#openstack-meeting-3 log

17:02:55 <thinrichs> #startmeeting CongressTeamMeeting
17:02:57 <openstack> Meeting started Tue Dec  9 17:02:55 2014 UTC and is due to finish in 60 minutes.  The chair is thinrichs. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:02:58 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:03:01 <openstack> The meeting name has been set to 'congressteammeeting'
17:03:50 <thinrichs> For those who missed, last week we spent a good chunk of time getting our blueprints assigned to milestones.
17:04:12 <thinrichs> This week I think we'll go back to focusing on status updates and plans for future work.
17:04:27 <thinrichs> #topic status
17:04:37 <thinrichs> arosen: want to get us started?
17:04:46 <arosen1> sure
17:06:00 <arosen1> so i continued to refactor the datasource frame work making it easier for additional plugins to be added. I have several patches on review related to this which need reviews if any of you guys have extra review cycles.
17:06:50 <thinrichs> I took a look yesterday and thought ayip needed to have a look.
17:07:07 <arosen1> My next task i'm going to work on is refactering the neutron driver. Unfortunately, this will cause the schema there to change. My goal is to get rid of the subtables that we are exposing which we can now due since the datasource driver frame work code now has a concept of parent-key.
17:07:29 <arosen1> thinrichs: cool thanks.
17:07:49 <arosen1> thats all i have for now to report really unless anyone wants to discuss anything.
17:08:05 * arosen1 about those changes.
17:08:24 <thinrichs> Sounds good to me.
17:08:44 <thinrichs> It's good that we're making these small tweaks to schemas now.
17:09:02 <thinrichs> Once we have people who have written policies, it'll be much worse to change schemas.
17:09:06 <arosen1> yup i agree, we don't want those to change to much.
17:09:18 <thinrichs> We should think of schemas as APIs.
17:09:58 <thinrichs> arosen1: do you think the datasource driver is getting pretty stable now?
17:10:05 <thinrichs> Or do you anticipate further changes?
17:11:05 * glebo is mostly in neutron advanced services
17:11:25 <arosen1> probably more changes but it's getting better and easier to work with in my opinion
17:11:26 <thinrichs> glebo: Understood.  Thanks for multi-tasking.
17:11:52 <arosen1> thinrichs: i'm hoping to be done with it soon.
17:11:53 <thinrichs> OK.
17:12:06 <thinrichs> madhumohan: want to give a status update?
17:12:30 <madhumohan> First version of datalog-aggregates available on https://review.openstack.org/#/c/140253/
17:12:37 <glebo> pretty intense over their right now too, as we ware splitting out the advanced services branch for FWaaS, VPNaaS and LBaaS right now, during the neutron code sprint
17:12:45 <glebo> s/their/there
17:13:10 <thinrichs> madhumohan: cool!  Taking a look...
17:13:14 <madhumohan> it implements a basic count of records.. needs to be reviewed.
17:14:43 <thinrichs> madhumohan: I'll try to take a look today and get Samta feedback.
17:15:34 <madhumohan> I am working on modal operators. Got Congress.g working and i have a separate class "Modal" to handle its details. trying to get it working with compilation.
17:16:00 <madhumohan> thinrichs: sure.
17:16:06 <thinrichs> Great!  I've fought those wars several times.  Let me know if I can help.
17:17:59 <thinrichs> jasonsb: have anything to report?
17:18:11 <jasonsb> little bit
17:18:31 <jasonsb> attended silisec last week.  (silisec is a south bay security meetup)
17:19:06 <jasonsb> I was there to see if folks would help us to refine approach taken by congress to security
17:19:31 <jasonsb> i quickly realized that a bunch of folks there are opsec and you aren't going to be able to help them
17:19:45 <jasonsb> (i hadn't heard the solyndra story before.  fascinating)
17:19:59 <thinrichs> I'm not a security guy.
17:20:12 <thinrichs> Can you explain a bit why we can't help the opsec community?
17:20:12 <jasonsb> but other folks gave advice on the compliance side
17:20:46 <jasonsb> well.  i guess i shouldn't paint with too broad a brush
17:20:58 <jasonsb> these were the guys who respond to threats
17:21:14 <jasonsb> (and one who used to carry out on behalf of a 3letter agency)
17:22:00 <jasonsb> so to help those guys you need to correlate packet stream from outside world, watch it as it enters a VM and then try to correlate with network stream to other hosts
17:22:30 <jasonsb> If you can help with that then you can alert them that somebody broke into a service and is doing a pivot to compromise other hosts
17:22:38 <jasonsb> (just one example)
17:22:55 <jasonsb> its a bit of a cat and mouse game
17:23:09 <thinrichs> We're definitely not going to help them do that network-packet analysis.
17:23:32 <jasonsb> so somebody else suggested, if you attack the compliance side, pick a specificiation and implement so that the spec could be written into congress
17:23:38 <thinrichs> Congress would take the network packet analysis service as an input, and we'd write policy over its results.
17:23:42 <jasonsb> PCI-DSS came up
17:24:05 <thinrichs> We'll sometimes mention HIPAA and PCI to people.
17:24:12 <jasonsb> yes, that would be fun
17:24:26 <thinrichs> PCI is a little scary since people lose can their jobs when PCI is not obeyed.
17:24:30 <jasonsb> network packet analysis integrated with congress
17:24:47 <thinrichs> More like intrusion-detection integrated into congress.
17:24:50 <jasonsb> that would be fantastic
17:25:12 <thinrichs> I *think* someone proposed a use case around that.  I don't think it went anywhere.
17:25:19 <jasonsb> for PCI what do you think of this:  Write a sample congress policy which implements sections of PCI
17:25:38 <jasonsb> so that a user of congress could present the congress data to their QSA
17:25:50 <jasonsb> (we would sit on customer side of the table)
17:25:51 <thinrichs> I know some people got really excited by that idea.
17:27:31 <jasonsb> i really enjoyed going to silisec.  i plan to go every meet.  about 25 people there i think.
17:27:33 <thinrichs> I think the trick would be to explain how Congress can HELP with PCI compliance.  But it won't solve the problem entirely.
17:27:59 <jasonsb> yes, messaging will be involved
17:28:11 <jasonsb> but there are some interesting technical things too
17:28:17 <jasonsb> section 3.6.4
17:28:31 <jasonsb> expiration of cryptographic keys at end of their lifetime
17:28:39 <thinrichs> Sounds fun.  Security is a good source of use cases for us.  And we always want to be careful about security implications.
17:28:50 <jasonsb> humans are not good at key rotation.  congress could be.
17:29:23 <thinrichs> Want to try to work out the details of a policy for key-rotation?
17:29:56 <jasonsb> I was making a document for just that.  also comparing use-case to sunny's writeup
17:30:33 <thinrichs> Sounds good.  It'd be great if you let us know when things come up at silisec that seem pertinent.
17:30:51 <jasonsb> will do.
17:31:00 <thinrichs> rajdeepd: you there?
17:31:05 <jasonsb> if you get thirsty you could drop by :)
17:31:12 <rajdeepd> hi
17:31:15 <thinrichs> Have a status update for us?
17:31:19 <thinrichs> jasonsb: :)
17:32:13 <thinrichs> rajdeepd: did your Horizon code get merged?
17:32:13 <rajdeepd> yes, submitted the patch for horizon data sources integration
17:32:49 <rajdeepd> now we can use horizon to see all the data sources and their respective tables and rows in each table
17:33:14 <thinrichs> Great!
17:33:37 <rajdeepd> as a next step working on blueprint for datasource status table in horizon
17:33:42 <rajdeepd> submitted for review
17:34:25 <rajdeepd> thats it from my side
17:34:33 <thinrichs> Do you have a blueprint for that spec as well?
17:34:53 <rajdeepd> yes
17:35:30 <thinrichs> When I click on the link from the spec, it says the blueprint is not found.
17:35:55 <rajdeepd> https://review.openstack.org/#/c/140228/
17:37:16 <thinrichs> The blueprint linked from that spec is what doesn't seem to exist:
17:37:17 <thinrichs> https://blueprints.launchpad.net/congress/+spec/horizon-integration
17:38:04 <rajdeepd> ok, will fix that
17:39:07 <thinrichs> Thanks.  Could you also add a milestone for when you think it will get done?  kilo1 (Dec 18), kilo2(Feb 5), kilo3 (Mar 19)
17:40:16 <rajdeepd> ok..
17:40:31 <thinrichs> jwy: want to give a status report?
17:40:40 <rajdeepd> done means final submission?
17:42:25 <jwy> rajdeepd: i believe so
17:42:27 <thinrichs> rajdeepd: roughly.  It's not a hard deadline of course.
17:42:43 <rajdeepd> ok, thanks
17:42:51 <jwy> does every blueprint require a spec (and vice versa)?
17:43:15 <thinrichs> jwy: yes
17:43:32 <thinrichs> sarob: any exceptions to needing a spec for each blueprint that you can think of?
17:43:42 <sarob> Nope
17:43:52 <jwy> i created a blueprint for pagination of results, but i'll need to make a spec for that then
17:43:56 <sarob> The spec is the blueprint detail
17:44:15 <jwy> i think it'd need to be a two-parter - support from the congress server and then from the ui
17:44:48 <jwy> not sure what the best way to implement it is, though
17:45:07 <jwy> i've seen lots of discussion on pagination from the other openstack services
17:45:07 <sarob> Jwy: it's okay to have a spec that describes other work
17:45:20 <thinrichs> It's not that every bit of work needs a new blueprint though.
17:45:45 <jwy> thinrichs: what is the distinction?
17:45:46 <sarob> Thinrichs true, some are bugs
17:45:51 <thinrichs> We want blueprints, specs for new features.
17:46:09 <thinrichs> I don't think I'd consider pagination a new feature worthy of a blueprint.
17:46:22 <thinrichs> I'd potentially call it a bug to not have it.
17:46:27 <jwy> oh ok
17:46:29 <sarob> Some work can be unreferenced but it's a bad habit
17:46:42 <jwy> i can move it to a bug then
17:46:43 <thinrichs> Or just another change under the same blueprint as horizon-integration.
17:47:15 <jwy> well, i think horizon would also need help from the congress server to break up the results
17:47:55 <jwy> this was the blueprint https://blueprints.launchpad.net/congress/+spec/server-side-pagination
17:48:00 <thinrichs> jwy: I see.  Maybe a bug then.  Use your best judgment.
17:48:27 <thinrichs> On second thought, that could be a substantial change to the server.
17:48:36 <thinrichs> A blueprint/spec seem appropriate.
17:48:54 <jwy> ok sure
17:49:29 <thinrichs> I'm not even sure the right answer for that.
17:49:30 <jwy> still working on prettifying the data in tables in horizon
17:49:34 <thinrichs> Worth discussing in gerrit.
17:49:51 <jwy> yep
17:50:24 <jwy> re: prettifying data, i might have to get more creative because i don't have access to the congress client at the point that horizon normally renders the data
17:50:33 <jwy> that's it for my update
17:50:53 <thinrichs> jwy: let us know if there's something in the client that's making your job harder.
17:51:00 <thinrichs> Running short on time today.
17:51:09 <jwy> ok thanks
17:51:13 <thinrichs> Radu_: have an update?
17:51:45 <Radu_> Just working on adding some more information to my vcenter driver
17:52:09 <thinrichs> Okay.  Let us know if you need something.  I like having some examples of non-OS datasource drivers.
17:52:14 <Radu_> Been trying to get some input from people on what information they would like to see pulled
17:52:30 <thinrichs> Though at some point we'll need to figure out how testing could/should work.
17:52:31 <Radu_> https://bitbucket.org/ConnerFerguson/vcenter-driver
17:52:53 <Radu_> What is up there is running on my congress server right now.
17:53:05 <thinrichs> Radu_: you could send an email to the ML to generate discussion.
17:53:32 <thinrichs> Maybe include a list of info that's available so people not familiar with it can easily give feedback?
17:53:56 <Radu_> The data returned is quite a bit to sort through
17:54:08 <Radu_> 1 host and 1 vm combined is over 30 pages of data
17:54:24 <thinrichs> Wow!
17:54:43 <Radu_> I've just been asking around the ofice here for what fields people would be interested in.
17:55:30 <thinrichs> I'd recommend an initial commit with whatever you have now.
17:55:44 <thinrichs> And then maybe a series of additional commits where you add additional functionality.
17:56:07 <thinrichs> s/additional functionality/additional data/
17:56:16 <thinrichs> Almost out of time.
17:56:31 <Radu_> I'll aim to make a commit soon then
17:56:37 <thinrichs> Radu_: sounds good.
17:56:44 <Radu_> I submitted a spec recently, dont think its merged yet
17:57:09 <thinrichs> Radu_: I looked at all the specs/code yesterday.  Let me know if I still need to do something for your spec.
17:57:22 <thinrichs> sarob, or anyone else: have a status update?
17:58:04 <sarob> We need more reviews from non core reviewer
17:58:06 <sarob> A
17:58:14 <sarob> Urg
17:58:43 <sarob> If you are writing code
17:58:58 <sarob> Review someone else's in gerrit
17:59:10 <sarob> That's it for me
17:59:30 <thinrichs> Good reminder about reviewing.  Thanks.
17:59:59 <thinrichs> I guess that does it for this week.
18:00:20 <thinrichs> Thanks all!  See you next week!
18:00:24 <thinrichs> #endmeeting