Friday, 2017-08-11

*** thingee_ has quit IRC00:00
dimsnice fungi01:28
fungidims: the real exciting infra news of the night is that zuul v3 has moved past self-testing and is self-gating (we've shifted several infra repos over to having gate them instead of
smcginnisGood progress.02:43
dimswill ship cinder and get to bed :)02:44
*** dtantsur|afk is now known as dtantsur08:54
*** cdent has joined #openstack-tc09:05
*** openstackgerrit has joined #openstack-tc09:10
openstackgerritFlavio Percoco proposed openstack/governance master: Allow teams to host meetings in their channels
openstackgerritMerged openstack/governance master: Add Barbican wsgi goal completion artifacts
openstackgerritMerged openstack/governance master: Removal of installguide-cookiecutter
openstackgerritMerged openstack/governance master: charms: Add Gnocchi charm and supporting interfaces
*** sdague has joined #openstack-tc10:00
*** cdent has quit IRC11:24
openstackgerritFlavio Percoco proposed openstack/governance master: Drop Technical Committee meetings
*** cdent has joined #openstack-tc11:36
*** mwhahaha has quit IRC12:19
*** mwhahaha has joined #openstack-tc12:20
*** cdent has quit IRC12:44
*** cdent has joined #openstack-tc13:18
*** hongbin has joined #openstack-tc13:44
*** thingee_ has joined #openstack-tc14:58
fungion the simplification front, i think the pike cycle is actually a big leap forward: we dissolved three teams (community app catalog, fuel, openstack ux) and added only one (shade which was actually just split off of the existing infra team)14:59
thingee_fungi: +114:59
thingee_fungi: that’s what I plan to highlight at ptg board14:59
fungii was putting together the new and removed teams list for the pike press release stuff the foundation marketing team was working on, and only then did i realize we didn't really add new teams (shade only half counts) and got rid of three!15:00
cdentthere’s another dimenions of complexity that is equally (maybe more?) important:P15:09
cdentwithin the services15:09
*** dklyle has joined #openstack-tc15:15
*** david-lyle has quit IRC15:15
fungiyup, parallel efforts are underway to whittle those down too15:25
fungifor example, i talked to sdague about the (still incomplete years later) trusted compute filter in nova being a good candidate to drop as it's more of an attractive nuisance than a feature15:26
fungistuff like that is ripe for the chopping block15:26
fungii think one of the challenges there is that those sorts of bits are hard for people outside the responsible teams to identify, and certainly harder to quantify and track15:55
fungilike, the only reason trusted compute filter came to my attention was that the vmt had gotten questions about it a couple years ago at which point it was in a partially-implemented state and posed a bit of a security risk at the time, then more recently it cropped up in a thread on a (non-openstack) crypto mailing list to which i subscribe and when i looked into the state there, it still hadn't ever15:57
fungibeen fixed15:57
cdentI’m sure there’s plenty more of that sort of thing15:58
cdentbut the time/energy to audit dead code paths is hard to find15:58
cdentespecially since there are plenty of invisible users15:58
fungiso i asked sdague about it, and he confirmed some devs at intel had pushed the partial implementation because it turned out they wanted to be able to say this piece of server hardware they'd started shipping was supported by at least some virtualization platform, and getting "support" (however incomplete) for it into nova was a much lower bar than, say, vsphere15:59
fungibut once they'd given their conference talks and put together glossies to hand out to potential customers, they walked away from actually completing the implementation16:00
* cdent sighs16:00
EmilienMcdent: hi16:01
fungiwhat's fun is that their pamphlets and whitepapers are still available for download from intel, in case you're interested in using their tpm16:02
cdentEmilienM: hello sir16:02
EmilienMcdent: I'm back from a meetings week, mostly afk. I saw your ping "EmilienM said he’s be willing to structure something like that, if people felt it was appropriate"16:02
fungi(pamphlets and whitepapers talking about how nova supports it, i mean)16:02
EmilienMwas it about the retro?16:02
cdentbut if you read the rest of the log near there, not everyone was keen on the idea, so it is still a bit up in the air for now16:04
cdentnot sure what the next step is16:04
*** dtantsur is now known as dtantsur|afk16:20
dtroyerfungi, cdent: I think that example of half-baked TPM support is one that might be useful as an example of why we should push back harder on checklist features, especially in areas like that where a certain amount of expertise is required just to be able to be credible to talk about it.  It wouldn't hurt my feelings if the board were to see that on a list…16:23
fungidtroyer: agreed, i brought that one up because it serves as a pretty clear-cut example of the sorts of tactical contributions we should be trying to avoid16:25
fungiproblem is it was a bit of a trojan horse16:25
fungihaving a general framework for attesting to verified boot for virtual machines that booted from verified hypervisors all the way down to the bios is a laudable goal16:26
fungiand sometimes it's hard to tell when a vendor might just be using the project to be able to demo some poc for prospective clients with no intent to follow through on completing the implementation16:27
dtroyerthere may have been some of that, and it may have also been due to shifting priorities.  This is to me anecdata about trusting proposals from some of our larger sponsor companies that they will actually follow through on these things, especially where someone else is not able to pick it up16:29
dtroyerit isn't the only time we've been burned16:29
* cdent looks at all of the numa and pci code16:30
cdentnot that we aren’t still working on that16:30
cdentbut duh amn16:30
fungijust stuck in my craw a bit to find publications like and
fungiespecially given that the filter has been marked "experimental" ever since its introduction some 4 years ago, and has fairly crippling design flaws like bug 145622816:36
openstackbug 1456228 in OpenStack Security Notes "Trusted vm can be powered on untrusted host" [Medium,Fix released] - Assigned to Michael Xin (michael-xin)16:36
dtroyertotally… makes me want to find a way to bury a hook into an organization that isn't an individual contributor (who gets moved to a new project in two months) for accountability on things like that.  In this case I can try to play that role, but we don't have folks like me in every organization that does this16:37
fungi(note that the fix-released there is for the ossn about how nova isn't going to fix it)16:37
fungidtroyer: agreed, this example happens to have a significant member company embroiled in the situation but there are likely plenty of examples we can find which are for very small/startup vendors as well16:39
fungiand those are likely harder to get similar sorts of traction for a responsible party (or may even go out of business partway through some implementation)16:40
dtroyertrue, but with small companies, you half expect there to be a certain volitility in their long-term presence16:40
fungifair enough16:40
dtroyernow we see we have to expect that from everyone16:42
cdentshoudl done openstack gpl ;)/216:43
* dtroyer refrains from commenting, except to say that would have limited contributions enough that we may not have had that particular problem to begin with16:44
*** dklyle has quit IRC16:44
*** dklyle has joined #openstack-tc16:45
cdentit’s probably best to refrain from commenting pretty much any time I throw a ;)/216:49
*** cdent has quit IRC17:08
*** persia has quit IRC17:18
sdaguefungi: hmmm... I think that's an overstatement of what I said17:37
fungisdague: sorry, didn't mean to imply you said all of that17:38
sdaguebut, yeh, they definitely disappeared after it had landed in one release never to be seen again17:38
fungiyou confirmed that they never returned to complete the implementation after hyping it17:38
sdaguefungi: yes17:38
fungithe reasons for the initial (partial) implementation become clear on reviewing their conference talk and whitepapers/marketing brochures17:39
sdagueah, ok17:39
fungithe fact that they jumped to start using it to sell their product without actually finishing it17:39
sdagueyeh, I didn't know that piece of the story17:39
fungiit's tempting to follow hanlon's razor and guess that perhaps they didn't _realize_ they were marketing their product by referring to an incomplete solution which doesn't actually do what unwitting consumers would expect17:42
fungibut occam's razor in this case implies they simply did it because they could17:43
fungiand because there was no real accountability17:44
sdagueyeh, that's all fair17:45
fungii'd be willing to just cite incompetence on their part if other organizations had worked in the community to start implementing that, never finished it, and intel's marketing arm ran with it not realizing it wasn't actually usable17:48
fungibut since it was intel doing the implementation, the evidence is a bit more damning17:48
funginot trying to pick on intel in particular on this, i expect we can find plenty more examples of other member companies engaged in similar scenarios17:49
fungiand to bring it back around to my original point, these are places we can probably shed some complexity with no real collateral damage17:50
fungiexcept maybe to companies who were trying to use the cut features to market their products17:51
*** thingee_ has quit IRC18:07
*** sdague has quit IRC18:17
dtroyerI'll stick my neck out a bit and say that in an organization this large, the marketing hypes and the guys pushing code rarely talk directly.  And constantly shifting management-level priorities don't help.  And this isn't to make excuses, but to complete the 'how we got to this point' picture, and maybe to even help decide if that particular thing can/should just be removed.18:28
dtroyerIt would be helpful to me (in chasing this down internally) to have a sense of Nova team's preferences here, fix it or cut it?18:28
fungidtroyer: by way of history, references a discussion from 2 years ago where deprecation was suggested:
fungishane wang pushed back at the time, saying that intel's tcp/oat 3rd-party ci would be online "soon" to address the concerns raised19:26
fungimalinik also raised concerns with removing it19:27
fungiand a third intel contributor who i haven't had any interactions with that i can remember19:28
fungioh, dulko too19:29
fungiso the only non-intel contributor to that thread who came anywhere close to suggesting it be kept was jogo, whose argument at the time was "people are using this, it is a negligible maintenance burden"19:32
fungisbauza, johnthetubaguy and mikal seemed good with getting rid of it19:34
fungifast forward 2+ years, and it's still marked experimental and there's been no further development on it19:34
fungiwhat i find most interesting is that red hat is the only distro/vendor who published documentation about setting up a deployment using trusted compute pools as far as i can find, and yet rh core reviewers in that thread seemed in favor of dropping it19:55
dtroyerfungi: thanks for the additional background.  I want to sort this one it, it is not the kind of thing we can leave hanging like this and expect to be taken seriously.20:53
*** lbragstad has quit IRC22:17
*** hongbin has quit IRC23:12
openstackgerritBilly Olsen proposed openstack/governance master: Add charm-interface-gluster-peer

Generated by 2.15.3 by Marius Gedminas - find it at!