16:06:05 <vishy> #startmeeting Hierarchical Multitenancy
16:06:06 <openstack> Meeting started Fri Apr 11 16:06:05 2014 UTC and is due to finish in 60 minutes.  The chair is vishy. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:06:07 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:06:09 <openstack> The meeting name has been set to 'hierarchical_multitenancy'
16:06:11 <raildo> hi
16:06:23 <tellesnobrega> hi
16:07:03 <schwicke> hi
16:07:09 <Sajeesh> hi
16:07:12 <VINOD> hi
16:07:15 <vishy> #topic role inheritance
16:07:30 <vishy> raildo: did you make any progress on the role inheritance implementation?
16:08:02 <raildo> vishy: The implementation is ready, but remain some security checks, I will send to the ML as soon as possible
16:08:11 <vishy> cool
16:08:17 <schwicke> vishy: we have a new collaborator: Sajeesh. Vinod is back to india, and Sajeesh is taking over from him
16:08:33 <vishy> did you end up creating a flag for “inherited”?
16:08:43 <vishy> schwicke: ok great, welcome Sajeesh
16:08:52 <Sajeesh> Hi Vishy Thanks
16:09:44 <raildo> vishy: Currently I am checking the roles that are listed as inherited, ie, the user adds the role to be inherited.
16:09:50 <schwicke> raildo:sounds very good
16:10:43 <tellesnobrega> vishy: im also working on this with raildo, mostly him, but we will have it done soon
16:11:55 <raildo> I check if this inherited role is associated with the parent project, if it is I add the project child
16:13:25 <vishy> great
16:13:41 <vishy> ok I”m not aware of any other active work being done in advance of the summit
16:14:02 <vishy> if anyone hasn’t read the updated http://wiki.openstack.org/HierarchicalMultitenancy
16:14:18 <vishy> I encourage you to do so and bring up any issues
16:14:38 <vishy> as I mentioned last week we will have a few sessions at the summit to discuss it
16:15:50 <schwicke> I think Vinod recently made some improvements on our POC
16:16:44 <schwicke> VINOD_: does it make sense to review this and integrate with what raildo did ?
16:17:00 <VINOD> I can do it.
16:17:14 <schwicke> would be nice to have the complete thing for the summit
16:17:21 <VINOD> I request raildo to send a link when he completes the testing
16:17:38 <vishy> sounds good
16:17:46 <vishy> does anyone have anything else to discuss?
16:17:49 <raildo> VINOD: I will send you as soon as everything is finalized. I believe that early next week.
16:17:50 <schwicke> Excellent. Let's do that then
16:18:06 <VINOD> I am little confused right now with role inheritance, but i will wait wait till raildo sends me the completed thing
16:18:16 <VINOD> raido: great
16:18:23 <VINOD> raildo: that's fine for me
16:18:31 <raildo> VINOD: great
16:19:05 <schwicke> VINOD: Sajeesh can probably help as well
16:19:09 <VINOD> raildo: Will you put up the code only or any documentation will be there (even a brief explanation will do)
16:19:19 <Sajeesh> Ok sure
16:19:48 <VINOD> schwicke: OK
16:20:01 <raildo> VINOD: I will explain how to test the code
16:20:19 <VINOD> raildo: Thanks, that will be great helpful to me
16:21:06 <vishy> ok lets adjourn until next week unless anyone has something else
16:21:24 <VINOD> vishy: I don't know whether i can rise this issue or not...We had submitted new blueprints to Gerrit as part of new way of creating blueprints for Domain Quota Management
16:22:00 <VINOD> But its got stuck there, as reviewers are asking us to give a roadmap for keystone v3 usage for entire nova code
16:22:11 <VINOD> but we used only for Domain Quota (keystone v3 auth token)...
16:22:31 <VINOD> vishy: If you have some time, can you look into the blueprints..should i post the links now?
16:22:45 <vishy> VINOD: we will probably have to get v3 code into nova in order to make this feature happen
16:22:52 <vishy> so that is an important initial blueprint
16:23:09 <vishy> the same is true of all projects
16:23:21 <vishy> as keystone devs have said that this feature won’t go into v2
16:23:39 <vishy> unless they are willing to accept it as an extension
16:24:08 <VINOD> vishy: But as for as i see nova has already code for accepting the v3 token, but the nova api's are not using v3 auth token and i had used it
16:24:15 <schwicke> vishy: anything on our side we can do to speed up things a bit ?
16:25:06 <schwicke> my understanding of the comments is that some organization of the transition is needed. Right ?
16:25:12 <VINOD> vishy: as schwicke said, we don't know how to proceed further...our code of Domain Quota Management is ready with both V2 APIs and V3 APIs (using keystone v3 token) is ready
16:26:34 <vishy> that is correct
16:26:51 <vishy> if we want to use new features in the v3 token
16:27:05 <vishy> we probably need a specific blueprint about moving nova over to v3
16:27:39 <schwicke> vishy: who should open that ?
16:27:49 <schwicke> and drive this ?
16:27:52 <vishy> you can do it if you want
16:28:03 <vishy> or we can discuss it at the summit
16:28:32 <schwicke> will check internally how far our mandate goes :)
16:28:44 <VINOD> vishy: what is meant by " moving nova over to v3", because v3 auth token is already being accepted by nova code and i can even extract domain_id from v3 auth token
16:28:46 <vishy> fyi I’m still advocating for domains not existing in the other projects
16:29:09 <vishy> VINOD: i would need to see the comments in the review
16:29:29 <VINOD> #link https://review.openstack.org/#/c/82088/
16:29:31 <vishy> what happens if someone passes a v2 token?
16:29:34 <schwicke> the move to v3 is indepenend of this I think.
16:29:49 <schwicke> and its probably needed for nested projects as a prereq
16:30:00 <VINOD> our code of Domain Quota will not work, as it tries to get the domain_id from the token, which is not existing in the v2 token
16:30:39 <schwicke> sure
16:30:44 <VINOD> but i can change the code and make it accept the v2 also...but i didn't do it, because keystone v2 is any way going to be deprecated
16:31:10 <VINOD> vishy: the link i posted is currently in "abandoned" state (because of no activity in the last week), but we can surely check the comments
16:31:31 <vishy> VINOD: so i think the request is pretty clear
16:31:41 <VINOD> vishy: ok
16:32:32 <vishy> he wants a blueprint covering the v2->v3 transition
16:32:53 <vishy> VINOD: but as I said i think domain quotas are a bad idea
16:33:08 <schwicke> :)
16:33:11 <vishy> :)
16:33:11 <VINOD> vishy: ok
16:33:36 <vishy> we are going to end up with two levers for everything
16:33:42 <VINOD> vishy: we did it, because 2-3 montgs back, domain are still a good part of openstack
16:33:47 <vishy> sure
16:34:27 <vishy> user quotas may be a bad idea as well :)
16:34:27 <VINOD> vishy: but any way, there is already so much of discussion happened about dropping domains and bringing hierarchical multitenancy, then we can wait till summit and change the code to suit to new hierarchy
16:34:34 <vishy> right
16:34:36 <vishy> ok
16:35:02 <vishy> if you want to draft a v2->v3 proposal for nova that seems like a good start
16:35:18 <vishy> just to have something up
16:35:22 <VINOD> vishy, schwicke: so, i think we have to stop the quota development (or modification) for time being, and wait for summit and then proceed according to the decision made in the summit
16:35:33 <vishy> right
16:35:45 <schwicke> hmm, lookslike
16:36:02 <vishy> ok lets finish up for today
16:36:06 <schwicke> hower, I think it would be a good idea to get the V3 transition forward in the mean time
16:36:17 <vishy> I will see y’all next week
16:36:22 <VINOD> vishy: This is what confusing me "a draft for v2->v3", does this mean that, drop all the nova v2 code (the api extensions) and change them to v3 extensions?
16:36:27 <schwicke> I will check internally and let you know in the next meeting
16:36:27 <vishy> no
16:36:30 <vishy> for keystone
16:36:44 <vishy> moving nova code to use the v3 keystone api
16:36:55 <vishy> instead of v2
16:37:11 <schwicke> sure.
16:37:24 <schwicke> vishy: will there be a meeting next Friday ?
16:37:26 <VINOD> vishy: ok
16:37:33 <vishy> yes
16:37:45 <schwicke> If I'm not mistaken it is a public holiday (easter weekend)
16:37:49 <VINOD> vishy, schwicke: but i guess its a big task....
16:37:54 <vishy> yes it is
16:38:00 <vishy> we will need help
16:38:06 <vishy> :)
16:38:22 <schwicke> vishy: for that reason I cannot promise that we'll be able to drive it. I have to check that with some people here :)
16:38:24 <VINOD> vishy: we can definitely provide the help, but we may not be able to do it single handedly
16:39:01 <vishy> schwicke: hmm we don’t generally take food friday off in the US
16:39:09 <vishy> well i will be around
16:39:17 <schwicke> OK, so then lets see next week. I will try to connect if I'm around.
16:39:18 <vishy> the following week I am out however
16:39:24 <schwicke> ok
16:39:32 <vishy> #endmeeting