Tuesday, 2012-06-05

« Monday, 2012-06-04 Index Wednesday, 2012-06-06 »
*** gyee has quit IRC00:08
*** jakedahn_zz is now known as jakedahn00:12
*** dwcramer has joined #openstack-meeting00:18
*** littleidea has joined #openstack-meeting00:36
*** jgriffith is now known as jgriffith_away00:38
*** blamar has left #openstack-meeting00:39
*** jog0 has joined #openstack-meeting00:40
*** s0mik has quit IRC00:54
*** bencherian has quit IRC01:01
*** adjohn has quit IRC01:04
*** johnpostlethwait has quit IRC01:07
*** Mandell has quit IRC01:16
*** joearnold has quit IRC01:42
*** edygarcia has joined #openstack-meeting01:45
*** johnpostlethwait has joined #openstack-meeting01:49
*** edygarcia has quit IRC02:01
*** shang has joined #openstack-meeting02:03
*** novas0x2a|laptop has joined #openstack-meeting02:05
*** danwent has quit IRC02:17
*** ayoung has quit IRC02:18
*** edygarcia has joined #openstack-meeting02:21
*** ryanpetr_ has joined #openstack-meeting02:24
*** ryanpetrello has quit IRC02:26
*** ryanpetr_ has quit IRC02:33
*** ryanpetrello has joined #openstack-meeting02:41
*** anderstj has joined #openstack-meeting02:53
*** anderstj has quit IRC02:56
*** ryanpetrello has quit IRC02:57
*** dwcramer has quit IRC03:00
*** dwcramer has joined #openstack-meeting03:04
*** littleidea has quit IRC03:09
*** ijw has quit IRC03:12
*** littleidea has joined #openstack-meeting03:14
*** anderstj has joined #openstack-meeting03:15
*** bencherian has joined #openstack-meeting03:27
*** joearnold has joined #openstack-meeting03:31
*** edygarcia has quit IRC03:32
*** Mandell has joined #openstack-meeting03:34
*** dwcramer has quit IRC03:35
*** joearnold has quit IRC03:42
*** edygarcia has joined #openstack-meeting03:44
*** ryanpetrello has joined #openstack-meeting03:45
*** danwent has joined #openstack-meeting03:47
*** feiyuliu has joined #openstack-meeting03:54
*** johnpostlethwait has quit IRC03:55
*** bencherian has quit IRC04:27
*** garyk has quit IRC04:29
*** mnewby has quit IRC04:34
*** maoy has quit IRC04:43
*** s0mik has joined #openstack-meeting04:46
*** s0mik has quit IRC04:49
*** ryanpetrello has quit IRC04:49
*** johnpostlethwait has joined #openstack-meeting04:50
*** ywu_ has quit IRC04:58
*** edygarcia has quit IRC05:02
*** bencherian has joined #openstack-meeting05:17
*** bencherian has left #openstack-meeting05:17
*** littleidea has quit IRC05:27
*** johnpostlethwait has quit IRC05:28
*** Mandell has quit IRC05:53
*** garyk has joined #openstack-meeting05:57
*** danwent has quit IRC06:03
*** jakedahn is now known as jakedahn_zz06:10
*** sleepsonthefloor is now known as sleepsonzzz06:20
*** anderstj has quit IRC06:41
*** feiyuliu has quit IRC06:47
*** feiyuliu has joined #openstack-meeting06:53
*** ijw has joined #openstack-meeting06:56
*** ijw has quit IRC06:58
*** ttrifonov_zZzz is now known as ttrifonov07:25
*** adjohn has joined #openstack-meeting07:53
*** derekh has joined #openstack-meeting08:04
*** adjohn has quit IRC08:18
*** matwood has quit IRC09:09
*** semyazz has joined #openstack-meeting09:44
*** semyazz has left #openstack-meeting09:44
*** sandywalsh has joined #openstack-meeting10:29
*** LuizOz has left #openstack-meeting10:32
*** rkukura has left #openstack-meeting10:56
*** rkukura has quit IRC10:57
*** adrian17od has joined #openstack-meeting11:18
*** adrian17od has left #openstack-meeting11:18
*** hggdh has quit IRC11:38
*** markvoelker has joined #openstack-meeting11:42
*** sandywalsh has quit IRC11:47
*** sandywalsh has joined #openstack-meeting11:57
*** sandywalsh has quit IRC11:59
*** maoy has joined #openstack-meeting12:05
*** sandywalsh has joined #openstack-meeting12:06
*** hggdh has joined #openstack-meeting12:09
*** dwcramer has joined #openstack-meeting12:12
*** littleidea has joined #openstack-meeting12:21
*** semyazz has joined #openstack-meeting12:23
*** semyazz has left #openstack-meeting12:23
*** littleidea has quit IRC12:23
*** ywu has joined #openstack-meeting12:38
*** ryanpetrello has joined #openstack-meeting12:39
*** Razique has joined #openstack-meeting12:42
*** ryanpetrello has quit IRC12:42
*** mdomsch has quit IRC12:55
*** maoy has quit IRC13:02
*** ywu has quit IRC13:08
*** oubiwann has quit IRC13:11
*** littleidea has joined #openstack-meeting13:13
*** ayoung has joined #openstack-meeting13:23
*** writerDi_ has joined #openstack-meeting13:23
*** writerD__ has joined #openstack-meeting13:24
*** writerDiane has quit IRC13:27
*** writerDi_ has quit IRC13:28
*** dwcramer has quit IRC13:42
*** edygarcia has joined #openstack-meeting13:44
*** nikhil_ has joined #openstack-meeting13:46
*** nikhil_ is now known as Guest1901113:46
*** GheRivero_ has joined #openstack-meeting13:49
*** ryanpetrello has joined #openstack-meeting13:49
*** blamar has joined #openstack-meeting13:58
*** maoy has joined #openstack-meeting14:02
*** Mandell has joined #openstack-meeting14:09
*** rnirmal has joined #openstack-meeting14:13
*** dwcramer has joined #openstack-meeting14:17
*** Mandell_ has joined #openstack-meeting14:25
*** Mandell has quit IRC14:25
*** anderstj has joined #openstack-meeting14:27
*** feiyuliu has quit IRC14:29
*** danwent has joined #openstack-meeting14:29
*** krtaylor has joined #openstack-meeting14:34
*** writerD__ has quit IRC14:41
*** Mandell_ has quit IRC14:50
*** Razique has quit IRC14:51
*** dolphm has joined #openstack-meeting14:52
*** garyk has quit IRC15:06
*** Gordonz has joined #openstack-meeting15:08
*** matwood has joined #openstack-meeting15:09
*** Gordonz has quit IRC15:09
*** Gordonz has joined #openstack-meeting15:10
*** bencherian has joined #openstack-meeting15:11
*** anderstj has quit IRC15:12
*** jgriffith_away has quit IRC15:33
*** jgriffith has joined #openstack-meeting15:35
*** ryanpetrello has quit IRC15:37
*** jjm3 has quit IRC15:50
*** bencherian has quit IRC15:53
*** jakedahn_zz is now known as jakedahn15:57
*** garyk has joined #openstack-meeting16:02
*** Guest19011 has quit IRC16:03
*** nikhil_ has joined #openstack-meeting16:03
*** Adri2000 has quit IRC16:03
*** Adri2000 has joined #openstack-meeting16:04
*** nikhil_ is now known as Guest5588416:04
*** Adri2000 is now known as Guest6727616:04
*** Guest55884 is now known as help16:05
*** help is now known as Guest2874216:05
*** sleepsonzzz is now known as sleepsonthefloor16:08
*** sleepsonthefloor is now known as sleepsonzzz16:09
*** Guest28742 is now known as register16:09
*** sleepsonzzz is now known as sleepsonthefloor16:09
*** register is now known as Guest1977716:09
*** s0mik has joined #openstack-meeting16:11
*** joearnold has joined #openstack-meeting16:16
*** Guest19777 has quit IRC16:19
*** nikhil__ has joined #openstack-meeting16:25
*** ryanpetrello has joined #openstack-meeting16:34
*** s0mik has quit IRC16:38
*** s0mik has joined #openstack-meeting16:42
*** lloydde has joined #openstack-meeting16:43
*** martine has joined #openstack-meeting16:48
*** blamar has quit IRC16:49
*** Guest67276 has quit IRC16:49
*** jakedahn is now known as jakedahn_zz16:50
*** Adri2000_ has joined #openstack-meeting16:50
*** Adri2000_ is now known as Guest4362616:50
*** anderstj has joined #openstack-meeting16:50
*** danwent has quit IRC16:53
*** s0mik has quit IRC16:58
*** Mandell has joined #openstack-meeting16:58
*** s0mik has joined #openstack-meeting16:58
*** oubiwann has joined #openstack-meeting16:59
*** mestery has quit IRC17:00
*** Guest43626 is now known as Adri200017:00
*** Adri2000 has quit IRC17:00
*** Adri2000 has joined #openstack-meeting17:00
*** derekh has quit IRC17:02
*** jdurgin has joined #openstack-meeting17:04
*** gyee has joined #openstack-meeting17:07
*** glenc_ has quit IRC17:07
*** glenc has joined #openstack-meeting17:07
*** gyee has quit IRC17:11
*** glenc has quit IRC17:11
*** glenc has joined #openstack-meeting17:12
*** semyazz has joined #openstack-meeting17:13
*** semyazz has left #openstack-meeting17:13
*** jakedahn_zz is now known as jakedahn17:13
*** glenc has quit IRC17:13
*** gyee has joined #openstack-meeting17:13
*** glenc has joined #openstack-meeting17:13
*** PotHix has joined #openstack-meeting17:15
*** danwent has joined #openstack-meeting17:16
*** glenc has quit IRC17:24
*** glenc has joined #openstack-meeting17:24
*** mestery has joined #openstack-meeting17:29
*** glenc has quit IRC17:32
*** jakedahn is now known as jakedahn_zz17:33
*** glenc has joined #openstack-meeting17:33
*** jakedahn_zz is now known as jakedahn17:34
*** GheRivero_ has quit IRC17:43
*** rafaduran has joined #openstack-meeting17:48
*** mnewby has joined #openstack-meeting17:49
*** blamar has joined #openstack-meeting17:52
*** bencherian has joined #openstack-meeting17:53
*** rafaduran has quit IRC17:55
*** tongli|2 has joined #openstack-meeting17:57
*** rafaduran has joined #openstack-meeting17:57
ayoungdolphm, you are running today's meeting, right?17:58
dolphmayoung: as far as i know!17:58
*** jr__ has joined #openstack-meeting17:59
ayounggyee, want to ping liem to see if he wants to join?17:59
*** novas0x2a|laptop has quit IRC18:01
gyeeayoung, I am pinging him right now18:01
tongli|2hi, is this just text (no audio) meeting?18:01
gyeeayoung, he'll be here shortly18:02
ayoungtongli|2, yes, just text18:02
dolphmis audio normally available?18:02
ayoungboy I hope not18:03
tongli|2thanks. I added an item for the agenda.18:03
*** liemmn has joined #openstack-meeting18:03
liemmno/18:03
ayoungdolphm, anyone else we should ping, or do we have a quorum?18:04
dolphmanyone else here for keystone?18:05
rafaduranme18:05
gyee\o18:05
*** chenglin has joined #openstack-meeting18:06
tongli|2I am here for keystone as well. mostly get myself familar with the form of discussion.18:06
dolphm#startmeeting18:06
openstackMeeting started Tue Jun  5 18:06:43 2012 UTC.  The chair is dolphm. Information about MeetBot at http://wiki.debian.org/MeetBot.18:06
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.18:06
dolphmmight as well get started18:06
dolphmfyi- joe heck is traveling today, so i'll be proxying for him18:07
ayoung#topic Status and Progress18:07
ayoungNot sure if I can even do that...18:07
dolphm#topic status and progress18:07
*** openstack changes topic to "status and progress"18:07
ayoungguess not18:08
dolphmmight be tied to whoever did startmeeting (?)18:08
*** jakedahn is now known as jakedahn_zz18:08
dolphmgyee: did you want to give us an update on bp keystone-domains?18:08
gyeeyep18:08
dolphmI know it took some extra effort/time to get the draft review going18:08
gyeeI uploaded the initial version to gerrit for draft review18:08
*** danwent_ has joined #openstack-meeting18:09
gyeeanyone else want to be included?18:09
ayoung#link http://etherpad.openstack.org/keystone-domains18:09
ayounggyee, yes, please18:09
rafadurangyee, me too please18:09
gyeegot it18:09
dolphm#link https://blueprints.launchpad.net/keystone/+spec/keystone-domains18:09
*** termie has joined #openstack-meeting18:10
gyeeI'll be finishing up the architectural doc some time this week18:10
ayounggyee, post link?18:10
liemmngyee, you want to summarize the core concepts for domain here?  (for those who are not familiar with it yet)18:11
*** lloydde has quit IRC18:11
gyeehttps://review.openstack.org/#/c/8114/18:11
gyeeits a draft review so I'll have to add you guys in18:11
gyeenot yet public18:11
gyeeconceptually, domains are administrative boundaries/containers for users, tenants, and optionally roles18:12
ayounggyee, alternatively,  you could do what I've been doing for "signed tokens"  which is posting it to github.  Might make more sense18:12
*** sleepsonthefloor is now known as sleepsonzzz18:12
*** danwent has quit IRC18:12
*** danwent_ is now known as danwent18:12
gyeeayoung, yet, that'll work too18:12
tongli|2so domain will have roles associated?18:12
gyeerole definitions can be either domain-agnostic or domain-specific18:13
tongli|2which limit or grant certain action rights?18:13
dolphmgyee: i'm not a fan of that extra complexity at all18:13
tongli|2right, but it will be associated with domain, correct?18:13
gyeedolphm, its flexibility18:13
dolphmtongli|2: correct, there's a domain-role association table in the implementation18:14
dolphmgyee: flexibility to achieve what specific use cases?18:14
tongli|2in that case, how will it be different from user groups?18:14
termiethe goal is to provide the ability for somebody to be a domain admin18:15
gyeetermie, correct18:15
gyeeseparation of duties, delegate administration, etc18:15
*** s0mik has quit IRC18:15
termiethe simplest implementation would be to add an additional category of roles that is a user-domain role, rather than a user-tenant role18:15
termiegyee: i don't buy the rest of that18:15
termiemy goal is to allow a domain administrator with the same policy semantics as already exist18:16
*** semyazz has joined #openstack-meeting18:16
gyeewhat's user-domain role?18:16
tongli|2I thought that during the design summit, the decision was made clear that delegation should not be in keystone.18:16
*** semyazz has left #openstack-meeting18:16
termiegyee: a role that applies to a user-domain pair, rather than a user-tenant pair18:16
*** rnirmal has quit IRC18:16
dolphmtongli|2: that's correct18:16
gyeeso all tenants in that domain will have that role?18:16
termiegyee: any tenant that user is using within a given a domain will provide in additon to "roles" a set of "domain-roles"18:16
termiegyee: no18:16
termiegyee: it is user-domain18:16
termienot tenant-domain18:17
termiewhenever that user is operating within that domain they have some domain-roles associated18:17
gyeeso if I authenticate and scope to a tenant in that domain, will I get that role?18:17
jr__domain is a collection of users, tenants, roles, and groups... not just users or just roles18:17
termiejsut as whenever the user is operating within a tenant they will have the normal roles they have associated with that tenant18:17
termiejr__: wrong18:17
termiejr__: a domain is a collection of tenants18:18
jr__wrong18:18
dolphmjr__: i'd argue that it's not users or roles at all, it's just a collection of tenants, everything else is implicit18:18
dolphmif at all18:18
jr__I wrote the domain spec, i think i would know18:18
termiejr__: i rejected the spec18:18
* ayoung grabs some popcorn18:18
jr__just a collection of tenants provides little value18:18
*** johnpostlethwait has joined #openstack-meeting18:19
termiejr__: we went over this all at the design conf, the needs you were trying to address were all addressed18:19
termieas were the needs of the others interested in such a concept18:19
termiei am not sure which person you were in the meeting18:19
termiebut i do recall one person with a grumpy face after it18:20
*** jr__ has quit IRC18:20
*** jlr has joined #openstack-meeting18:21
termiemorale of the story: we are not trying to incorporate HP's system into keystone, we are trying to solve the same problems in a way that works for other people as well18:21
termies/morale/moral/ (i'm not really that into morale)18:21
jlrgrouping of tenants is just 'grouping' of tenants.  it does nothing for separation of duties and all the other goodness provided18:22
dolphmisn't that where rbac comes in?18:22
termieit does totally fine18:22
jlrthat is not what domains is about... if you want tenant grouping, then call it that and create another blueprint18:22
termiedomain-roles with the same policy semantics get you all you needed18:22
gyeetermie, can you elaborate how domain-roles work?18:23
termiei just did man18:23
dolphmrole grants are currently performed on a user-role-tenant combination18:23
dolphma domain-level grant would simply be a user-role-domain combination, i presume18:23
termiedolphm: correct18:23
gyeek? and?18:23
termie11:16 <termie> gyee: any tenant that user is using within a given a domain will provide in additon to "roles" a set of  "domain-roles"18:24
termie11:16 <termie> gyee: no18:24
termie11:16 <termie> gyee: it is user-domain18:24
termie11:17 <termie> not tenant-domain18:24
termie11:17 <termie> whenever that user is operating within that domain they have some domain-roles associated18:24
termie11:17 <termie> jsut as whenever the user is operating within a tenant they will have the normal roles they have  associated with that tenant18:24
dolphmuse cases are documented in:18:25
dolphm#link http://etherpad.openstack.org/keystone-domains18:25
tongli|2I feel this is an introduction of nested tenant.18:25
termiethe domain they are operating under are defined by the tenant they are operating under18:25
tongli|2that really hurts.18:25
termietongli|2: it is a collection of tenants18:25
termietongli|2: not nested, nested implies recursion18:25
liemmnThe intention of domain is to separate users, roles and tenants in one domain from another.  The only way to link them is via trust relationship.18:26
termietongli|2: in practice large organizations tend to need three levels18:26
dolphmi'd actually prefer arbitrary tenant hierarchies rather than introducing new concepts18:26
tongli|2right, two levels inclusion, basically like a tenant can have other tenants inside.18:26
termiedolphm: that is a bad idea and forces your datastructures into graph traverals18:26
termietongli|2: not exactly, they have different properties18:26
dolphmtermie: only as deep as your real-world use case18:26
tongli|2termie, but conceptually they are all containers.18:27
termietongli|2: one is a container, one is a resource owner18:27
dolphmtermie: with domains, you're forcing two levels, when one could satisfy a majority, while a minority will eventually want additional complexity18:27
termiedolphm: additional complexity means additionally complex code18:27
termiedolphm: and additionally complex testing, edge cases18:28
*** novas0x2a|laptop has joined #openstack-meeting18:28
termiedolphm: design the right system, not something you aren't going to need18:28
dolphmtermie: i haven't thought it all the way through, but it seems much simpler in terms of API-impact and implementation changes18:28
termiedolphm: feel free to take it offline and propose such a concept18:29
termiedolphm: if you think we should wait on domains until you write it up18:29
termiedolphm: i'm not against that18:29
termieas existing advocates for the domains still seem to not be on the same page18:30
dolphmtermie: i'll spend some time on it and see where my opinion lands :)18:30
termiedolphm: keep what happened to "zones" in mind when you do ;)18:30
tongli|2probably it will really help to make a case to describe how domain can solve that tenant and user group combination can not.18:31
termietongli|2: it provides an abstraction for managing multiple tenants as a group18:32
tongli|2so we move on to open discussions now?18:32
ayoungtongli|2, not yet, we are still on "Progress"18:32
dolphmis anyone else not included in the domains draft review that would like to be?18:32
tongli|2ok. not a problem.18:32
tongli|2can you please add me?18:32
ayoungwe done on domains?18:32
dolphmgyee: can you add tongli|2 ?18:32
tongli|2launchpad id is litong01@us.ibm.com18:33
gyeesure18:33
rafaduranme too please18:33
tongli|2thanks a lot.18:33
termieayoung: yes18:33
*** rnirmal has joined #openstack-meeting18:34
ayoungI've gotten some good feedback on the signed tokens work18:34
rafadurantermie: I would like to know about your opinon on the queryng by name V3 API18:34
rafaduranthis week tow duplicates for #link https://bugs.launchpad.net/keystone/+bug/97280018:34
termierafaduran: i wrote down comments on the doc18:34
uvirtbotLaunchpad bug 972800 in keystone "Identity backends provide get_by_name methods but  they aren't available via API" [Wishlist,Incomplete]18:34
termiemaybe this link works? https://docs.google.com/document/d/1s9C4EMxIZ55kZr62CKEC9ip7He_Q4_g1KRfSk9hY-Sg/edit?disco=AAAAAEYr61Q#18:35
rafadurantermie: sorry, I didn't see, I'm going to check18:35
termieit looks dubious18:35
*** dendro-afk is now known as dendrobates18:35
ayoungtermie, what looks dubious?18:35
*** rafaduran has quit IRC18:35
dolphmi think querying by name is pretty well discussed in the v3 draft, which is a more appropriate venue for that type of discussion18:36
dolphmayoung: want to give us an update on pki?18:36
ayoungsure.18:36
dolphmproceed!18:36
termieadded anotehr comment on the doc, didn't see dolph's question18:36
termieayoung: the link does18:36
ayoungI've gotten some good feedback, with a couple *big* questions18:37
termieayoung: i don't know if it will work for others18:37
ayoungtermie, link worked for me18:37
ayounganyway18:37
*** rafaduran has joined #openstack-meeting18:37
ayounggyee, asked if signed tokens should replace the existing, or if we should keep the existing around18:37
ayoungmy gut says that if we give people the option to not change,  they won't change18:37
dolphmayoung: a fair assumption18:38
ayoungI'd rather have the signed tokens out there soon and find out if it breaks things18:38
termieayoung: i would love for that to be the case (signed required)18:38
ayoungtermie, glad to hear it18:38
ayoungI have been going through and fixing all of the unit tests I broke18:38
ayoungand in doing so learning a little bit18:38
ayoungI think it is fair to say that we would want to run those tests over both token mechanisms if we kept both18:39
ayoungand I think that is prohibiative18:39
termieayoung: i don't thnkk so18:39
termieayoung: we have existing patterns for running tests against multiple drivers18:39
ayoungtermie, it isn't just a different driver here, though.18:40
ayoungThe logic for processing the tokens is slightly different18:40
termieayoung: i haven't looked at your proposed implementation, but it largely is in my mind18:40
ayoungas the signed tokens don't need the network call, etc18:40
termieayoung: that just means bumping a strategy abstraction up a level somewhere18:41
ayoungtermie, take a look.  Thjere are still details to work out,  but the approach in general is pretty close.18:41
ayoungtermie, yeah,  it is starting to feel that way18:41
ayoungthere are a bunch of #termie comments and #dolph comments in there that indicate that as well18:41
ayoung"move this to common:" type stuff18:41
*** martine has quit IRC18:42
ayoungI'll post an updated patch later on today with the next set of unit tests fixed18:42
ayoungthere was also the question about whether we still want to have memcache support for ticket validation18:43
dolphmayoung: github link?18:43
ayounghttps://github.com/admiyo/keystone/tree/signed-tokens18:44
dolphmayoung: / intending to open a draft/public review?18:44
termieayoung: i don't think it will be the most common use case, but memcache is more robust than most people tend to think18:44
ayoungdolphm, I've been rebasing that18:44
termieayoung: it has the main benefit of having built-in cleanup18:44
dolphm#link https://github.com/admiyo/keystone/tree/signed-tokens18:44
rafadurantermie: about the querying by name, it makes sense to me your comments, moving it under /search path makes it easier to include it as an extension rather than core, keeping core clean18:45
dolphmrafaduran: (we're still discussing pki)18:45
ayoungtermie, it is not a question of robust,  but whether we need to shortcut the token validation.  Right now,  we cache so we don't need to go back to Keystone.  With signed-tokens,  the cost of validating is less18:45
ayoungtermie, the cost of validating is spinning up an additional process and waiting for it to finish.  THis is non-zero,  but still not too bad compared to a network call18:46
termieayoung: for most kinds of signed tokens, but things in multifactor auth will still probably need a temporary store18:46
ayoungtermie, sounds good.  It is easier for me to leave it in.  Just don't want that to be decision made out of lazyness18:46
ayoungtermie, are you cool with the Popen approach to running openssl?18:47
termieayoung: mostly i just don't think we need to ditch all the code yet, that may change shortly but i think there are probably still some uses for having it in tehre, even if it just means not re-typing half of it18:47
termieayoung: aye, can add an abstraction to make another machine do it for us later on18:47
dolphmayoung: anything else on pki for today?18:48
ayoungtermie, I would probably suggest that we use AMQP or some other local RPC to talk to a process that just cranks through validation requests saying "yes" or "no" to each if we find we need to minimize the cost of the proces start up18:49
gyeeayoung, so token revocation will be meaningless with the PKI stuff then?18:49
ayounggyee, correct18:49
termiegyee: besides pki cert revocation18:49
ayounggyee, I have a write up of how to do it,  but it makes things more complicated18:49
ayoungoh18:49
termiegyee: and things of that nature18:49
termiei doubt it will be supported right away18:50
ayoungwhen starting Keystone, I was wondering if it should self generate the certs it needs if they do not exist18:50
termieayoung: i agree on wanting to farm out the work, i think that is something that is second priority to getting it working18:50
dolphmayoung: hmm.. and write them to disk?18:50
ayoungI was thinking more along the lines of devstack than for live deployments18:50
ayoungdolphm, yes18:50
termieayoung, dolphm: i'd probably put that in the whatever setup command (like db_sync)18:51
*** deva-mobile has joined #openstack-meeting18:51
ayoungtermie, +118:51
dolphmtermie: agree18:51
termiewe don't want to add many additional setup steps, but it still seems like something people should be knowingly doing18:51
dolphmbut i do like the idea of auto-generating them if necessary, but perhaps just keep them in memory and throw lots of warnings about how all your tokens will be invalid if you shut down keystone18:52
termiecould probably add a flag to auto-generate for testing or whatnot18:52
ayoungtermie, so the services *are* downloading the ca certs and the signing certs in order to validate.18:52
termieayoung: statement or question?18:52
ayoungI think that is OK18:52
ayoungdo you?18:52
dolphm#allow_autogenerated_keys = False18:52
gyeeayoung, just to clarify, so PKI token is not configurable correct?18:53
jlri think it should be18:53
*** deva-mobile has quit IRC18:53
termiegyee, ayoung: signed token, i don't think pki is the only version of that18:53
ayounggyee, correct.  It will replace the token code18:53
*** deva has joined #openstack-meeting18:53
jlrwhy not an option?18:54
dolphmayoung: without api impact, though18:54
dolphmayoung: correct?18:54
ayoungdolphm, no API impact18:54
dolphmayoung: just sort of renders a few calls useless18:54
ayoungdolphm, and,  the remote services can, in theory, run with the PKI tokens and the existing auth_token middleware,  but I wouldn't want to support it18:54
gyeeayoung, no API impact?18:55
gyeewhat about the 3rd party clients don't use middleware?18:55
ayounggyee, no.  from an API perspective,  nothing changes18:55
gyeewell, there won't be validate token call right?18:56
dolphmgyee: it's just not necessary18:56
ayoungthey can request a token, can use it as a blob,  send it back to keystone to validate if they want18:56
liemmnayoung: Even though there is no API impact, for clients that do not want to deal with certs, they are now out of option18:56
dolphmgyee: keystone could still implement one, for clients that don't understand that they can validate signed tokens themselves18:56
*** Shrews has joined #openstack-meeting18:56
gyeeok, so it's backward compatible then18:56
dolphmgyee: yes18:57
gyeeI am more concern with reference implementations18:57
dolphmalright, for the sake of completeness...18:57
dolphm#topic high priority bugs or immediate issues?18:57
*** openstack changes topic to "high priority bugs or immediate issues?"18:57
dolphmwe had a pair of bugs opened against admin API operations that weren't requiring *any* sort of auth18:57
dolphm#link https://bugs.launchpad.net/keystone/+bug/100681518:57
uvirtbotLaunchpad bug 1006815 in keystone "Admin API /v2.0/tenants/{tenant_id}/users/{user_id}/roles doesn't validate token" [Critical,In progress]18:57
*** adjohn has joined #openstack-meeting18:57
dolphm#link https://bugs.launchpad.net/keystone/+bug/100682218:57
uvirtbotLaunchpad bug 1006822 in keystone "API(v2.0/OS-KSADM/services,v2.0/OS-KSADM/services/{service_id})doesn't validate token" [Critical,Fix committed]18:57
termieservices one is in18:57
ayoungliemmn, is that a show stopper for you?  DO you need to deploy in "no certs allowed" environments?18:57
*** martine has joined #openstack-meeting18:58
termieayoung: i wouldn't explicitly remove the old functionality just yet, for the record, but i think we probably want to deprecate it18:58
ayoung  that is not  right.  I just looked at /tenants/{tenant_id}18:58
ayoungit confirms that an admin token was sent it18:58
ayoungtermie, how would it get configured?18:58
liemmnayoung:  I think Dolph answered my question... It is not a show stopper, but as a reference implementation, I would try to keep it as simple as possible.18:58
dolphmand for more completeness, i'm going to assume there aren't any other high priority issues (i'm not aware of any, at least), and...18:59
dolphm#topic open discussion18:59
*** openstack changes topic to "open discussion"18:59
ayoungright not it is specified as a middle_ware18:59
ayoungright now18:59
dolphmand now we wait for mtaylor to dance us out of here18:59
termieNOONTIME19:00
termiewell, in the real timezone19:00
termieour meeting is now over, i think19:00
dolphmtrue19:00
tongli|2guys,19:00
termielet's all run for the hills19:00
tongli|2I have an item.19:00
ayoungheh19:00
tongli|2can we talk about it?19:00
termiespit it out son19:00
dolphmtongli|2: open discussion until mtaylor kicks us19:00
ayoungtongli|2, fire away...we might get chased out soon19:00
tongli|2Keystone log in with invalid tenant name return 200, should there be a difference between good and bad tenant name?19:01
tongli|2I added into the agenda.19:01
dolphmtongli|2: imo, yes, it should return a 40119:01
ayoungagreed19:01
termiesounds like it was already a bug?19:01
tongli|2that bothers me a lot.19:01
mtaylordolphm: take your time, I doubt we have a full hour of stuff anyway19:01
dolphmtongli|2: i'm pretty sure https://review.openstack.org/#/c/6875/ takes care of that (please test!)19:01
dolphmmtaylor: i always think the same thing about keystone19:01
termiei am in the middle of approving that patch19:02
mtaylordolphm: ++19:02
termieFTR19:02
termieunless i forget over lunch19:02
tongli|2great. I will take a look at , thanks folks.19:02
dolphmtermie: i wouldn't blame you, lunch is awesome19:02
dolphmin general19:02
dolphmcool19:02
dolphm#endmeeting19:02
termiedolphm: i'm feeling a little chubby19:02
*** openstack changes topic to "OpenStack meeting channel. See http://wiki.openstack.org/Meetings for schedule and http://eavesdrop.openstack.org/meetings/openstack-meeting/ for meeting logs"19:02
openstackMeeting ended Tue Jun  5 19:02:28 2012 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:02
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-18.06.html19:02
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-18.06.txt19:02
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-18.06.log.html19:02
dolphmmtaylor: /salute19:02
jeblair _19:03
jeblairO/19:03
mtaylor#startmeeting19:03
openstackMeeting started Tue Jun  5 19:03:45 2012 UTC.  The chair is mtaylor. Information about MeetBot at http://wiki.debian.org/MeetBot.19:03
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.19:03
jeblairthank goodness that made it in before the startmeeting.19:04
clarkbjeblair: we were racing?19:04
mtaylorwho wants to talk about barrell racing?19:04
mtaylorOR, I guess we can talk about CI stuff19:04
* jeblair wants to know what a barrell is.19:04
* mtaylor can't spell19:04
mtaylor#topic zuul19:05
jeblairbigger than a barrel, i'd imagine19:05
*** openstack changes topic to "zuul"19:05
mtaylorjeblair: so - you wanna tell folks all about the new hotness?19:05
jeblairyeah, so zuul is in production, basically globally for openstack now19:05
jeblairbecause of the interdependencies of all the projects, we can't phase it in, it's pretty much all or nothing.19:05
jeblairI wrote a mailing list post about it, which you should receive in the next 6 hours if you haven't already19:05
* mtaylor hands jeblair a large salmon19:06
jeblairand a blog post here19:06
mtaylortotally awesome19:06
jeblair#link http://amo-probos.org/post/1419:06
jeblairAfter rolling it out, it pretty much immediately started testing keystone changes in parallel19:06
jeblairhttp://paste.openstack.org/show/18354/19:06
jeblairthat's what that looks like.19:06
jeblairnot to be outdone, 4 nova changes were tested in parallel shortly after that19:06
jeblairhttp://paste.openstack.org/show/18357/19:06
mtaylorthings I like a) parallel testing b) dependent testing (yay for not running long-running tests if the quick ones don't pass)19:07
jeblairi'm pretty sure the ssh connection is going to die at some point19:07
clarkbso in that output the change at the top was tested with all of the changes below it merged in as well?19:08
jeblairbut that's a matter of waiting until that happens, and figuring out why from the debug messages.19:08
jeblairclarkb: yep19:08
*** JoseSwiftQA has joined #openstack-meeting19:08
jeblairclarkb: and only merged if they all passed (they did)19:08
devaCross project dependencies, even?19:09
jeblairdeva: yes and no...19:09
jeblairyes in that the changes across dependent projects are sequenced19:09
jeblairno in that you can not specify a change to one project must be tested with a change to another project19:09
jeblairdeva: it may be possible to do that if we can get the merge job behaving exactly like gerrit's merge check.  it's something i plan on looking into.19:10
devaGotcha19:11
mtaylorjeblair: should we do pep8 before unittests similar to how we do merge first now?19:11
*** ttrifonov is now known as ttrifonov_zZzz19:12
jeblairmtaylor: we could do that; the pep8 tests take a little longer since they're done in a tox venv19:12
mtaylorjeblair: good point19:12
jeblairmtaylor: also, unit tests can still be meaningful even if pep8 fails19:13
jeblair(which isn't true for a failing merge test)19:13
mtaylorindeed19:13
jeblairso i think we'd at least want to keep the current setup for the check queue19:14
jeblairlet's look into how long the pep8 tests take before deciding to change the gate queue19:14
mtayloryeah - I can be on board with that19:14
jeblairthat's probably it for zuul19:15
*** sleepsonzzz is now known as sleepsonthefloor19:16
*** s0mik has joined #openstack-meeting19:16
mtaylorcool19:17
mtaylorlemme see ...19:17
mtaylor#topic gerrit changes19:17
*** openstack changes topic to "gerrit changes"19:17
mtaylorShrews, clarkb: how are we doing on our new gerrit features?19:17
ShrewsWork In Progress is ready, available on review-dev now.19:18
clarkband I think the first attempt at a better dashboard and list of "reviewable" changes is complete19:18
ShrewsAs an enhancement, we'll soon be adding a new per-project permission so more people can use the WIP feature.19:18
Shrewsright now, only change submitter, branch owner, project owner, and admins can use it19:19
mtaylorI think we should land both of your most recent changes, install those on review-dev to double-check ... and then release to review.openstack.org19:19
mtaylorunless somebody thinks we should wait for Shrews' acl fix?19:19
*** dolphm has quit IRC19:19
Shrewsmtaylor: i see no reason to wait on it19:20
*** mrmartin has joined #openstack-meeting19:20
clarkbI have no problems with it19:20
mtaylorI think that gerrit 2.4 + dashboard are pretty compelling, and giving change owner ability to WIP is nice19:20
mtaylorand might get us a little bit more real-world use of wip19:20
clarkbI have a feeling the better priority sorting will take some time19:21
jeblairhow long do you think the acl will take?19:21
clarkband I haven't really dug into it yet, so don't wait19:21
jeblair(because if it's not going to be too long, we may want to wait until we can announce the feature, and announce that -core developers can wip changes)19:22
mtaylorthat's a good point - Shrews? thoughts?19:22
Shrewsjeblair: i'm *hoping* this week19:23
Shrewsso we can hold off a couple of days if you want to see where i stand then19:23
clarkbI was going to update puppet to land http://ci.openstack.org/tarballs/test/gerrit-2.4-11-gd4a0c4b.war on review-dev. Should I go ahead or will Shrews' change and my latest one be approved soon?19:25
*** danwent has quit IRC19:25
*** deva has quit IRC19:27
mtaylorI'm good with both changes landing19:27
clarkbI can update puppet after they land then19:28
mtaylorcool19:28
mtayloralright, let's hold off a couple of days before updating review and see how the acl changes go19:28
*** jakedahn_zz is now known as jakedahn19:29
mtaylorI think that's all the big-ticket topics for the moment ...19:30
mtaylor#topic open discussion19:30
*** openstack changes topic to "open discussion"19:30
mtaylorI'm trying to get the global dependency list stuff up and going (after realizing that we can use the update.py machinery in openstack-common to our advantage)19:30
mtaylorand I got pure-nosetests changes done for nova and glance19:30
mtaylorOH - I did something else I forgot about ... new pypi mirror code19:31
clarkbLinuxJedi isn't here, but after cleaning up etherpad-lite's puppet module I think I may want a precise host instead of an oneiric host for that >_>19:31
mtaylorpypi.openstack.org is created from all of the packages downloaded by pip-installing all of the requirements from all of the branches of all of our projects19:31
jeblairmtaylor: re dependency list, is awesome -- basic idea to have the list in openstack-common, and use update.py to copy it into projects?19:31
mtaylorjeblair: yes.19:31
mtaylorjeblair: except19:31
LinuxJediclarkb: can't do that yet19:31
clarkbLinuxJedi: darn, ok19:32
mtaylorjeblair: we won't copy entries from the global list into the projects unless that depend is there first19:32
LinuxJediclarkb: since Rackspace doesn't give us Precise19:32
jeblairand nosetests is awesome, except it outputs a lot of logging to console.19:32
mtaylorso each projects list will be a subset of the global list ... but the versions will be tied...19:32
LinuxJediclarkb: unless mtaylor wants it on the SF HP Cloud account or something19:32
mtaylorjeblair: yeah, I've gotta fix the nosetest output thing ... vishy said he was cool with our proposed change19:32
jeblairLinuxJedi: i think precise images exist now.19:32
mtaylorthey do19:32
LinuxJedijeblair: ah, awesome19:33
mtaylorwe can spin up precise slaves via jclouds-plugin even19:33
LinuxJediclarkb: ok, scrap what I said ;)19:33
clarkbLinuxJedi: if you can swap oneiric out for precise when you get back that would be awesome19:34
mtaylorspeaking of that ...19:34
mtaylor#topic etherpad19:34
*** openstack changes topic to "etherpad"19:34
clarkbI am still fiddling with it a little on my test box though. Not entirely sure logrotate is working the way I want it to19:34
mtaylorshould we talk about a transition plan?19:34
LinuxJediclarkb: sure, can I erase the oneiric one in the process or do you temporarily need both?19:34
clarkbLinuxJedi: I do not need the oneiric box so erasing is fine19:35
LinuxJedicool19:35
* LinuxJedi goes back to lurking and pretending to be not working on a public holiday ;)19:35
jeblairclarkb: lovely puppet work, btw.19:35
*** JoseSwiftQA has quit IRC19:36
*** jlr has quit IRC19:36
*** chenglin has quit IRC19:36
*** liemmn has quit IRC19:36
clarkb#link https://github.com/Pita/etherpad-lite/wiki/How-to-migrate-the-database-from-Etherpad-to-Etherpad-Lite19:36
clarkbthat link describes the technical process behind migrating19:36
clarkbbasically run a js script to dump the old DB then cat that back into the etherpad lite DB19:37
mtaylorso we should be able to dry run the data migration a few times to make sure it's solid and see how long it takes19:37
LinuxJediclarkb: let me know if you need any more VMs for the dry runs19:37
* LinuxJedi can spin up as many as you need19:37
clarkbok19:37
mtaylorat that point, should just be a scheduled downtown and migration, yeah?19:37
mtaylorare we close enough on it to be thinking about that? or am I jumping the gun?19:38
clarkbprobably jumping the gun a little, but yes if things look good after migrating a couple times we should be able to schedule a downtime and DNS cutover or however you want to actually flip the switch19:38
clarkbdoes the CI team admin etherpad.openstack.org?19:39
mtaylorok. I'll just sit back on my haunches for a while19:39
LinuxJediclarkb: yes19:39
mtaylorwell, sort of19:39
mtaylorwe have the login to it :)19:39
LinuxJediclarkb: I can help you with a migration plan when ready19:39
clarkbso access to the old DB shouldn't be a problem?19:39
LinuxJediclarkb: I have logins for everything19:39
clarkbgreat19:39
mtaylorLinuxJedi: has global root on the internet19:39
LinuxJedirm -rf /internet19:40
mtaylorcrap. now I can't work19:40
mtaylor#topic open discussion19:40
*** openstack changes topic to "open discussion"19:40
mtayloranybody got anything else? questions? comments?19:41
* LinuxJedi has had 2 days off this week and lots of non-public admin stuff this week so it will probably be a quietish week from me19:41
LinuxJedibut I can fix everyone's problems as usual and I have a few things planned19:42
LinuxJedi:)19:42
mtaylorhehehe19:42
mtaylorwell, for the record, I did NOT break anything this weekend19:42
LinuxJediyay \o/19:42
* LinuxJedi buys mtaylor a beer19:43
clarkbare we fully recovered from the forkbombs?19:43
mtaylorgood question. actually...19:43
mtaylor#topic multiprocess forkbombs19:43
*** openstack changes topic to "multiprocess forkbombs"19:43
mtaylorwe should probably talk about that for a sec just for the record19:43
jeblairi think so, unless a test snuck in last night as i was merging the revert patch19:43
jeblair#link https://wiki.jenkins-ci.org/display/JENKINS/ProcessTreeKiller19:44
jeblairbecaues of that, i believe that jenkins should have killed the processes that got out of control19:44
jeblairon the two machines i could (eventually) log into, the processes in question had the correct environment for that to operate19:45
clarkbis there any value in setting ulimits on the test VMs?19:45
jeblairso i'm not sure why it didn't happen.19:45
mtaylorsomeone was suggesting that the forkbomb was going so fast that perhaps the killer couldn't keep up19:45
jeblairit may have been so pathologically bad that jenkins couldn't run that code.19:45
jeblairperhaps, but that's a naive implementation of a process killer; it should do a complete pass and eventually kill the parent.19:46
jeblairbut i don't know how it's implemented in jenkins.19:46
* mtaylor blames java19:46
jeblairclarkb: we may want to look into that.  or something with cgroups19:46
clarkbI think the goal with ulimit/cgroups would be to keep the machine in a useable state for debugging?19:47
clarkband possibly give jenkins a better shot at cleaning things up19:47
jeblairand probably look into the processtreekiller code to see what it's actually doing.19:47
mtaylorjeblair: any further thoughts on the post-build action of cleaning up lurking processes?19:47
jeblairmtaylor: my thoughts on that are disrupted by the processtreekiller -- if it was supposed to run but failed, i think there's probably nothing we can do from within jenkins to do the same thing.19:48
mtaylorjeblair: good point19:49
Shrewsheh, it lists ALL processes and check the env variables of each. ick19:50
mtaylorwow, really? that's special19:50
*** matwood has quit IRC19:50
jeblairShrews: better ideas?19:51
Shrewsjeblair: store list of pids? not sure without understanding jenkins code19:52
jeblairjenkins spawns processes that can spawn processes that can spawn processes whose parents can die making the children be reparented to PID 1.19:52
jeblairall of which happened yesterday19:53
jeblairso i'm hard pressed to see a better way (other than using cgroups which isn't cross-platform)19:53
LinuxJedijeblair: still loving Jenkins? ;)19:54
jeblairLinuxJedi: in my statement above, the processes i'm talking about are the test processes.19:55
LinuxJediah, ok :)19:55
Shrewseh, there could probably be some sort of central reporting system when a new child is spawned.19:55
mtaylorwell... I think that's about it for real this time19:56
jeblairShrews: I think what you're describing doesn't exist in unix.19:56
mtaylorlast thoughts?19:56
clarkbShrews: you should write a custom init just for jenkins hosts19:56
Shrewsjeblair: i'm thinking at the jenkins level.19:56
jeblairperhaps we should use systemd.19:56
jeblairShrews: the processes we're talking about aren't spawned by jenkins, they're spawned by the test runner that we told jenkins to run.19:57
Shrewsjeblair: oh, well that is different indeed19:57
mtaylorthanks everybody!19:58
mtaylor#endmeeting19:58
*** openstack changes topic to "OpenStack meeting channel. See http://wiki.openstack.org/Meetings for schedule and http://eavesdrop.openstack.org/meetings/openstack-meeting/ for meeting logs"19:58
openstackMeeting ended Tue Jun  5 19:58:22 2012 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)19:58
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-19.03.html19:58
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-19.03.txt19:58
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-19.03.log.html19:58
*** danwent has joined #openstack-meeting20:00
*** mattray has joined #openstack-meeting20:05
*** Shrews has left #openstack-meeting20:07
*** dwcramer has quit IRC20:13
*** glenc has quit IRC20:15
*** matwood has joined #openstack-meeting20:19
*** markmc has joined #openstack-meeting20:23
*** oubiwann has quit IRC20:27
*** glenc has joined #openstack-meeting20:39
*** pcrews has joined #openstack-meeting20:39
*** jmeredit has joined #openstack-meeting20:41
*** dendrobates is now known as dendro-afk20:43
*** tongli|2 has quit IRC20:45
*** dwcramer has joined #openstack-meeting20:49
*** ewindisch has joined #openstack-meeting20:50
*** bcwaldon has joined #openstack-meeting20:55
ttxo/20:59
ttxheckj, notmyname, bcwaldon, vishy, devcamcar, danwent: around ?21:00
notmynamehere21:00
danwenthere21:00
bcwaldonttx: hello21:00
* ttx hopes vishy is no longer in Hawaii.21:00
vishyo/21:01
mtaylorola21:01
bcwaldonttx: your dreams have been answered21:01
ttxso we are missing the Nebuloids21:01
mtaylorttx: may not be appropriate - but quick question ... what, if anything, should I be doing with melange?21:02
ttxLet's start and see if the light attracts them21:02
ttxmtaylor: nothing, should be merged into quantum by F221:02
ttx#startmeeting21:02
openstackMeeting started Tue Jun  5 21:02:25 2012 UTC.  The chair is ttx. Information about MeetBot at http://wiki.debian.org/MeetBot.21:02
openstackUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.21:02
ttxAgenda @ http://wiki.openstack.org/Meetings/ProjectMeeting21:02
ttxMilestone-proposed for Folsom-2 will be cut on July 3. So the affected projects have 4 weeks left.21:02
ttx#info Milestone-proposed for Folsom-2 will be cut on July 3. So the affected projects have 4 weeks left.21:03
ttx#topic Actions from previous meeting21:03
*** openstack changes topic to "Actions from previous meeting"21:03
ttx* vishy to adjust 'undefined' folsom bp priorities21:03
* ttx looks it up21:03
ttxwas done but someone added a new one21:03
ttxhttps://blueprints.launchpad.net/nova/+spec/predictable-s3-image-id21:04
ttxlet's consider it done :)21:04
ttxskipping keystone to let heckj a chance to join us21:04
ttx#topic Swift status21:04
*** openstack changes topic to "Swift status"21:04
ttxnotmyname: yo21:04
notmynameswift 1.5.0 released today21:04
ttx\o/21:05
notmynameyay :-)21:05
ttxA bit early to talk about 1.5.1 ?21:05
notmynameheh. ya21:05
ttxnotmyname: Anything you wanted to mention ?21:05
notmynamemake sure you read my email or the changelog before upgrading to 1.5.0. there are some required config changes21:05
ttxI guess we should also attract distro packagers attention on that21:06
notmynamegreat work from everyone who contributed21:06
ttx#action ttx to point Swift distro packagers to required config changes in Swift 1.5.021:06
vishyttx: Looks like based on the discussion that this should be obsoleted. Eoghan? --Vish (i didn't prioritize that one because i was waiting on eoghan to potentially delete it21:07
*** lzyeval has joined #openstack-meeting21:08
ttxNote that there are ~78 New Swift bugs that should get triaged on Thursday's BugTriage day !21:08
ttx#info Participate to the BugTriage day, see http://wiki.openstack.org/BugDays/20120607BugTriage21:08
ttxnotmyname: anything else ?21:08
notmynameI don't have anything else21:08
ttxQuestions on Swift ?21:08
ttx#topic Glance status21:09
*** openstack changes topic to "Glance status"21:09
ttxbcwaldon: o/21:09
bcwaldonhey hey21:09
ttx#link https://launchpad.net/glance/+milestone/folsom-221:09
ttxbcwaldon: How is api-v2 going ?21:09
bcwaldonIt's going great!21:09
ttxIs https://blueprints.launchpad.net/glance/+spec/api-v2-links a part of api-v2 ? I see no dependency between the two.21:09
bcwaldonmarkwash and some guys from titan are helping out quite a bit21:10
bcwaldonttx: yes, I'll set deps in a sec21:10
bcwaldonand I started work on the db refactoring this week21:10
ttxok, so the set of api-v2 things are still on track so far ?21:10
bcwaldonmaking it fully pluggable!21:10
bcwaldonttx: yes sir21:10
ttxMy other questions were about:21:10
ttx* https://blueprints.launchpad.net/glance/+spec/swift-tenant-specific-storage (dprince)21:10
*** russellb has joined #openstack-meeting21:10
ttxHow is that going ?21:11
bcwaldonWe'll have to ask dprince on that one21:11
*** maoy has quit IRC21:11
bcwaldonlast I heard he was waiting on some free time to tackle it21:11
bcwaldonI had a rough estimate of folsom-2 on completeness21:11
ttxok...21:11
ttx* https://blueprints.launchpad.net/glance/+spec/glance-client-v2 (bcwaldon)21:11
ttxis that parralel to the api-v2 work, or following it ?21:12
bcwaldonit only depends on the spec, not the implementation21:12
ttxparallel, even21:12
*** maoy has joined #openstack-meeting21:12
bcwaldonand a lot of that work is actually getting done outside of the context of openstack21:12
bcwaldoni.e. a third-party library21:12
ttxok, so still on track for F2 ?21:12
bcwaldonyes21:12
ttxLooking at https://blueprints.launchpad.net/glance/folsom I see two essential specs for F3 without assignee...21:12
bcwaldonthings will pick up next week, I promise21:12
ttx* https://blueprints.launchpad.net/glance/+spec/glance-client-parity21:12
ttx* https://blueprints.launchpad.net/glance/+spec/streaming-server21:13
ttxAre you looking for help on those ?21:13
bcwaldonI think I have commitments for both21:13
markwashttx when does f-2 close?21:13
bcwaldonfeel free to action me21:13
* ttx copypastes: Milestone-proposed for Folsom-2 will be cut on July 3. So the affected projects have 4 weeks left.21:13
ttx#action bcwaldon to set assignees for glance-client-parity and streaming-server specs21:14
ttxbcwaldon: Anything else you wanted to mention ?21:14
bcwaldonNope, I did want to hilight that we are working on making the db layer pluggable21:14
bcwaldonso anybody that wanted to explore alternateive db drivers will be able to do so21:14
bcwaldonand that is all21:15
ttxbcwaldon: so it's now like Nova ? Or more pluggable ?21:15
bcwaldonthink of it more like Keystone's underlying pluggable data store drivers21:15
bcwaldoncutting the tie on sqlalchemy21:16
ttxok21:16
ttxOther questions on Glance ?21:16
ttxbcwaldon: is there a particular spec that tracks this "pluggable db" work ?21:16
bcwaldonit's being lumped into refactor-db-layer21:17
ttxoh, F3. I see.21:17
bcwaldonyeah, there are a lot of tasks for it21:17
ttxI can imagine.21:17
ttx#topic Quantum status21:17
*** openstack changes topic to "Quantum status"21:17
ttxdanwent: hey21:17
danwenthello21:18
ttx#link https://launchpad.net/quantum/+milestone/folsom-221:18
vishyafk 5 min tracking down phone21:18
ttxI'd like to discuss the status of the essential stuff...21:18
ttx* https://blueprints.launchpad.net/quantum/+spec/v2-api-melange-integration (jkoelker)21:18
ttxit's the one that blocks quantum-horizon and ovs-api-v2-support, right ?21:18
danwentyeah, our top priority has been finishing and documenting the v2 API (this BP), to unblock the other work dependent on it21:18
ttxhow is it going ?21:19
danwentyes, and several others.  We've gotten some draft documentation up, so I think all of those other BPs can now start doing design (and coding with unit tests that mock)21:19
danwentthe v2 API BP is in review, though there are still some non-trivial bits to fix up.21:19
danwentI'm optimistically hoping we can have it cleaned-up and merged by end of week.21:19
danwentbut my bigger prioirty is actually making sure the others are unstuck21:20
ttxwould be great. Was about to suggest that ;à21:20
ttx;)21:20
*** sleepsonthefloor is now known as sleepsonzzz21:20
ttx* https://blueprints.launchpad.net/quantum/+spec/new-cli (yong sheng gong)21:20
danwentso I've chatted with all of those BP owners already.  having a call with arvind, who is doing the horizon stuff tomorrow, which is the last one that's really stuck.21:20
*** ryanpetrello has quit IRC21:20
ttxdanwent: I see good progress on that one ?21:20
danwentyong is a trooper, he's been making good progess just based on the draft API docs and the v2 API review code21:21
danwentyes21:21
ttx* https://blueprints.launchpad.net/quantum/+spec/improved-nova-quantum-integration (tr3buchet)21:21
ttxis that one well unblocked now ?21:21
danwentthis is tr3buchet .  he said he has had a branch that does this with Quantum v1 api + melange, but needs to rework that to use quantum v2 api only21:22
tr3buchetttx: i've been sortof waiting for quantum, but it's a state where i can start making progress21:22
ttxtr3buchet: still optimistic for F2 deadlines ?21:22
*** jakedahn is now known as jakedahn_zz21:22
tr3buchetttx: sure.21:22
ttx* https://blueprints.launchpad.net/quantum/+spec/quantum-dhcp (Carl Perry)21:22
ttxdanwent: same question here -- unblocked and on track ?21:23
danwentttx:  they are just getting started.  carlp promised me that they were going to make "amazing" progress on this BP this week :)21:23
danwentso i'm looking forward to that :P21:23
*** martine has quit IRC21:23
ttxit's still 4 weeks away.21:23
* ttx loves those slightly-more-spaced milestones21:23
ttxdanwent: Anything else ?21:23
danwentnot really.  as a I said, we're working on everything critical for Folsom in F-2, though some of the non-essential stuff will likely spill into F-3.. just don't know which items yet.21:24
ttxNote that you have ~25 new bugs to triage on that BugTriage day Thursday !21:24
danwentwoohoo :)21:24
ttxQuestions on Quantum ?21:24
danwentone other comment21:25
ttxgo for it21:25
danwentadded a new BP to track getting the devstack gating working with Quantum enabled:21:25
vishybak21:25
danwenthttps://blueprints.launchpad.net/quantum/+spec/quantum-gate21:25
danwentwant to get that working ASAP.21:25
danwentthat's it.21:26
ttx#topic Nova status21:26
*** openstack changes topic to "Nova status"21:26
ttxvishy: welcome back!21:26
vishyttx: thx21:26
ttx#link https://launchpad.net/nova/+milestone/folsom-221:26
ttxA few questions:21:27
ttx* https://blueprints.launchpad.net/nova/+spec/general-host-aggregates (jog0)21:27
ttxvishy: Do you know the status of this (essential) one ?21:27
vishyttx: I don't, I was hoping to find jog0 yesterday21:27
ttxlet's action him on updating status on his bp21:28
ttx#action jog0 to update status for general-host-aggregates bp21:28
ttxI'm a bit concerned with this one21:28
ttx* https://blueprints.launchpad.net/nova/+spec/finish-uuid-conversion (mikal)21:28
ttxSame question. I see "Good progress" but no code proposed yet ?21:28
vishythe first review is in21:28
ttxoh.21:29
vishythere is just one more afterwards21:29
vishylooks like the blueprint didn't link21:29
ttxreview link ?21:29
ttxhttps://review.openstack.org/#/c/8171/21:30
vishyhe accidentally overwrote it21:30
vishyi just added back in21:30
ttxok, cool21:30
vishyttx: so that should land quickly and then it is just the security groups table21:30
ttx* https://blueprints.launchpad.net/nova/+spec/volume-decoupling (vishy)21:30
ttxHow is that one going ?21:31
vishythat one is making good progress too21:31
vishysleepson- has working branches for the last three items21:31
ttxdo you have an ETA ? There are a lot of Cinder things to complete for F221:31
vishythey are still in draft mode because they are cleaning them up21:31
jgriffithShould be next week (early hopefully)21:31
vishybut once those are in we have working cinder parity21:32
ttxok. while we are talking Cinder...21:32
jog0ttx, still mapping out the blueprint, will start working on it this week21:32
ttxjgriffith: progress on https://blueprints.launchpad.net/cinder/+spec/python-cinder-client ?21:32
ttxjog0: still on track for F2 ?21:32
jgriffithPretty much there I beleive21:32
jog0ttx: as of now yes.21:32
jgriffithYes, definitely.  I can't update status fields on it though ???21:32
jgriffithoops... jog021:33
ttxjgriffith: on python-cinder-client spec ?21:33
jgriffithcorrect21:34
*** primeministerp has joined #openstack-meeting21:34
ttxjgriffith: err.. you should be able. We'll solve this offline21:34
ttx#action ttx to fix jgriffith access to bp updating21:34
jgriffithk21:34
ttx* https://blueprints.launchpad.net/nova/+spec/ec2-id-compatibilty (SINA)21:34
ttxvishy: Unknown status, know if it's being worked on yet ?21:35
lzyevalI'll check with our team21:35
ttxlzyeval: cool, thx21:35
ttx#action lzyeval to update status of ec2-id-compatibilty bp21:35
ttx* https://blueprints.launchpad.net/nova/+spec/xenapi-network-info-model (tr3buchet)21:35
ttxtr3buchet, vishy: Looks "implemented" to me ?21:36
vishylzyeval: it should follow the same thing we do for glance and cinder uuids This still needs to be done for instances so we can drop the id column and rely solely on uuid21:36
*** dwcramer has quit IRC21:36
vishyttx: agreed, that went in21:36
*** Gordonz has quit IRC21:36
ttxwillfix21:36
lzyevalvishy: got it21:36
ttx* https://blueprints.launchpad.net/nova/+spec/multi-process-api-service (Huang Zhiteng)21:36
ttxvishy: That one was reverted, we should make sure to communicate with the author to get it fixed and resubmitted ?21:37
ttxI'm not sure the author will notice the revert by himself21:37
vishyttx: he is already checking into it21:38
ttxoh, great.21:38
vishyttx: he was on irc the other day when it happened21:38
*** maoy has quit IRC21:38
ttxFinally, one question on the general Folsom plan @ https://blueprints.launchpad.net/nova/folsom21:38
ttxconfig-drive-v2, delete-in-any-state and user-configurable-rbac (all High priority) are not targeted to any milestone...21:38
ttxWould be good to make sure their assignees are committed to delivering in Folsom-3 ?21:38
*** troytoman-away is now known as troytoman21:39
ttxvishy: may I action you on that ?21:39
vishysure21:39
ttx#action vishy to contact assignees for config-drive-v2, delete-in-any-state and user-configurable-rbac and confirm F3 targeting21:39
ttxvishy: Anything on your mind ?21:39
vishyttx: yes there are still stuff on the folsom plan with no assignees21:40
ttxvishy: yes, though you got all the "High" covered now21:40
vishythis one specifically requires some discussion: https://blueprints.launchpad.net/nova/+spec/differentiate-admin21:40
ttx#help there are still stuff on the folsom plan with no assignees21:41
vishyttx: did you have to copy my terrible english :)21:41
ttxvishy: half the magic of my typing speed is good use of copypaste21:42
vishyThat is it from me21:42
ttxWanted to mention Nova has ~230 New bugs to triage, so that's where most of the BugTriage day energy will be spent !21:42
ttx#info Nova devs: Make sure to all join #openstack-bugday on Thursday !21:42
ttxIt looks huge but divided by 20 it's a lot less impressive.21:43
med_Does bugday start in your local timezone or at 0:00 UTC?21:43
ttxmed_: bugday is as long as it's Thursday somewhere.21:43
ttxIt actually lasts 47 hours and 59 min.21:43
ttxQuestions on Nova ?21:44
russellbshould the priority of no-db-messaging (low) be changed since it's a pre-req for no-db-compute (high) ?21:44
russellbblueprints ^21:44
ttxrussellb: yes.21:44
russellbk, don't think i can change it21:44
ttxvishy: I'll let you do it ? ^21:44
ttxdevcamcar: around ?21:44
vishyrussellb: yes i will do it21:44
russellbkthx21:44
ttxtermie: want to replace heckj to report on Keystone ?21:45
ttxlooks like Seattle was wiped out of IRC21:45
ttxAnyone from Keystone or Horizon in the room ?21:45
ttxLet's do "other team reports" to see if that creates some vocations21:46
ttx#topic Other Team reports21:46
*** openstack changes topic to "Other Team reports"21:46
ttxjaypipes, mtaylor: ?21:46
ttxAny other team lead with a status report ?21:46
ttxmtaylor: I saw the zuul announcement, nice work21:47
jaypipesttx: hammering on with Tempest tests... now >300 tests.21:47
*** littleidea has quit IRC21:47
jaypipesttx: still work to do on stabilizing some of the errors that are occurring, but slow and steady progress21:47
ttxjaypipes: how is the Tempest gate job going ?21:47
termieheya, just got back21:47
termiewhat's the question? just basic status?21:47
*** pcrews has left #openstack-meeting21:48
jaypipesttx: going well. we understand the cause of all failures and errors. just going through the code reviews now.21:48
ttxtermie: yes, in a minute -- will have a few more precise questions that you may or may not be able to answer21:48
ttxjaypipes: doesn't adding new tests make you farther from being able to enable the gate on Tempest ?21:48
ttxi.e. are you running towards a target with half your team busily moving it away from you ?21:49
ttxsounds like we lost Jay21:50
ttxback to our regular programme then...21:51
ttx#topic Keystone status21:51
*** openstack changes topic to "Keystone status"21:51
ttxtermie: heya21:51
jaypipesttx: no, not really... we need to resolve our ongoing "what is a smoke test" debate...21:51
jaypipesttx: look for an update on the QA status meeting this week.21:51
ttxjaypipes: ok, thanks!21:51
ttx#link https://launchpad.net/keystone/+milestone/folsom-221:51
ttxtermie: Had a few questions for heckj that you may or may not be able to answer21:52
ttx* https://blueprints.launchpad.net/keystone/+spec/stop-ids-in-uris (Guang Yee)21:52
*** s0mik has quit IRC21:52
ttxLooks like work has stalled, with the review being abandoned ^21:52
*** jakedahn_zz is now known as jakedahn21:53
ttxhmm, we lost termie21:54
* ttx thinks we should just skip Keystone and Horizon for this week. Nothing urgent anyway.21:55
ttxSo without further ado...21:55
ttx#topic Open discussion21:55
*** openstack changes topic to "Open discussion"21:55
ttxAnything newsworthy, anyone ?21:55
termieKeystone: domain feature arguments that i am going to win, signed tokens well under way21:56
termie... andy back21:56
ttxtermie: heh21:56
*** dendro-afk is now known as dendrobates21:56
ttxtermie: do you know if the feedback on V3 API is complete ?21:56
termiettx: it isn't, i've listed a bunch of things but have not heard from heckj21:57
termie(i only added stuff recently, been traveling)21:57
termieso more my fault than his21:57
*** s0mik has joined #openstack-meeting21:57
ttxok, will follow up next week21:57
ttxtermie: my other question was about https://blueprints.launchpad.net/keystone/+spec/stop-ids-in-uris which looks stalled, I guess it's just a matter of pinging Guang Yee21:58
ttxand that can wait next week for an update.21:58
ttxso unless anyone has something to add...21:59
termiei don't see the point of that one, so i suspect it will remain stalled until i do21:59
ttxtermie: heckj put it as "essential", which is the only reason why I actually care :)21:59
termiettx: aye, i'll ask him about it22:00
ttxOK, we are done. See you all on #openstack-bugday on Thursday!22:00
ttx#endmeeting22:00
*** openstack changes topic to "OpenStack meeting channel. See http://wiki.openstack.org/Meetings for schedule and http://eavesdrop.openstack.org/meetings/openstack-meeting/ for meeting logs"22:00
openstackMeeting ended Tue Jun  5 22:00:36 2012 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)22:00
openstackMinutes:        http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-21.02.html22:00
openstackMinutes (text): http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-21.02.txt22:00
openstackLog:            http://eavesdrop.openstack.org/meetings/openstack-meeting/2012/openstack-meeting.2012-06-05-21.02.log.html22:00
*** russellb has left #openstack-meeting22:00
*** lzyeval has quit IRC22:00
ttxFriendly reminder: the netstack/quantum meeting is not now... was moved  on Mondays at 21:00 UTC22:01
ttxthis was your last show for today.22:01
*** ayoung has quit IRC22:02
*** joearnold has quit IRC22:06
*** ywu has joined #openstack-meeting22:06
*** joearnold has joined #openstack-meeting22:06
*** edygarcia has quit IRC22:08
*** edygarcia has joined #openstack-meeting22:09
*** adjohn has quit IRC22:10
*** adjohn has joined #openstack-meeting22:11
*** s0mik has quit IRC22:12
*** somik has joined #openstack-meeting22:12
*** mrmartin has quit IRC22:13
*** sleepsonzzz is now known as sleepsonthefloor22:16
*** milner has quit IRC22:20
*** rnirmal has quit IRC22:23
*** rafaduran has quit IRC22:25
*** ryanpetrello has joined #openstack-meeting22:34
*** nikhil__ has quit IRC22:34
*** jmeredit has quit IRC22:35
*** blamar has quit IRC22:42
*** jgriffith is now known as jgriffith_away22:43
*** bcwaldon has left #openstack-meeting22:47
*** edygarcia has quit IRC22:50
*** mattray has quit IRC22:50
*** anderstj has quit IRC22:56
*** joearnold has quit IRC22:58
*** ryanpetrello has quit IRC23:01
*** edmc has joined #openstack-meeting23:17
*** anderstj has joined #openstack-meeting23:17
*** joearnold has joined #openstack-meeting23:18
*** edmc has left #openstack-meeting23:22
*** ryanpetrello has joined #openstack-meeting23:40
*** joearnold has quit IRC23:42
*** ryanpetrello has quit IRC23:45
*** anderstj has quit IRC23:48
*** jog0 has quit IRC23:51
*** troytoman is now known as troytoman-away23:57
« Monday, 2012-06-04 Index Wednesday, 2012-06-06 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!