user/project to access that API, which is a) a bad design and b) sensitive20:21
gordcyeah. there are a lot of 'meters' in ceilometer that aren't meters but events... http.* meters being two of them20:21
gordchttp.* meters are what they are because the events part of ceilometer never got completed20:22
edmondswresources are even worse... when you try to query the resources, you see the full sample data for the last sample on that resource... so I had to trim that off as well20:22
gordcor that's my understanding of it... because outside of the metadata, the top-level attributes make no sense.20:22
edmondswand it might be possible to edit complex queries during the request phase (yuck! have fun with that...), but I decided to just parse them out of the response instead... still yuck20:23
gordci'm wondering if this can be filtered out using the complex query stuff. (i assume your current patch doesn't do this 'trim'ing)20:24
gordcok.20:24
edmondswI'm not a complex query expert... didn't even know they existed until I was digging in the v2 controllers api code and saw them20:24
edmondswthese APIs should really be documented...20:24
gordcthe complex stuff is... i guess not well enough20:25
edmondswhttp://developer.openstack.org/api-ref-telemetry-v2.html seems woefully lacking20:25
edmondswdoesn't mention queries at all20:25
edmondswor /v2/samples20:26
edmondswor events20:26
edmondswetc.20:26
gordci can't speak for those docs... i think we just started on them in juno...20:26
gordcmain docs are here: http://docs.openstack.org/developer/ceilometer20:27
gordchttp://docs.openstack.org/developer/ceilometer/webapi/v2.html#complex-query20:27
edmondswtx, I'll look at those20:27
*** _cjones_ has quit IRC20:28
edmondswyou think all this is fixing with moving audit data to events, or will we have some of the same issues there?20:30
gordcsame issues. i just want to make sure i address them while i'm working on it.20:30
gordcso the RBAC patch only covers which calls can be made... but doesn't filter out audit data (when appropriate)20:32
edmondswwhile you're at it, can we trim down the data that's stored to just the CADF info? It's a waste using up disk storing the service catalog, etc. for each request/response20:32
gordcedmondsw: yeah, there's a event_defintion file which parses out only the attributes you want/need20:33
edmondswright, the RBAC patch only supports rules based on the requester's role20:33
gordcthat technically exists in Juno already so you could theoretically just switch to use events instead of meters... still have same access issues probably.20:34
*** _cjones_ has joined #openstack-ceilometer20:35
*** hhuang has quit IRC20:35
*** hhuang has joined #openstack-ceilometer20:36
edmondswand I'm not sure how you'd fashion a policy.json rule to say "admins can view everything in the project, non-admins can only view what they own", much less say add "when it comes to audit data" to that20:36
edmondswoh, and restrict POST of samples to non-audit data20:37
*** exploreshaifali has quit IRC20:37
edmondswso you don't have people faking audit entries20:37
edmondswI think we should really separate audit data from other things... /v2/audit ?20:38
edmondswmaybe even a completely new service separate from ceilometer...20:38
gordchow do you know it's audit data?20:39
*** nadya_ has quit IRC20:39
gordcnot sure why you'd need a new service or what it'd do.20:39
edmondswwhoever creates the data should know whether it's audit data or not20:41
edmondswif we can solve the problems within ceilometer that's obviously fine20:42
edmondswbut let's say we move audit info into events... how do we avoid the same RBAC issues there?20:43
edmondswsomeone who wants to read audit info is only going to want audit info. Someone who wants to read other events is only going to want to read other events.20:43
edmondswNobody is going to want to read both audit info and non-audit event info at the same time20:44
edmondswso why lump them together under the same API?20:44
edmondswespecially when you need to setup different RBAC rules for accessing audit info than for non-audit info20:45
edmondswit'd be easier to have them as separate APIs, which can then easily have separate associated policy enforcement actions20:45
edmondswthere will be other differences between audit and non-audit info as well... e.g. retention policies for audit info will need to be distinct from those for non-audit info20:46
gordci don't think conditional rententoin policies is that difficult. the main thing is to have a way to let ceilometer know 'this is audit data'...20:52
gordcright now what we get is 'this is data'20:52
*** zqfan has quit IRC20:52
gordcand a live person saying 'actually this, this and this is audit data'20:53
*** zqfan has joined #openstack-ceilometer20:53
edmondswgordc, so we need to change that, definitely...20:55
*** nadya_ has joined #openstack-ceilometer20:56
edmondswI can't claim to understand how all the audit data comes in well enough to propose a specific answer there...20:57
*** amalagon has joined #openstack-ceilometer20:57
edmondswbut in general, the folks supplying the data should know it's audit data, so they should be able to tell ceilometer that if ceilometer comes up with a way for them to do that20:58
gordcedmondsw: so when i created the new audit middleware in keystonemiddleware, i prepended audit.* to the event_type... https://review.openstack.org/#/c/102958/21/keystonemiddleware/audit.py20:58
*** fnaval has quit IRC20:58
gordcin that case, the events api can easily filter out those events i would think if you're not admin20:59
gordcalthough i think by default right now, events requires you to be admin regardless to access data.21:00
*** amalagon has quit IRC21:02
edmondswand events don't have this nonsense about an admin in project A being able to see data in project B, I hope?21:02
edmondswif it's ok to restrict all events to admins, that might be ok... if someone needs a non-admin to have project-wide access to events, though, we're going to run into trouble unless we enforce audit access separately21:03
edmondswwhat about audit data other than http.request/response?21:05
edmondswnot sure we can change them all to prepend "audit."21:05
*** atan8 has quit IRC21:05
gordci need to check api... i think it's all or nothing.21:05
edmondswmay need to keep a list that ceilometer checks against21:05
edmondswI'm gonna have to run, but there's some food for thought... let's catch up again after Thanksgiving21:06
gordcthat is fine... event_type is a key attribute of events so i think a list could work too.21:07
gordci'll think about it as i go along or you can play with events and let me know21:07
gordchave a good thanksgiving (even though it was over a month ago)21:07
gordc;)21:08
*** MasterPiece has joined #openstack-ceilometer21:08
edmondsw:P thanks21:08
*** edmondsw has quit IRC21:09
*** atan8 has joined #openstack-ceilometer21:10
*** MasterPiece has quit IRC21:10
*** MasterPiece has joined #openstack-ceilometer21:10
*** MasterPiece has quit IRC21:11
*** MasterPiece has joined #openstack-ceilometer21:12
*** zqfan has quit IRC21:13
*** MasterPiece has quit IRC21:13
*** zqfan has joined #openstack-ceilometer21:13
*** fnaval has joined #openstack-ceilometer21:15
*** pradk has quit IRC21:23
*** atan8 has quit IRC21:24
*** nadya_ has quit IRC21:26
*** atan8 has joined #openstack-ceilometer21:27
*** ryanpetrello has quit IRC21:32
openstackgerritlitong01 proposed openstack/ceilometer: add http dispatcher  https://review.openstack.org/10985321:36
*** amalagon has joined #openstack-ceilometer21:50
*** eglynn_ has joined #openstack-ceilometer21:51
*** eglynn has quit IRC21:53
*** asalkeld has joined #openstack-ceilometer22:03
*** alexpilotti has quit IRC22:15
*** ccrouch has quit IRC22:21
*** promulo has joined #openstack-ceilometer22:30
*** atan8 has quit IRC22:35
*** alexpilotti has joined #openstack-ceilometer22:45
*** EmilienM has quit IRC22:47
*** EmilienM has joined #openstack-ceilometer22:47
*** gordc has quit IRC22:55
openstackgerritgordon chung proposed openstack/ceilometer: notification coordination WIP  https://review.openstack.org/13541422:58
*** sbfox has quit IRC23:01
*** ddieterly has quit IRC23:05
*** sbfox has joined #openstack-ceilometer23:06
*** ddieterly has joined #openstack-ceilometer23:06
*** zqfan has quit IRC23:11
*** ddieterly has quit IRC23:11
*** zqfan has joined #openstack-ceilometer23:11
*** ryanpetrello has joined #openstack-ceilometer23:12
openstackgerritZhiQiang Fan proposed openstack/python-ceilometerclient: Support ceilometer-url and os-endpoint  https://review.openstack.org/13748623:15
*** ryanpetrello has quit IRC23:19
*** nicknach has quit IRC23:29
*** nicknach has joined #openstack-ceilometer23:29
openstackgerritZhiQiang Fan proposed openstack/python-ceilometerclient: Support os-endpoint-type  https://review.openstack.org/13748823:31
*** nicknach has left #openstack-ceilometer23:59
« Tuesday, 2014-11-25 Index Thursday, 2014-11-27 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!