Thursday, 2013-04-25

*** markwash has quit IRC		00:05
*** lbragstad has joined #openstack-meeting		00:11
*** cp16net is now known as cp16net\|away		00:16
*** cp16net\|away is now known as cp16net		00:16
*** salv-orlando has quit IRC		00:21
*** spzala has joined #openstack-meeting		00:28
*** zb has joined #openstack-meeting		00:40
*** bdpayne has quit IRC		00:41
*** zbitter has quit IRC		00:42
*** bdpayne has joined #openstack-meeting		00:43
*** bdpayne has quit IRC		00:44
*** nati_ueno has joined #openstack-meeting		00:46
*** ewindisch has joined #openstack-meeting		00:46
*** chuck_ is now known as zul		00:50
*** ewindisch has quit IRC		00:51
*** nati_ueno has quit IRC		00:53
*** ewindisch has joined #openstack-meeting		00:53
*** nati_ueno has joined #openstack-meeting		00:53
*** tomoe_ has joined #openstack-meeting		00:53
*** zbitter has joined #openstack-meeting		00:54
*** spzala has quit IRC		00:54
*** zb has quit IRC		00:54
*** Nachi has joined #openstack-meeting		00:55
*** nati_ueno has quit IRC		00:56
*** zb has joined #openstack-meeting		00:57
*** ryanpetrello has quit IRC		00:57
*** zbitter has quit IRC		00:59
*** ryanpetrello has joined #openstack-meeting		01:03
*** gongysh has quit IRC		01:04
*** Nachi has quit IRC		01:04
*** nati_ueno has joined #openstack-meeting		01:05
*** nati_ueno has quit IRC		01:09
*** zbitter has joined #openstack-meeting		01:09
*** ewindisch has quit IRC		01:09
*** ayoung has joined #openstack-meeting		01:10
*** Mandell has quit IRC		01:10
*** zb has quit IRC		01:12
*** lloydde has joined #openstack-meeting		01:20
*** zzs has quit IRC		01:22
*** lloydde has quit IRC		01:24
*** ryanpetrello has quit IRC		01:26
*** vkmc_ has joined #openstack-meeting		01:27
*** terry7 has quit IRC		01:27
*** ewindisch has joined #openstack-meeting		01:28
*** ryanpetrello has joined #openstack-meeting		01:29
*** kolbrich has joined #openstack-meeting		01:30
*** ryanpetrello has quit IRC		01:30
*** zb has joined #openstack-meeting		01:30
*** novas0x2a\|laptop has quit IRC		01:30
*** vkmc has quit IRC		01:31
*** patelna__ has quit IRC		01:31
*** patelna_ has quit IRC		01:31
*** dims has quit IRC		01:31
*** cp16net is now known as cp16net\|away		01:32
*** zbitter has quit IRC		01:33
*** ryanpetrello has joined #openstack-meeting		01:35
*** vkmc_ is now known as vkmc		01:35
*** cp16net\|away is now known as cp16net		01:35
*** vkmc has quit IRC		01:35
*** vkmc has joined #openstack-meeting		01:35
*** cp16net is now known as cp16net\|away		01:35
*** ryanpetrello has quit IRC		01:35
*** jhenner has joined #openstack-meeting		01:38
*** vincent_hou_ has quit IRC		01:40
*** markwash has joined #openstack-meeting		01:41
*** _spn_ has joined #openstack-meeting		01:42
*** dontalton has joined #openstack-meeting		01:45
*** dwcramer has joined #openstack-meeting		01:46
*** anniec has quit IRC		01:47
*** noslzzp has quit IRC		01:57
*** rmohan has quit IRC		02:02
*** novas0x2a\|laptop has joined #openstack-meeting		02:02
*** rmohan has joined #openstack-meeting		02:03
*** zbitter has joined #openstack-meeting		02:03
*** zb has quit IRC		02:06
*** jhenner has quit IRC		02:07
*** stevemar has joined #openstack-meeting		02:09
*** gyee has quit IRC		02:13
*** cp16net\|away is now known as cp16net		02:14
*** lillie has quit IRC		02:18
*** lillie has joined #openstack-meeting		02:18
*** lillie- has joined #openstack-meeting		02:19
*** markmcclain has joined #openstack-meeting		02:20
*** matiu has quit IRC		02:24
*** koolhead17 has quit IRC		02:34
*** fnaval has joined #openstack-meeting		02:41
*** fnaval has quit IRC		02:41
*** fnaval has joined #openstack-meeting		02:42
*** martine has joined #openstack-meeting		02:47
*** koolhead17 has joined #openstack-meeting		02:47
*** dwcramer has quit IRC		02:52
*** _spn_ has quit IRC		02:53
*** ryanpetrello has joined #openstack-meeting		02:53
*** ryanpetrello has quit IRC		02:54
*** bdperkin has joined #openstack-meeting		03:01
*** stevemar2 has joined #openstack-meeting		03:01
*** stevemar has quit IRC		03:02
*** tomoe_ has quit IRC		03:06
*** tomoe_ has joined #openstack-meeting		03:06
*** dontalton has quit IRC		03:07
*** vkmc has quit IRC		03:07
*** yguang has joined #openstack-meeting		03:09
*** johnthetubaguy has joined #openstack-meeting		03:10
*** stevemar2 has quit IRC		03:12
*** yguang is now known as yaguang		03:18
*** zbitter has quit IRC		03:21
*** yaguang has quit IRC		03:22
*** zbitter has joined #openstack-meeting		03:22
*** martine has quit IRC		03:26
*** johnthetubaguy1 has joined #openstack-meeting		03:27
*** johnthetubaguy has quit IRC		03:29
*** bdpayne has joined #openstack-meeting		03:32
*** cp16net is now known as cp16net\|away		03:37
*** sandywalsh has quit IRC		03:47
*** kolbrich has quit IRC		03:50
*** cp16net\|away is now known as cp16net		04:01
*** jaypipes has joined #openstack-meeting		04:02
*** ladquin has quit IRC		04:05
*** rshade98 has quit IRC		04:09
*** rshade98 has joined #openstack-meeting		04:09
*** jlk has joined #openstack-meeting		04:13
*** jlk has left #openstack-meeting		04:14
*** markmcclain has quit IRC		04:16
*** yguang has joined #openstack-meeting		04:17
*** SergeyLukjanov has joined #openstack-meeting		04:22
*** lbragstad has quit IRC		04:28
*** sandywalsh has joined #openstack-meeting		04:36
*** koolhead17 has quit IRC		04:36
*** koolhead17 has joined #openstack-meeting		04:49
*** davidha has joined #openstack-meeting		04:49
*** zbitter has quit IRC		04:49
*** zb has joined #openstack-meeting		04:49
*** davidhadas has quit IRC		04:50
*** garyk has quit IRC		04:51
*** AlanClark has quit IRC		04:51
*** aclark_ has joined #openstack-meeting		04:52
*** koolhead17 has quit IRC		04:54
*** SergeyLukjanov has quit IRC		04:56
*** Mandell has joined #openstack-meeting		04:58
*** otherwiseguy has quit IRC		04:58
*** dguitarbite has joined #openstack-meeting		05:01
*** sacharya has quit IRC		05:02
*** dguitarbite has quit IRC		05:04
*** jcoufal has joined #openstack-meeting		05:06
*** bdpayne has quit IRC		05:17
*** boris-42 has joined #openstack-meeting		05:20
*** fnaval_ has joined #openstack-meeting		05:21
*** fnaval has quit IRC		05:21
*** mrunge has joined #openstack-meeting		05:29
*** cp16net is now known as cp16net\|away		05:38
*** garyk has joined #openstack-meeting		05:42
*** dguitarbite has joined #openstack-meeting		05:47
*** Mike656 has quit IRC		05:50
*** SergeyLukjanov has joined #openstack-meeting		05:58
*** bdpayne has joined #openstack-meeting		06:00
*** bdpayne has quit IRC		06:17
*** hartsocks has joined #openstack-meeting		06:21
*** hartsocks has quit IRC		06:21
*** bdpayne has joined #openstack-meeting		06:25
*** yguang has quit IRC		06:29
*** Daviey has quit IRC		06:30
*** cp16net\|away is now known as cp16net		06:37
*** matiu has joined #openstack-meeting		06:39
*** eglynn has quit IRC		06:47
*** lillie- is now known as lillie		06:48
*** Daviey has joined #openstack-meeting		06:49
*** johnthetubaguy1 has quit IRC		06:58
*** enikanorov has joined #openstack-meeting		06:59
*** oubiwann_ has quit IRC		07:03
*** oubiwann has joined #openstack-meeting		07:04
*** jtomasek has joined #openstack-meeting		07:12
*** eglynn has joined #openstack-meeting		07:18
*** IlyaE has quit IRC		07:19
*** eglynn has quit IRC		07:24
*** bdpayne has quit IRC		07:26
*** almaisan-away is now known as al-maisan		07:33
*** oubiwann has quit IRC		07:39
*** matiu has quit IRC		07:41
*** oubiwann has joined #openstack-meeting		07:43
*** dguitarbite has quit IRC		07:44
*** tomoe__ has joined #openstack-meeting		07:50
*** tomoe_ has quit IRC		07:50
*** salv-orlando has joined #openstack-meeting		07:56
*** oubiwann has quit IRC		08:03
*** eglynn has joined #openstack-meeting		08:07
*** oubiwann has joined #openstack-meeting		08:07
*** Mandell has quit IRC		08:09
*** Mandell has joined #openstack-meeting		08:16
*** gongysh has joined #openstack-meeting		08:39
*** derekh has joined #openstack-meeting		08:48
*** henrynash_ has joined #openstack-meeting		08:56
*** psedlak has joined #openstack-meeting		08:57
*** henrynash has quit IRC		08:57
*** henrynash_ is now known as henrynash		08:57
*** Razique has joined #openstack-meeting		09:03
*** zbitter has joined #openstack-meeting		09:07
*** zbitter is now known as zaneb		09:07
*** egallen has joined #openstack-meeting		09:08
*** zb has quit IRC		09:09
*** darraghb has joined #openstack-meeting		09:12
*** afazekas has joined #openstack-meeting		09:12
*** salv-orlando has quit IRC		09:17
*** zaneb has quit IRC		09:17
*** darraghb has quit IRC		09:19
*** Yada has quit IRC		09:19
*** darraghb has joined #openstack-meeting		09:20
*** Yada has joined #openstack-meeting		09:21
*** derekh has quit IRC		09:21
*** jhenner has joined #openstack-meeting		09:26
*** Ng has left #openstack-meeting		09:34
*** matiu has joined #openstack-meeting		09:38
*** egallen has quit IRC		09:38
*** shang has quit IRC		09:41
*** al-maisan is now known as almaisan-away		09:47
*** oubiwann has quit IRC		10:02
*** plomakin has joined #openstack-meeting		10:03
*** shang has joined #openstack-meeting		10:03
*** oubiwann has joined #openstack-meeting		10:04
*** tomoe__ has quit IRC		10:05
*** tomoe_ has joined #openstack-meeting		10:06
*** oubiwann has quit IRC		10:09
*** tomoe_ has quit IRC		10:10
*** shardy_afk is now known as shardy		10:11
*** oubiwann has joined #openstack-meeting		10:13
*** zynzel has quit IRC		10:14
*** davidha has quit IRC		10:17
*** timello has quit IRC		10:23
*** zynzel has joined #openstack-meeting		10:23
*** shang has quit IRC		10:25
*** Yada has quit IRC		10:26
*** garyk has quit IRC		10:29
*** topol has joined #openstack-meeting		10:30
*** Razique has quit IRC		10:32
*** shang has joined #openstack-meeting		10:42
*** oubiwann has quit IRC		10:47
*** derekh has joined #openstack-meeting		10:47
*** oubiwann has joined #openstack-meeting		10:51
*** dprince has joined #openstack-meeting		10:53
*** afazekas has quit IRC		10:55
*** salv-orlando has joined #openstack-meeting		10:59
*** martine has joined #openstack-meeting		11:02
*** jcoufal has quit IRC		11:02
*** pcm__ has joined #openstack-meeting		11:04
*** davidha has joined #openstack-meeting		11:05
*** vkmc has joined #openstack-meeting		11:08
*** SergeyLukjanov has quit IRC		11:14
eglynn	sandywalsh: just looking at your stacktach BPs, confused a little about https://blueprints.launchpad.net/nova/+spec/libvirt-exists-support	11:16
eglynn	sandywalsh: IIRC compute.instance.exists notifications are emitted with libvirt	11:16
eglynn	sandywalsh: but what's missing is the ComputeDriver.get_all_bw_counters() implementation for libvirt	11:16
eglynn	sandywalsh: (or is it a case of the .exists notification missing some additional info in the libvirt case?)	11:17
*** openstack` has joined #openstack-meeting		17:27
-zelazny.freenode.net- [freenode-info] if you're at a conference and other people are having trouble connecting, please mention it to staff: http://freenode.net/faq.shtml#gettinghelp		17:27
davidkranz	sdague: THis looks like one of those tricky judgement calls about how bad a bug is and whether it justifies an incompatible change to fix it.	17:27
sdague	afazekas: will do	17:27
sdague	afazekas: updated	17:28
*** hartsocks has joined #openstack-meeting		17:29
sdague	any other critical reviews?	17:29
sdague	I admit I'm still getting back into the swing of things post summit	17:29
davidkranz	sdague: Most of the other reviews just need to be approved at this point.	17:30
sdague	or any other topics of note?	17:30
giulivo	can I shout here a question also sent to the ml?	17:31
davidkranz	sdague: Are you going to put a comment in the nova patch https://review.openstack.org/#/c/25887/	17:31
sdague	davidkranz: sure	17:31
giulivo	*shoot	17:31
davidkranz	sdague: Thanks.	17:31
*** anniec has quit IRC		17:32
giulivo	after a blueprint is drafted or a commit pushed for review, is the submitter in charge of searching for an approver/review	17:32
sdague	giulivo: for code, the reviewers check their review queue regularly	17:32
sdague	for blueprints, we should do it here	17:33
giulivo	so for code no need to worry, correct?	17:33
sdague	giulivo: correct	17:33
giulivo	thanks :)	17:34
sdague	if you feel the code isn't getting enough eyes, bring it up at the weekly meeting here	17:34
sdague	but in general that should just happen in the background	17:34
giulivo	no no, it is the opposite	17:34
sdague	ok, anything else from folks?	17:34
sdague	going once	17:35
sdague	going twice	17:35
sdague	ok, I'm going to say we're done for the day	17:35
sdague	#endmeeting	17:35
sdague	even though meeting bot is broken	17:35
sdague	see you all in #openstack-qa	17:36
*** giulivo has left #openstack-meeting		17:36
*** meera has quit IRC		17:38
*** openstack` has joined #openstack-meeting		17:38
-pratchett.freenode.net- [freenode-info] channel flooding and no channel staff around to help? Please check with freenode support: http://freenode.net/faq.shtml#gettinghelp		17:38
*** eglynn has joined #openstack-meeting		17:40
*** SergeyLukjanov has joined #openstack-meeting		17:41
*** psedlak has quit IRC		17:42
*** jog0 has joined #openstack-meeting		17:42
*** jaypipes has joined #openstack-meeting		17:42
*** gyee has quit IRC		17:44
*** donaldngo_hp has quit IRC		17:47
*** beyounn has joined #openstack-meeting		17:48
*** dolphm has joined #openstack-meeting		17:51
*** dolphm has quit IRC		17:51
*** plomakin has quit IRC		17:54
*** darraghb has quit IRC		17:54
*** dolphm has joined #openstack-meeting		17:54
*** eglynn has quit IRC		17:55
*** plomakin has joined #openstack-meeting		17:56
*** nicolae_ has joined #openstack-meeting		17:56
*** afazekas has quit IRC		17:56
*** jcoufal has joined #openstack-meeting		17:58
*** egallen has quit IRC		17:58
*** DanD_ has quit IRC		17:59
bdpayne	#startmeeting OpenStack Security Group	18:00
openstack`	Meeting started Thu Apr 25 18:00:21 2013 UTC. The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.	18:00
openstack`	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	18:00
openstack`	The meeting name has been set to 'openstack_security_group'	18:00
*** jeblair is now known as jeblairtestnick		18:00
bdpayne	good morning / afternoon / evening everyone	18:00
*** ijw has joined #openstack-meeting		18:00
bdpayne	hopefully everyone is recovered from the summit	18:00
bdpayne	could we start with a role call?	18:01
*** jeblairtestnick is now known as jeblair		18:01
bdpayne	anyone here for the OSSG meeting?	18:02
*** hartsocks has quit IRC		18:02
harlowja	i'll chime in :-p	18:02
*** dwcramer has quit IRC		18:02
bdpayne	hi!	18:02
harlowja	hi!	18:03
nicolae_	hi!	18:03
*** mordred has quit IRC		18:03
*** mordred has joined #openstack-meeting		18:03
beyounn	hi	18:03
harlowja	the message queue security stuff is interesting to me right now, maybe ewindisch has some ideas :)	18:03
*** kolbrich has quit IRC		18:03
bdpayne	indeed, that's on the agenda for discussion today	18:03
harlowja	cool	18:03
harlowja	seems like multiple paths that could be taken	18:03
*** plomakin1 has joined #openstack-meeting		18:03
harlowja	be nice to agree on just 1 :-p	18:04
bdpayne	ok, let's get started	18:04
bdpayne	if nothing else, I'll have a nice log of myself typing	18:04
bdpayne	#topic Summit Wrapup	18:04
bdpayne	There were a lot of security related discussion at the summit this time around	18:04
harlowja	def	18:05
bdpayne	Seems to be growing each time, which is great	18:05
harlowja	*which is great imho	18:05
harlowja	ya	18:05
bdpayne	:-)	18:05
*** plomakin has quit IRC		18:05
harlowja	now just to make some of it reality, thats the hard part, haha	18:05
bdpayne	Themes I saw included key management / secret management, storage encryption, message queue / rpc security	18:05
bdpayne	Also some interesting talks on using hadoop for log analysis	18:05
bdpayne	And, of course, there was the NSA keynote	18:06
bdpayne	any other topics from the summit worth calling attention to?	18:06
harlowja	hmmm, i remember one in nova about how to do live migration securely	18:06
bdpayne	interesting… that's a tricky problem	18:06
*** openstack has joined #openstack-meeting		18:07
*** ChanServ sets mode: +o openstack		18:07
bdpayne	ok, that's something we can keep an eye out for	18:07
harlowja	def	18:07
ewindisch	bdpayne: I suggested that rootwrap, for as long as it is used, should probably use linux system capabilities, rather than simply sudo to full root access.	18:07
bdpayne	ahh yes, the root wrap discussion	18:08
bdpayne	that's a good one too	18:08
harlowja	never ending root wrap discussion :-p	18:08
bdpayne	linux capabilities does seem a useful possibility	18:08
ewindisch	or at the very least, have the rootwrap process drop all privileges except execvp, so it can do things like logging, more safely	18:08
bdpayne	I recall there being some concerns about non-linux systems, but that shouldn't be a show stopper	18:08
ewindisch	we can put conditionals around the platform	18:08
bdpayne	so, yeah, lots of things for security people to work on	18:08
harlowja	very much so	18:09
bdpayne	from an OSSG perspective, we got 8-ish new members to the group	18:09
*** ijw has quit IRC		18:09
bdpayne	would love to get more of the group engaged and think about how we can distribute the work of tracking and helping with all of these features	18:09
bdpayne	given the light attendance today, I'll leave that as an action item	18:09
harlowja	:)	18:09
bdpayne	ironic, perhaps	18:10
*** radez_g0n3 is now known as radez		18:10
harlowja	likely everyone still trying to figure out what to do about havana, haha	18:10
bdpayne	ok, let's move forward	18:10
nicolae_	is the "secure live migration" issue described anywhere in more detail?	18:10
jeblair	bdpayne: we had to restart meetbot; you may want to "#startmeeting openstack security group" again	18:10
bdpayne	ahh	18:10
harlowja	nicolae_: let me see if i can find anything, sorta remember which session it was in	18:10
*** Bruce has joined #openstack-meeting		18:10
bdpayne	#startmeeting OpenStack Security Group	18:10
openstack	Meeting started Thu Apr 25 18:10:57 2013 UTC. The chair is bdpayne. Information about MeetBot at http://wiki.debian.org/MeetBot.	18:10
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	18:10
*** openstack changes topic to " (Meeting topic: OpenStack Security Group)"		18:11
openstack	The meeting name has been set to 'openstack_security_group'	18:11
bdpayne	I'll need to check the conference sessions to find the live migration stuff	18:11
ewindisch	live migrations depend on an ssh key	18:11
bdpayne	may be an ether pad	18:11
*** ravikumar_hp has quit IRC		18:12
bdpayne	I know that I've spoken with Vish about this stuff a bit as well	18:12
ewindisch	either every compute node has every other machine's public key, or they just share a private key.	18:12
bdpayne	good times :-)	18:12
harlowja	ya, so the general problem is as ewindisch says	18:12
nicolae_	oh, doesn't sound good :)	18:12
bdpayne	so let's talk a little about the message security work	18:12
bdpayne	#topic Message Queue Security	18:12
*** openstack changes topic to "Message Queue Security (Meeting topic: OpenStack Security Group)"		18:12
*** plomakin1 has quit IRC		18:12
bdpayne	There's a very active email thread in -dev this morning	18:12
bdpayne	http://lists.openstack.org/pipermail/openstack-dev/2013-April/007916.html	18:13
bdpayne	this is a proposal from Red Hat	18:13
bdpayne	there was also a proposal by erindisch at the summit	18:13
bdpayne	arg.. that's ewindisch	18:13
bdpayne	I do agree with the notion that we should probably, as a community, decide on a single good path	18:14
bdpayne	any thoughts?	18:14
harlowja	http://lists.openstack.org/pipermail/openstack-dev/2013-April/thread.html#7916 also for the full thread	18:14
*** lbragstad has quit IRC		18:14
*** anniec has joined #openstack-meeting		18:14
*** cp16net is now known as cp16net\|away		18:14
harlowja	bdpayne i'd like to reach a comprimse of sorts, since i believe there won't be a 1 ideal solution, but that doesn't mean we can't agree on something :-p	18:14
bdpayne	ewindisch what is your take? I haven't had a chance to read the full thread	18:15
ewindisch	The shared key solution is much more architecturally heavy, and the RedHat guys seem to gloss over that, imho. Basically, they suggest we take convenience over security, in some cases.	18:15
ewindisch	and if we remove the convenience for more security, we get more architecturally heavy.	18:15
ewindisch	that isn't necessarily a bad thing, but I feel they're a bit unwilling to admit it, at any rate.	18:16
*** novas0x2a\|laptop has quit IRC		18:16
bdpayne	ok, fair point	18:16
bdpayne	I feel like shared keys doesn't scale as well, which is basically what you're saying	18:16
bdpayne	and cloud is really all about scale	18:16
bdpayne	people are often scared of pki, but it has many benefits	18:16
*** jhenner has quit IRC		18:17
harlowja	a dev on our side had an interesting idea, about putting the control network in a vpn, securing that vpn, then leaving the rest of the stuff intact (and only opening the public url endpoints), but maybe thats different/not related	18:17
bdpayne	well, I would encourage people to chime in on the Red Hat thread	18:17
*** dontalton has quit IRC		18:17
ewindisch	harlowja: I honestly think that is a different concern altogether.	18:18
bdpayne	that's not a bad idea, but it solves a different set of security problems	18:18
bdpayne	yeah, that	18:18
bdpayne	:-)	18:18
harlowja	ya, it sounded neat, haha	18:18
bdpayne	also, ewindisch is your stuff available as a blueprint atm?	18:18
*** derekh has joined #openstack-meeting		18:19
ewindisch	bdpayne: very roughly. It doesn't have details. It should.	18:19
*** nsavin has joined #openstack-meeting		18:19
bdpayne	given today's email thread, I wonder if it is time to flush it out	18:19
ewindisch	I can take an AI to update the blueprint with a more concrete proposal	18:19
*** jog0 has quit IRC		18:19
bdpayne	and then have a discussion about pros and cons of each	18:20
harlowja	i'd like that, i trust ewindisch with security more than i trust myself ;)	18:20
*** jog0 has joined #openstack-meeting		18:20
bdpayne	ewindisch I'm happy to help you out, if that's useful	18:20
harlowja	maybe nsavin u can help also	18:20
bdpayne	just drop me a line	18:20
ewindisch	bdpayne: I'd appreciate it.	18:20
bdpayne	groovy	18:20
bdpayne	ok, I have one more topic to discuss	18:21
bdpayne	#topic OpenStack Security Configuration Guide	18:21
*** openstack changes topic to "OpenStack Security Configuration Guide (Meeting topic: OpenStack Security Group)"		18:21
bdpayne	so this is coming together but there are still some details to finalize	18:21
harlowja	cool	18:22
bdpayne	keith would have the latest, but I can give some updates	18:22
*** derekh has quit IRC		18:22
bdpayne	basically, we are still looking for June	18:22
*** johnthetubaguy has quit IRC		18:22
bdpayne	the facilitator we wanted has a conflict with the first week in June	18:22
bdpayne	so we are looking for either a difference facilitator, or a different week	18:23
bdpayne	so that's in flux a bit	18:23
bdpayne	location appears to be out in Maryland	18:23
bdpayne	participation is at around 10 people or so	18:23
bdpayne	I'd love to got some more OpenStack specific people	18:23
bdpayne	which is to say we have a lot of security folks with a medium amount of OpenStack experience	18:24
bdpayne	I'd like to complement that with OpenStack people that have a medium amount of security experience (or more)	18:24
bdpayne	hopefully we'll have 2-3 more people that can be involved	18:24
ewindisch	bdpayne: are you seeking volunteers, recommendations?	18:24
bdpayne	commitment would be a full week out in Maryland sometime in June (likely 1st or 3rd week)	18:24
bdpayne	seeking volunteers atm	18:24
bdpayne	sorry, I'm not selling it well enough	18:25
bdpayne	:-)	18:25
*** lbragstad has joined #openstack-meeting		18:25
harlowja	lol	18:25
bdpayne	anyway, if you're interested, then drop me a line	18:25
ewindisch	bdpayne: I'd have to check on time availability, but I'm interested.	18:25
bdpayne	and I'll continue with more updates on this for future meetings	18:25
bdpayne	ewindisch sounds good, I think you'd be an assest	18:25
ewindisch	at any rate, I'm fairly local.	18:25
bdpayne	or asset, as the case may be	18:26
*** hartsocks has joined #openstack-meeting		18:26
harlowja	hmmm, i'll chat with y! people here	18:26
bdpayne	sounds great, thanks harlowja	18:26
harlowja	can maybe volunteer one of them, haha	18:26
bdpayne	#topic Open Discussion	18:26
*** openstack changes topic to "Open Discussion (Meeting topic: OpenStack Security Group)"		18:26
bdpayne	anything else for today?	18:26
bdpayne	(we normally just run til 18030	18:26
*** mestery_ is now known as mestery		18:26
harlowja	live migration stuff, i can sumarrize what i remember	18:26
bdpayne	*1830	18:26
bdpayne	ok	18:26
harlowja	i remember stuff like, can we have an intermediary give those keys out for only the duration of live migration (aka a orchestration layer) or can we eliminate the sharing of those keys entirely via some other mechanism (orchestration layer possibly establishing a secure tunnel for the live migration and telling the compute nodes to use said tunnel...)....	18:27
Randy_Perryman	Need to read the list and find your Information on the Security Document	18:27
harlowja	some kind of intermediary that connects the hypervisors for the duration of the live migration (And resize operation)	18:27
harlowja	i think it came up in https://etherpad.openstack.org/HavanaUnifyMigrateAndLiveMigrate but nothing documented there	18:27
*** malini1 has joined #openstack-meeting		18:28
harlowja	i can fire an email to the main dev thread, asking if we should at least document it somewhere	18:28
*** malini has quit IRC		18:28
bdpayne	ok, thanks for the details there… certainly worth collecting more info	18:28
harlowja	def, i know at least at y! we don't want hypervisors talking to each other, so live migration is sorta hard in that case :-p	18:29
harlowja	but an intermediary aiding that process might be acceptable	18:29
harlowja	*hand-holding the hypervisors in a way, haha	18:29
bdpayne	interesting	18:30
bdpayne	ok, I think that's all for today	18:30
bdpayne	thanks everyone… nice to see some new faces in here	18:30
bdpayne	#endmeeting	18:30
*** openstack changes topic to "OpenStack meetings \|\| Development in #openstack-dev \|\| Help in #openstack"		18:30
openstack	Meeting ended Thu Apr 25 18:30:18 2013 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	18:30
openstack	Minutes: http://eavesdrop.openstack.org/meetings/openstack_security_group/2013/openstack_security_group.2013-04-25-18.10.html	18:30
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/openstack_security_group/2013/openstack_security_group.2013-04-25-18.10.txt	18:30
openstack	Log: http://eavesdrop.openstack.org/meetings/openstack_security_group/2013/openstack_security_group.2013-04-25-18.10.log.html	18:30
*** malini has joined #openstack-meeting		18:30
*** Randy_Perryman has quit IRC		18:30
harlowja	bdpayne: the reason for not wanting connectivity, is what happens if someone breaks out of a hypervisor, giving them those shared ssh keys would be bad :p	18:31
*** jcoufal has quit IRC		18:31
harlowja	its bad enough already due to the MQ itself and such	18:31
*** SunSlayer has left #openstack-meeting		18:31
harlowja	likely someone could just jump on the MQ and start triggering live migrations right now, haha	18:31
harlowja	not so awesome	18:31
bdpayne	oh, I completely agree!	18:32
*** davidha has joined #openstack-meeting		18:32
ewindisch	harlowja: I'm wondering if the host (losing the VM) can generate a short-lived key/token, send that to the host receiving the VM, then have that host use that key/token to pull off some mechanism.	18:32
*** lbragstad has quit IRC		18:32
*** malini1 has quit IRC		18:33
ewindisch	you'd need some transport mechanism that understands this and can be easily manipulated for the short-lived access control mechanism.	18:33
ewindisch	(SSH is not a good solution here)	18:33
ewindisch	"lots of MQ messages!"	18:34
*** natedmac has left #openstack-meeting		18:34
*** plomakin has joined #openstack-meeting		18:35
*** davidhadas has joined #openstack-meeting		18:36
*** jhullinge has quit IRC		18:36
*** lbragstad has joined #openstack-meeting		18:37
*** zul has quit IRC		18:38
*** sirushti is now known as zz_sirushti		18:38
*** novas0x2a\|laptop has joined #openstack-meeting		18:38
*** nicolae_ has quit IRC		18:40
*** davidhadas has quit IRC		18:41
*** harlowja_ has joined #openstack-meeting		18:50
*** dontalton has joined #openstack-meeting		18:51
*** harlowja has quit IRC		18:52
*** harlowja_ is now known as harlowja		18:52
*** dontalton2 has joined #openstack-meeting		18:53
*** yamahata has quit IRC		18:54
*** dontalton has quit IRC		18:56
*** otherwiseguy has joined #openstack-meeting		18:56
*** adjohn has joined #openstack-meeting		18:56
*** cp16net\|away is now known as cp16net		18:57
*** yamahata has joined #openstack-meeting		18:57
*** dg_ has quit IRC		18:58
*** tomoe_ has quit IRC		19:01
*** anniec has quit IRC		19:02
*** mrunge has quit IRC		19:03
*** dwcramer has joined #openstack-meeting		19:05
*** mrunge has joined #openstack-meeting		19:07
*** flaper87 has joined #openstack-meeting		19:08
*** shengjie_ has joined #openstack-meeting		19:09
*** Swaminathan has joined #openstack-meeting		19:09
*** lindj_ has joined #openstack-meeting		19:10
*** anniec has joined #openstack-meeting		19:13
*** anniec has quit IRC		19:14
*** mrunge has quit IRC		19:16
*** henrynash_ has joined #openstack-meeting		19:17
*** dontalton2 is now known as dontalton		19:17
*** henrynash has quit IRC		19:18
*** henrynash_ is now known as henrynash		19:18
*** dwcramer has quit IRC		19:20
*** lindj_ has left #openstack-meeting		19:20
*** dwcramer has joined #openstack-meeting		19:25
*** Swaminathan has quit IRC		19:26
*** malini has left #openstack-meeting		19:26
*** sandywalsh has quit IRC		19:26
*** psedlak has joined #openstack-meeting		19:27
*** psedlak has quit IRC		19:29
*** martine_ has joined #openstack-meeting		19:30
*** brunnhilde has joined #openstack-meeting		19:31
*** martine has quit IRC		19:31
harlowja	ewindisch: i agree, something like that is needed, some kind of 'session' key or something, that is only valid for a certain amount of time for which live migration can be allowed to 'work'	19:34
*** kolbrich has joined #openstack-meeting		19:34
*** eglynn has joined #openstack-meeting		19:36
*** sandywalsh has joined #openstack-meeting		19:39
*** IlyaE has quit IRC		19:47
*** devcamcar has joined #openstack-meeting		19:52
*** plomakin has quit IRC		19:53
*** dprince has quit IRC		19:53
*** dontalton has quit IRC		19:57
*** gyee has joined #openstack-meeting		19:58
*** lindj_ has joined #openstack-meeting		20:00
*** lloydde has joined #openstack-meeting		20:01
*** bdpayne has quit IRC		20:01
*** jhenner has joined #openstack-meeting		20:04
*** kebray has quit IRC		20:07
*** dontalton has joined #openstack-meeting		20:09
*** dolphm has quit IRC		20:10
*** timello has quit IRC		20:10
*** ayoung has quit IRC		20:13
*** radez is now known as radez_g0n3		20:16
*** SergeyLukjanov has quit IRC		20:17
*** devcamcar has quit IRC		20:17
*** aclark__ has joined #openstack-meeting		20:18
*** aclark_ has quit IRC		20:19
*** lbragstad has quit IRC		20:20
*** lloydde has quit IRC		20:20
*** johnthetubaguy has joined #openstack-meeting		20:21
*** IlyaE has joined #openstack-meeting		20:21
*** lbragstad has joined #openstack-meeting		20:22
*** shardy has left #openstack-meeting		20:26
*** pcm__ has quit IRC		20:27
*** troytoman-away is now known as troytoman		20:27
*** reed has quit IRC		20:29
*** reed_ has joined #openstack-meeting		20:29
*** aclark__ has quit IRC		20:29
*** mkollaro has joined #openstack-meeting		20:37
*** johnthetubaguy has quit IRC		20:38
*** reed_ has quit IRC		20:41
*** kolbrich has quit IRC		20:41
*** IlyaE has quit IRC		20:44
*** jhenner has quit IRC		20:48
*** dwcramer has quit IRC		20:49
*** adalbas has quit IRC		20:56
*** crank has quit IRC		20:57
*** cp16net is now known as cp16net\|away		21:00
dansmith	it's meetin' tam!	21:01
*** Vek has joined #openstack-meeting		21:01
russellb	#startmeeting nova	21:01
openstack	Meeting started Thu Apr 25 21:01:24 2013 UTC. The chair is russellb. Information about MeetBot at http://wiki.debian.org/MeetBot.	21:01
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	21:01
*** openstack changes topic to " (Meeting topic: nova)"		21:01
openstack	The meeting name has been set to 'nova'	21:01
russellb	Howdy!	21:01
russellb	who's here?	21:01
sdague	o/	21:01
dansmith	-o/	21:01
beagles	o/	21:01
morganfainberg	o/	21:01
dripton	hi	21:01
cyeoh	Hi	21:01
russellb	people!	21:01
* Vek tries to decide...		21:01
*** sacharya has quit IRC		21:01
harlowja	me	21:02
russellb	#link https://wiki.openstack.org/wiki/Meetings/Nova	21:02
russellb	#topic havana blueprints	21:02
*** openstack changes topic to "havana blueprints (Meeting topic: nova)"		21:02
morganfainberg	I'm virtually here (at best) :P	21:02
russellb	#link http://lists.openstack.org/pipermail/openstack-dev/2013-April/007788.html	21:02
russellb	I posted that message earlier this week, please take a moment to read it if you haven't	21:02
cburgess_	presnet	21:02
mikal	Morning	21:02
*** crank has joined #openstack-meeting		21:02
russellb	The most important thing at this point in the cycle is that we get a roadmap put in place	21:02
devananda	\o	21:03
russellb	you can find the roadmap in progress here:	21:03
russellb	#link https://blueprints.launchpad.net/nova/havana	21:03
russellb	So, if there's something you plan to work on, please file a blueprint	21:03
russellb	or multiple blueprints if it's complex enough to need to be broken up into stages	21:03
*** tpatil has joined #openstack-meeting		21:03
harlowja	alot of stuff is still up for discussion isn't it? especially the orchestration/conductor pieces...	21:03
russellb	to get it on the havana roadmap, you will need to set the assignee, propose it for havana, and select a milestone that you feel is realistic for when you can have it completed	21:04
russellb	harlowja: yes, lots will be under discussion, we just need to take our best shot at a roadmap	21:04
harlowja	ok, roadmap seems hard when its still under discussion :-p	21:04
harlowja	but ok	21:04
russellb	the reason we do all this is to communicate amongst ourselves, as well as to the larger community what it is we're working on	21:04
sdague	yeh, the starting point should be all the stuff which has concensus	21:04
dansmith	russellb: so for the migration cleanup and the object stuff, I'm happy to go off and file those blueprints now, if that's cool	21:04
russellb	lots of blueprints are filed but not on the roadmap, those are the ones in flux a bit, and that's ok	21:04
russellb	dansmith: yes please do	21:05
dansmith	I was waiting until today for some undefined and silly reason, I guess	21:05
sdague	which I think there is a lot from summit, so best to take russellb's approach and get that all in	21:05
mikal	I'm on vacation this week, I'll catch up with mine next week	21:05
russellb	mikal: sounds good	21:05
*** mkollaro has quit IRC		21:05
*** senhuang has joined #openstack-meeting		21:05
russellb	my goal is to have a good first cut at this done in about 1.5 weeks from now	21:05
russellb	a couple other comments on the blueprint process ...	21:05
cburgess_	dansmith: Is the migration one for the general cleanup and unifying all the migration code stuff and cleaning up evactuate etc?	21:06
russellb	at the end of the release cycle, the blueprint list is effectively our feature list, and what we use to build release notes	21:06
russellb	as you are reviewing, please be looking for feature patches without a blueprint, and ask for one to be filed	21:06
dansmith	cburgess_: yeah, and unifying all of that to conductor, as we discussed	21:06
harlowja	dansmith: please can we finish discussion on that before it suddenly appears	21:06
russellb	another review thing ... when reviewing patches that have a blueprint, please make sure it is on the roadmap before approving	21:07
dansmith	harlowja: appearing as a placeholder can happen before we hash out all the details	21:07
harlowja	ok	21:07
*** matiu has joined #openstack-meeting		21:07
russellb	if something needs to be ACKed for the roadmap, you can ask me, or anyone on nova-drivers	21:07
*** reed has joined #openstack-meeting		21:07
russellb	and it can either be approved, or they may ask for a discussion to make sure there is concensus on the ML first	21:07
harlowja	sounds good	21:08
russellb	ok, that's all my notes on blueprint process. any questions on the process? also feel free to discuss specific blueprints if you'd like.	21:08
russellb	we can also discuss them in open discussion at the end.	21:08
boris-42	hi all	21:08
sdague	rmk and vishy were looking various nova-network => mutnauq upgrade things, any idea if either of them are going to put in something for deprecating nova-network?	21:08
*** huats_ has joined #openstack-meeting		21:08
*** topol has quit IRC		21:09
russellb	sdague: that's a good point, we need something for that.	21:09
dansmith	long live nova-network!	21:09
russellb	sdague: it's unclear what code work is needed ... it's basically "figure out the migration path"	21:09
sdague	yeh, true, though I imagine some of that upgrade code will need to be in tree	21:10
russellb	yep	21:10
sdague	but it's worth not loosing as a thing	21:10
russellb	i'll add that to my notes for something to chase down	21:10
mikal	Yeah, its likely they'll need to configure multiple API endpoints for example	21:10
*** spzala has quit IRC		21:10
russellb	agreed	21:10
rmk	sdague: I think that may have been cburgess actually	21:10
rmk	and hi yes I am here	21:10
sdague	rmk: ok, it was day 4, so I was a little fuzzy by then :)	21:10
russellb	one of the problems is that no one person has taken clear ownership over this effort	21:10
rmk	sdague: no worries, I was a zombie too by then	21:11
russellb	a few people volunteered to do some necessary research	21:11
*** HenryG has joined #openstack-meeting		21:11
russellb	so maybe i'll take it for now, at least to track who is researching what	21:11
russellb	and keep it moving	21:11
vishy	russellb: I think you could consider me+garyk as the owners	21:11
russellb	vishy: ok that would be awesome	21:11
russellb	vishy: i'll file a nova blueprint and set you as the assignee (since we can have only one)	21:12
senhuang	vishy: do you have any update on the blue print to coordinate the schedulign of nova and cinder using current rpc mechanism?	21:12
russellb	vishy: do you want to file a blueprint for it?	21:12
russellb	vishy: not sure what we'd call it ... perhaps it's just deprecate-nova-network, and it's just whatever we need to complete to feel good about doing that	21:12
harlowja	senhuang: i'd like to see that also, or maybe u can create one?	21:13
*** notmyname_ has joined #openstack-meeting		21:14
senhuang	harlowja: i have one for unified resource placement module, which is more like a centralized approach that sits on top of nova and cinder	21:14
*** jcooley_ has joined #openstack-meeting		21:14
*** pvo_ has joined #openstack-meeting		21:14
*** troytoma` has joined #openstack-meeting		21:14
harlowja	senhuang: so there u go, how can we make that start to appear :-p	21:14
russellb	ok, let's cover a few other topics, then we can come back to specific blueprints at the end	21:14
russellb	#topic feature patch proposal deadline	21:14
*** openstack changes topic to "feature patch proposal deadline (Meeting topic: nova)"		21:14
russellb	#link http://lists.openstack.org/pipermail/openstack-dev/2013-April/007823.html	21:14
russellb	I put out this proposal on the list earlier this week	21:14
russellb	basically if we're going to reject patches for coming in too late, i want to communicate that clearly ahead of time	21:15
harlowja	that seems to be ok with me	21:15
russellb	i picked a date out of the air, which was 2 weeks ahead of the official feature freeze	21:15
sdague	I think it's a good call	21:15
dansmith	+1000	21:15
sdague	+1	21:15
senhuang	+1	21:15
*** fungi has quit IRC		21:15
*** troytoman has quit IRC		21:15
*** pvo has quit IRC		21:15
*** notmyname has quit IRC		21:15
*** huats has quit IRC		21:15
*** jcooley has quit IRC		21:15
morganfainberg	+1	21:15
*** notmyname_ is now known as notmyname		21:15
*** jcooley_ is now known as jcooley		21:15
*** pvo_ is now known as pvo		21:15
cburgess_	+1 FIrm dates are great we can all work toward that and plan.	21:15
cyeoh	+1	21:15
boris-42	+1	21:15
russellb	ok cool.	21:15
russellb	it would be good to record your support on the ML thread	21:15
harlowja	sure	21:15
dansmith	russellb: gee, I think that has enough support	21:16
dripton	I didn't know Dan got a thousand votes.	21:16
harlowja	just might want to be some wording when this happens to not piss people off, haha	21:16
russellb	if anyone has an objection let me know ... otherwise I'll work on making sure it's communicated effectively	21:16
russellb	harlowja: well that's why i'm trying to establish it as early as possible, so it's not a surprise ... unless it's your fault for not paying attention	21:16
dansmith	dripton: as you know, a bunch of +1's don't add up to a +2 :)	21:17
harlowja	russellb: agreed	21:17
sdague	dripton: it's binary, so it's only 8 votes	21:17
russellb	dansmith: aw, harsh man, they do to me, depending on who the +1s are from :)	21:17
morganfainberg	sdague: lol	21:17
dansmith	sdague: nice	21:17
dansmith	russellb: heh, well, I was trying to downplay my obvious over-vote for that, given that everyone else only allocated +1 for it :)	21:18
russellb	alright, next topic, maybe we can finally disagree on something	21:18
russellb	#topic baremetal split	21:18
*** openstack changes topic to "baremetal split (Meeting topic: nova)"		21:18
russellb	#link http://lists.openstack.org/pipermail/openstack-dev/2013-April/007979.html	21:18
russellb	#link https://wiki.openstack.org/wiki/BaremetalSplitRationale	21:18
harlowja	drum roll	21:19
harlowja	nm, ha	21:19
russellb	please review that, ponder it, and make your opinion known if you have one	21:19
rmk	I don't even know what this is yet but yes	21:19
russellb	yeah, it was just posted today	21:19
russellb	so people need time to review it	21:19
russellb	but i wanted to make sure awareness was raised.	21:19
russellb	devananda: ^	21:19
rmk	honestly bare metal doesn't fit well at all in nova	21:19
devananda	yep, thanks	21:19
devananda	i believe it's still waiting moderation on the -tc list, too	21:19
russellb	OpenStack Bare Metal (Ironic)	21:19
mikal	russellb: does a split count as a new incubation request for the TC?	21:19
russellb	i'm a fan of the codename.	21:19
russellb	mikal: yes, it will be a TC issue to consider	21:19
dansmith	I've already said this, but I'm +1 on the Ironic proposal	21:19
morganfainberg	i'd say in the current way baremetal works, it would be good to move it out of nova into it's own project.	21:20
russellb	mikal: but I'd like to drive more broad consensus before the TC votes on it or anything	21:20
devananda	mikal: as far as i've been told, this would bypass incubation and follow the same path Cinder took	21:20
harlowja	me to, it will be interesting to see how it plays out, hopefully good in the end	21:20
morganfainberg	russellb: agreed on the code name.	21:20
rmk	The name I'm impartial to but +as_many_as_possible to splitting it out	21:20
*** lglenden has joined #openstack-meeting		21:20
rmk	The use case is just so vastly different than dealing with VMs	21:20
devananda	mikal: since the code's already in a core project	21:20
russellb	but what we don't want is for this to be seen as a fast track method to being an incubated project	21:21
rmk	aside from being cleaner, it gives the project a much better chance of success since it'll be able to adapt to vastly different bare metal needs	21:21
russellb	as in, instead of starting off on your own, try to grow in an existing project and split off, because it's easier/quicker	21:21
devananda	russellb: indeed	21:21
senhuang	devananda: will this bare metal project also support one VM is spawned on the bare metal and possesses all the resources exclusively?	21:21
russellb	rmk: yeah, agreed, i'm pretty sold on the idea	21:21
rmk	russellb: It seems to me this was more a result of discovering that it didn't fit well than anything intentional	21:21
russellb	rmk: oh sure, not accusing that here, i'm just worried about precedent, and abuse of the pattern elsewhere	21:22
devananda	senhuang: i'm not sure i follow your question, but i think the answer is yes, it already does	21:22
dansmith	rmk: I'm skeptical of that devananda guy and his intentions	21:22
mikal	Heh	21:22
rmk	dansmith: totally	21:22
devananda	:)	21:22
rmk	he's pretty sketchy	21:22
dansmith	long hair and everything	21:22
sdague	heh	21:22
mikal	I think it can't hurt to run it quickly through the TC, and perhaps truncate the incubation process	21:22
morganfainberg	russellb: as long as it's clear the reason for the split, i think it shouldn't become a pattern.	21:22
mikal	dansmith: he also bites his dogs!	21:22
sdague	yeh, well during the review cycle it was clear it fit oddly	21:22
dansmith	mikal: gasp	21:23
rmk	it's probably easier to figure out if anyone objects to this	21:23
russellb	i think i saw him with a trench coat on, too	21:23
rmk	because it seems like we couldn't possibly be in more agreement	21:23
russellb	which can't be good	21:23
*** fungi has joined #openstack-meeting		21:23
devananda	senhuang: take a look at https://github.com/tripleo/incubator/blob/master/README.md and see if that answers some of your questions. it's a special case for baremetal	21:23
senhuang	devananda: okay. cool. thanks!	21:23
russellb	yep, so everyone here seems happy with it ... please continue comments on list	21:23
devananda	mikal: only when necessary!	21:23
russellb	even +1s on the list are quite helpful to showing consensus	21:23
russellb	anything else on bare metal?	21:24
harlowja	devananda: are the ntt people working with u, might be useful to have there advice, since they are likely using the code that exists and might know more about the migration path?	21:24
devananda	harlowja: very little	21:24
*** markmcclain has quit IRC		21:24
russellb	we would have to go through a deprecation path for this	21:24
*** mkollaro has joined #openstack-meeting		21:24
harlowja	devananda: hmmm, interesting	21:24
russellb	just like any other drastic change like this ... a deprecation cycle, migration path	21:24
devananda	since they handed the project to us iat the grizzly sumit, they've been pretty quiet	21:25
devananda	arata sends in patches and bug fixes often	21:25
sdague	devananda: it would be nice to try to draw them in on the new effort	21:25
devananda	and the ISI folks added tilera/pdu support right after FF ended	21:25
russellb	yep, that landed for havana	21:25
devananda	sdague: indeed. mikyung was in the session when we talked about this	21:25
devananda	and didn't voice any objection	21:25
devananda	which is about as much assent as i have gotten from them :)	21:26
harlowja	ya, wonder if they can provide more input, since my guess is ntt, isi are using it more than at least y! is	21:26
harlowja	so there feedback would seem pretty valueable if u can draw said feedback out of them	21:26
devananda	i'll try to ping them directly // off list and see	21:26
russellb	ok cool, one more quick topic, then we can go to open discussion	21:27
russellb	#topic bugs	21:27
*** openstack changes topic to "bugs (Meeting topic: nova)"		21:27
senhuang	we also have usage for it in some dev/ops. one comment I got from them is that it would be nice to have a common api to provision bare metal and vm..	21:27
russellb	let's not let all this fun future work let us forget about bugs :)	21:27
russellb	#link http://webnumbr.com/untouched-nova-bugs	21:27
russellb	34 untriaged bugs right now	21:27
russellb	not terrible, but we should be watching, as we probably have bug reports coming in as people try out grizzly	21:27
senhuang	russllb: could you response to my comment on but https://bugs.launchpad.net/nova/+bug/1049249	21:28
uvirtbot	Launchpad bug 1049249 in nova "Remove plugging of internal classes from configuration" [High,Confirmed]	21:28
russellb	everyone can help with triage, if you're not sure how, see this page:	21:28
russellb	#link http://webnumbr.com/untouched-nova-bugs	21:28
russellb	senhuang: i guess it's valid as long as that option exists	21:29
russellb	senhuang: the compromise/solution has been moving things to entrypoints with short names	21:29
senhuang	russellb: okay. i probably need more guide on this bug..	21:29
russellb	so it'll still be pluggable, technically, but not so obviously directly exposed in the config file	21:29
*** adjohn has quit IRC		21:29
*** bdpayne has joined #openstack-meeting		21:29
russellb	any other bug comments or questions?	21:30
*** adjohn has joined #openstack-meeting		21:30
russellb	if we all triage just a couple this week, we'll be in much better shape (that goes for most weeks, really ..)	21:30
boris-42	yes	21:30
*** IlyaE has joined #openstack-meeting		21:30
boris-42	should I report bug for each race condition?	21:30
boris-42	before adding UC?	21:30
harlowja	more races, eck :(	21:31
boris-42	less races=)	21:31
morganfainberg	russellb: the URL link form webnumbr shows only one bug? am I misunderstanding the function of that link?	21:31
russellb	morganfainberg: it showed 34 for me?	21:31
harlowja	boris-42: the glass is half-full, good attitude	21:31
sdague	boris-42: you've got a blueprint for all the UC stuff though right?	21:31
sdague	I'd just use that	21:31
russellb	agreed, the bp is fine ...	21:31
russellb	technically you can associate bugs to a blueprint	21:31
russellb	but ... no need to create extra work unnecessarily	21:32
sdague	yeh, but I think the bp is fine, the uc work is a well known quantity	21:32
russellb	if you want to create bugs, it's fine with me, but you don't have to	21:32
* russellb nods		21:32
morganfainberg	russellb: something off in my web-browser then. shrug	21:32
dripton	morganfainberg: it shows 38 for me, but only displays one of them due to windowing. Says "1 of 38"	21:32
morganfainberg	dripton: i think it's an extension going dumb on my browser.	21:32
harlowja	boris-42: has there been any thought on the races that are at a level above the DB?	21:32
harlowja	read/write/modify types	21:32
russellb	you can also look at https://bugs.launchpad.net/nova/+bugs?search=Search&field.status=New	21:33
russellb	not quite the same, but close enough	21:33
boris-42	russellb what do you prefer adding bugs or not for races?) I just don't now is there any reason for spamming bug tracker?)	21:33
russellb	just use the bp	21:33
boris-42	russellb ok	21:34
russellb	#topic open discussion	21:34
*** openstack changes topic to "open discussion (Meeting topic: nova)"		21:34
devananda	harlowja: afaik, no one's really looking at those races above db/api -- except for quotas	21:34
harlowja	devananda: durn	21:34
devananda	harlowja: if you have some in mind, please open bug reports and tag with 'db'	21:34
boris-42	harlowja I think that there is also a lot of races=)	21:34
harlowja	kk, i have a few, do orphaned resources count	21:34
harlowja	boris-42: 100% agreed	21:34
sdague	yeh, even better is tests	21:34
russellb	yay tests.	21:35
boris-42	<3 tests	21:35
sdague	then we can keep them from showing up again	21:35
boris-42	Btw I have some question about pci devices...	21:35
boris-42	There is already about 4 BP for that!	21:36
boris-42	One task but 4 BP =)	21:36
russellb	yes that area is a bit of a mess	21:36
russellb	a good example of what happens when people don't talk enough	21:37
boris-42	probably we should chose one of that	21:37
russellb	yeah.	21:37
boris-42	There is also problems with USB	21:37
*** eharney has quit IRC		21:37
boris-42	if we are using host dev pci passthrough in libvirt	21:37
*** anniec has joined #openstack-meeting		21:37
harlowja	sdague agreed on tests, but if u just look at pieces of the nova code, u can spot these things, but maybe its just my mindset	21:37
boris-42	then we are able to passthrough only USB controllers	21:37
senhuang	I have a question on the nova's api extension	21:37
*** martine_ has quit IRC		21:38
harlowja	oh thats a good one, senhuang what happened to the nova extension refactoring effort thingy	21:38
sdague	harlowja: then bring tests to the table that demonstrate it	21:38
boris-42	We should make a little bit different operation for USBs	21:38
harlowja	sdague: sounds good :)	21:38
harlowja	challenge accepted :-p	21:38
*** mikal has quit IRC		21:38
senhuang	harlowja: i am still researching on how to do api extension for nova	21:38
russellb	boris-42: i think you're on the right track by going back and documenting your design	21:39
*** mikal has joined #openstack-meeting		21:39
russellb	boris-42: then hopefully everyone interested can discuss if it meets their requirements	21:39
russellb	boris-42: and the people most involved with the libvirt driver can provide feedback as well	21:39
russellb	boris-42: then we can move forward	21:39
harlowja	senhuang: just in general how to do them, or how to make the api extension mechanism easier?	21:39
cyeoh	re: API extension framework I'd appreciate any feedback on https://review.openstack.org/#/c/27276/ - would like to get that moving soon as we can't really do much v3 API work until at least some basic support is in.	21:39
harlowja	for the later i thought there was https://etherpad.openstack.org/NovaAPIExtensionFramework	21:39
senhuang	harlowja: on general how to do it	21:39
harlowja	ya, with chris	21:39
*** adjohn has quit IRC		21:40
morganfainberg	cyeoh: i'll look it over today/tomorrow and give you feedback	21:40
harlowja	senhuang: i can try to help, its not so clear	21:40
boris-42	russellb Yes I am working on it, so there should be some changes in my approach to provide PCI passthrough and USB passthrough in one common approach=)	21:40
senhuang	harlowja: that is pretty cool! thanks	21:40
cyeoh	morganfainberg: thanks!	21:40
harlowja	senhuang: ya cyeoh just pointed that out	21:40
russellb	boris-42: ok	21:40
*** anniec_ has joined #openstack-meeting		21:40
*** johnthetubaguy has joined #openstack-meeting		21:40
senhuang	cyeoh: that is awesome. i will look at it	21:41
*** anniec has quit IRC		21:41
*** anniec_ is now known as anniec		21:41
*** mkollaro has quit IRC		21:42
russellb	any other topics for the day?	21:42
russellb	please ping me anytime over the next week if you need assistance getting blueprints in shape	21:42
senhuang	any one have time to take at look at this blue print?	21:42
senhuang	https://blueprints.launchpad.net/nova/+spec/unified-rpm	21:43
boris-42	btw is there some info about no downtime migrations?	21:43
russellb	boris-42: i wasn't in that session, so not sure what was discussed	21:43
devananda	a lot was discussed about versioned db objects	21:43
harlowja	russellb: i'd like to hear how conductor can become something like orchestration, or understand at least from a design perspective how, just so i can accomodate it in my wiki and blueprints and such	21:44
devananda	IMO, that led to being able to do no-downtime-db-upgrades	21:44
russellb	senhuang: yeah, i saw that one ... it seems like there's not clear consensus on how to approach that problem yet.	21:44
devananda	or no downtime service upgrades for all services, including db and conductor	21:44
devananda	so, are there any BP up for versioned db objects?	21:44
senhuang	russellb: maybe we could first provide a well-defined api extension and achieve consensus on the api?	21:45
russellb	harlowja: I started talking about this on a thread on the ML today. I feel like we've got some work combining code paths for migrate/live-migrate/resize/evacuate, and part of that will be moving it to conductor. that's the first step here.	21:45
harlowja	how does moving it to conductor work?	21:45
russellb	senhuang: has there been a ML thread on this?	21:45
dansmith	devananda: well, we're focused on internal objects first,	21:45
senhuang	russellb: not yet	21:45
dansmith	devananda: then versioning those and isolating schema changes along with that	21:45
*** adjohn has joined #openstack-meeting		21:45
harlowja	russellb: i hear lots of moving to conductor but never have seen how it would get there or even if it makes sense there, shouldn't that be part of the discussion?	21:45
dansmith	devananda: I think we don't expect to really hit the big versioning parts until post-H, realistically	21:45
russellb	senhuang: ok, that's where we need to discuss it basically. I think having a proposal for what the API would look like would aid that discussion.	21:45
senhuang	russellb: i am in discussions with garyk on the api	21:45
devananda	dansmith: yes. i mean, is that plan written up anywhere?	21:46
russellb	senhuang: but it's not clear that there is even agreement that it should be a new separate thing, so we need to work through that.	21:46
dansmith	devananda: the internal objects one?	21:46
dansmith	devananda: I just filed a blueprint, and we talked about it on IRC a bit, but I need to fill out the blueprint with more details yet	21:46
devananda	dansmith: i could see maybe 3 BPs covering internal versioned objects, then rpc forwards/backwards compat, then db stuff	21:46
russellb	harlowja: it has been discussed a whole bunch, and we had a session dedicated to cleaning up these code paths where we discussed it further.	21:46
devananda	dansmith: ack	21:46
harlowja	russellb: where's the docs on how that will be done?	21:47
dansmith	devananda: yeah, I've got three now, actually, almost exactly like that.. still need to make the deps between then and fill out the details	21:47
sdague	senhuang: things like that really need to get to general concensus on the mailing list first	21:47
devananda	dansmith: great :)	21:47
devananda	boris-42: ^	21:47
senhuang	russellb: that is true. i think i still need to provide more details	21:47
russellb	senhuang: ok, sounds good	21:47
senhuang	sdague: yep. that is probably a good idea	21:47
harlowja	russellb: can u possible re-explain to me how said stuff fits in the conductor	21:47
*** lbragstad has quit IRC		21:48
devananda	russellb: on the conductor-does-evacuate stuff, i'd like Heat considered in that situation too	21:48
harlowja	devananda: me too, or at least a common library for this stuff	21:48
harlowja	which nova uses	21:48
devananda	russellb: as in, if there's an auto scaling group, how that'll be impacted by conductor doing things automagically	21:48
sdague	devananda: you realize "evacuate" isn't what it sounds like, right? :)	21:48
harlowja	we shouldn't keep on reimplementing custom workflows	21:48
russellb	devananda: sure. note that we're not talking about doing anything automatically	21:48
devananda	russellb: ahh. didn't realize that :)	21:48
russellb	nothing automagic, all triggered from the outside like it si now	21:49
dansmith	devananda: I don't want conductor doing automagic stuff, btw	21:49
devananda	sdague: i /think/ i know what it does	21:49
*** ewindisch has quit IRC		21:49
russellb	this is just about turning a bunch of separate code paths doing much of the same thing into common code where it makes sense	21:49
dansmith	devananda: I want heat doing all the orchestration of failover type stuff from the outside entirely	21:49
*** Mandell has quit IRC		21:49
russellb	and also, in the cases of migration and such, we have compute nodes telling each other what to do	21:49
devananda	dansmith: ++	21:49
russellb	we don't want any compute nodes telling any other compute nodes what to do at all	21:49
sdague	devananda: the current "evacuate" action restarts vms that were on a machine that it toast	21:49
russellb	so the solution is to move most of the processing up a layer	21:49
devananda	sdague: cool. that's what i thought	21:49
harlowja	russellb: so thats great, but thats not explaining how conductor will do it, thats just explaining the general principle right, how does conductor change to be said thing, especially when i am planning something that can do said tasks also, likely something that will use this heat library	21:50
russellb	harlowja: dude, chill	21:50
russellb	:)	21:50
harlowja	trying, just i don't get it :-p	21:50
*** Sri_ has joined #openstack-meeting		21:50
russellb	harlowja: i think more formal state tracking is good, but we need a place for it to plug in cleanly, and we don't have that yet	21:50
senhuang	i agree on the general principles :-)	21:50
russellb	so this code cleanup is step 1	21:50
harlowja	confused, isn't making the foundation correct step #1?	21:51
russellb	have to look at the steps it will take to get to where you want to go, and i really believe these are the first steps	21:51
harlowja	then moving said code cleanup onto said foundation	21:51
russellb	we have to do it in logical steps, not an enormous patch set that rewrites everything	21:51
russellb	i understand what you want, and i think we can get there	21:52
harlowja	isn't that possible with a good foundation?	21:52
sdague	harlowja: it seemed pretty clear in the room that it was a pretty good incremental cleanup	21:52
russellb	... in stages	21:52
harlowja	i still think it can be done in stages, with a good common library first though, not secondary :-p	21:52
sdague	I really think it's unrelated to orchestration	21:52
harlowja	sdague: how so?	21:52
sdague	harlowja: hey, nothing prevents you from proposing alternative incremental code	21:52
harlowja	sdague: and thats where its a waste of time to do	21:53
russellb	true :)	21:53
russellb	so here's the thing ...	21:53
russellb	we have code	21:53
russellb	a whole bunch of it	21:53
russellb	we want to do some cleanup, combining, and slight restructuring of that code as an incremental step	21:53
sdague	but I think rehashing consolodating the migration paths isn't very useful, because it's a huge win	21:53
sdague	from a verification stand point especially, as right now the whole live migrate path isn't testing at all in gate	21:54
sdague	which is the suck	21:54
*** afazekas has joined #openstack-meeting		21:54
sdague	but at the end of the day, code talks. bring something more clean, and more useful to the table, and it will be evaluated.	21:55
dansmith	everyone interested in doing the work for the unified migrations path seems to be in agreement,	21:55
dansmith	so I don't think we really have a problem here	21:55
harlowja	sdague: i have code for the foundation of this, haha	21:55
russellb	would be good to see it on the list	21:56
russellb	i don't think i have seen it yet	21:56
dansmith	harlowja: propose it and we'll handle it in gerrit	21:56
harlowja	it was shown in the summit :)	21:56
sdague	dude, I have piles of code :) that doesn't mean it's more useful for openstack in all situations.	21:56
russellb	yeah, but lots of people weren't at the summit	21:56
russellb	i also had a session conflict (rpc stuff, and i'm one of the few maintainers of that code)	21:56
harlowja	ok, will send that out again	21:57
russellb	k	21:57
dansmith	I have to run	21:57
russellb	anything else? just a few minutes left in our time.	21:57
russellb	k, later dansmith	21:57
harlowja	just i'd like to really understand clearly how the future of conductor fits into the plans, even incrementally	21:57
russellb	i honestly am not sure how to better explain it	21:57
harlowja	write it down?	21:58
harlowja	draw pictures?	21:58
russellb	we can continue out-of-meeting	21:58
russellb	thanks everyone!	21:58
russellb	#endmeeting	21:58
*** openstack changes topic to "OpenStack meetings \|\| Development in #openstack-dev \|\| Help in #openstack"		21:58
openstack	Meeting ended Thu Apr 25 21:58:41 2013 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	21:58
openstack	Minutes: http://eavesdrop.openstack.org/meetings/nova/2013/nova.2013-04-25-21.01.html	21:58
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/nova/2013/nova.2013-04-25-21.01.txt	21:58
openstack	Log: http://eavesdrop.openstack.org/meetings/nova/2013/nova.2013-04-25-21.01.log.html	21:58
sdague	thanks russellb	21:58
senhuang	thanks, guys	21:59
senhuang	bye	21:59
harlowja	russellb: so i'd like to see something like https://wiki.openstack.org/wiki/File:New-arch.png but for say how the conductor would fit in	21:59
boris-42	thanks, bye	21:59
harlowja	how it would work for that run_instance path	21:59
harlowja	that would be useful to me, and i think many others	21:59
*** lglenden has quit IRC		22:00
harlowja	and then maybe some documentation on what that makes better, scale, stabilitiy...?	22:00
*** danwent has quit IRC		22:00
russellb	harlowja: let's move to #openstack-nova	22:01
harlowja	kk	22:01
*** Vek has left #openstack-meeting		22:01
*** tpatil has quit IRC		22:01
*** litong01 has quit IRC		22:02
*** johnthetubaguy has quit IRC		22:02
*** senhuang has quit IRC		22:03
*** eglynn has quit IRC		22:04
*** cburgess_ has quit IRC		22:04
*** anniec has quit IRC		22:05
*** cburgess has joined #openstack-meeting		22:05
*** ayoung has joined #openstack-meeting		22:05
*** anniec has joined #openstack-meeting		22:08
*** markwash has quit IRC		22:09
*** bdpayne has quit IRC		22:11
*** dontalton has quit IRC		22:15
*** novas0x2a\|laptop has quit IRC		22:15
*** hartsocks has quit IRC		22:15
*** anteaya has quit IRC		22:15
*** markpeek has quit IRC		22:15
*** _cerberus_ has quit IRC		22:15
*** branen has quit IRC		22:15
*** akshayms has quit IRC		22:15
*** dontalton has joined #openstack-meeting		22:15
*** novas0x2a\|laptop has joined #openstack-meeting		22:15
*** hartsocks has joined #openstack-meeting		22:15
*** anteaya has joined #openstack-meeting		22:15
*** _cerberus_ has joined #openstack-meeting		22:15
*** branen has joined #openstack-meeting		22:15
*** akshayms has joined #openstack-meeting		22:15
*** dhellmann is now known as dhellmann-away		22:15
*** asalkeld has joined #openstack-meeting		22:15
*** henrynash has quit IRC		22:16
*** boris-42 has quit IRC		22:19
*** Bruce has quit IRC		22:25
*** hartsocks has quit IRC		22:27
*** jaypipes has quit IRC		22:31
*** bdpayne has joined #openstack-meeting		22:34
*** danwent has joined #openstack-meeting		22:35
*** boris-42 has joined #openstack-meeting		22:37
*** hartsocks has joined #openstack-meeting		22:38
*** IlyaE has quit IRC		22:40
*** boris-42 has quit IRC		22:49
*** stevemar has quit IRC		22:49
*** otherwiseguy has quit IRC		22:53
*** flwang has quit IRC		22:56
*** hartsocks has quit IRC		23:01
*** danwent has quit IRC		23:03
*** henrynash has joined #openstack-meeting		23:04
*** flaper87 has quit IRC		23:04
*** hartsocks has joined #openstack-meeting		23:04
*** beagles has quit IRC		23:06
*** gongysh has joined #openstack-meeting		23:06
*** koolhead17 has joined #openstack-meeting		23:08
*** hartsocks has quit IRC		23:20
*** hartsocks has joined #openstack-meeting		23:20
*** hartsocks has quit IRC		23:26
*** sacharya has joined #openstack-meeting		23:29
*** dprince has joined #openstack-meeting		23:30
*** afazekas has quit IRC		23:31
*** dprince has quit IRC		23:33
*** hartsocks has joined #openstack-meeting		23:36
*** hartsocks has quit IRC		23:37
*** garyTh has quit IRC		23:38
*** anniec has quit IRC		23:41
*** otherwiseguy has joined #openstack-meeting		23:41
*** hartsocks has joined #openstack-meeting		23:45
*** timello has joined #openstack-meeting		23:47
*** fnaval has quit IRC		23:50
*** flwang has joined #openstack-meeting		23:54
*** dontalton has quit IRC		23:55
*** dontalton has joined #openstack-meeting		23:57
*** lindj_ has quit IRC		23:58
*** troytoma` is now known as troytoman-away		23:58

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!