#openstack-meeting-3 log

12:02:47 <david-lyle> #startmeeting Horizon
12:02:47 <openstack> Meeting started Wed Mar 18 12:02:47 2015 UTC and is due to finish in 60 minutes.  The chair is david-lyle. Information about MeetBot at http://wiki.debian.org/MeetBot.
12:02:48 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
12:02:51 <openstack> The meeting name has been set to 'horizon'
12:02:56 <david-lyle> Hello everyone
12:02:59 <rdopiera> hi
12:03:03 <robcresswell> Morning
12:03:06 <mrunge> good morning o/
12:03:20 <wchrisj> Morning all
12:03:24 <doug-fish> greetings
12:03:38 <amotoki> hi
12:04:20 <krykowski> o/
12:04:31 <Daisy_> Hi, daisy is here for kilo translation.
12:04:43 <sambetts> o/
12:04:50 <david-lyle> Tomorrow is the deadline for k-3 and we have several blueprints in need of some reviews
12:05:17 <david-lyle> #link https://launchpad.net/horizon/+milestone/kilo-3
12:05:55 <david-lyle> on the plus side the bulk of the new launch instance merged and is in bug fix mode
12:06:20 <david-lyle> it is not enabled by default yet, until the bugs are addressed.
12:06:32 <david-lyle> but feel free to try it out and report more bugs
12:06:38 <robcresswell> Are we still aiming to make it the default for release?
12:06:43 <mrunge> hooray! good job!
12:07:03 <david-lyle> before the RC we'll se if we're comfortable making the switch
12:07:29 <robcresswell> Awesome
12:08:10 <david-lyle> I'd like to see several of the bugs fixed first, but trying to make a change that large perfect all at once was an impossible task
12:09:08 <david-lyle> some blueprints of note that could use reviews: https://blueprints.launchpad.net/horizon/+spec/data-processing-rework-ui
12:09:30 <david-lyle> that code has been up for most of kilo and suffered from a lack of reviews
12:09:55 <david-lyle> there are two guided walkthroughs of the major workflows of Sahara
12:10:29 <david-lyle> it's a vast improvement from figure it out for yourself which was where we were with Juno
12:11:29 <david-lyle> it strays from the standard horizon widgets, but accomplishes its goal
12:12:34 <david-lyle> I think django-1.7 support is a must have and will move that to RC-1 if not merged by tomorrow
12:12:51 <david-lyle> are there others people feel need consideration for RC-1
12:13:07 <david-lyle> assuming the list doesn't magically merge in the next 24 hours
12:13:09 <david-lyle> ?
12:14:14 <david-lyle> another BP of not and late comer, but highly requested is #link https://blueprints.launchpad.net/horizon/+spec/horizon-themes
12:14:27 <david-lyle> This was demoed at the last summit
12:14:52 <david-lyle> and at this point mainly relies on use of the variables.scss
12:15:30 <david-lyle> and styles.scss
12:15:47 <david-lyle> minimally invasive, I do need to test it out
12:16:02 <david-lyle> but operators have long asked for better skinning
12:16:20 <mrunge> yes, sure
12:16:20 <david-lyle> this demonstrates how to do that in bootstrap
12:16:35 <david-lyle> we can improve upon it later
12:16:49 <mattfarina> this will be a nice start to theming
12:17:10 <david-lyle> Once I try it out, if it works as advertised I may move it to a High
12:17:30 <david-lyle> anything not High isn't really eligible for a FFE
12:17:59 <david-lyle> To revisit the timelines
12:18:13 <david-lyle> Feature Freeze will happen tomorrow
12:18:21 <david-lyle> we'll tag the repo with k-3
12:19:05 <david-lyle> at that point only bug fixes and any BPs with a FFE (Feature Freeze Exception) should be merged onto master
12:20:03 <david-lyle> RC-1 will likely be 2 weeks from there.
12:20:38 <david-lyle> once RC-1 is cut, it will be on a branch and trunk will be open for liberty
12:20:58 <david-lyle> at RC-1 we will also have our final string freeze
12:21:32 <mrunge> good to know
12:21:35 <david-lyle> at which point Daisy_ (thanks for joining) will help drive getting our strings translated for RC-2
12:21:59 <david-lyle> which hopefully will be only to pull in translations before release
12:22:27 <david-lyle> if we do find other release critical bugs, we may roll them into RC-2 as well
12:22:55 <david-lyle> Does that work for you Daisy_? I believe you have already talked to amotoki about the timeline
12:23:25 <Daisy_> Yes, I did talk with amotoki
12:23:51 <david-lyle> does RC-1 work for you on the string freeze
12:23:59 <Daisy_> When is RC2, probably?
12:24:14 <david-lyle> 2-3 weeks after RC-1
12:24:19 <Daisy_> You mean, string freeze after RC-1?
12:24:20 <david-lyle> will look for date
12:24:35 <Daisy_> I will ask team to work on Horizon translation tomorrow.
12:24:38 <david-lyle> at RC-1, or a week before it
12:24:41 <amotoki> In our past releases, RC2 was before 1-1.5 weeks before the release.
12:24:50 <Daisy_> I won't wait for string freeze, I think.
12:25:26 <wchrisj> david-lyle: Are dev docs related changes subject to the same freeze timelines as code?
12:25:26 <david-lyle> ok, we shouldn't have too much churn, but we always have a little after milestone 3
12:25:29 <amotoki> Daisy_: we don't need to wait for string freeze :-)    After Kilo-3, not so many strings will be changed as you know.
12:25:41 <Daisy_> amotoki: I agree.
12:26:11 <Daisy_> amotoki: we start the translation from tomorrow, and we keep on translating, till RC2, 1-1.5 weeks before the release.
12:26:24 <david-lyle> looks like RC-1 should april 9 -16 and RC-2 will be by April 30
12:26:41 <Daisy_> amotoki: the translations in RC1 will auto imported. and the translations in RC2 will be imported manually, as we did before ?
12:27:12 <david-lyle> April 30 is release day, so a few days before april 30
12:27:15 <amotoki> Daisy_: yes, if the process is not changed in kilo.
12:27:59 <david-lyle> wchrisj: if it's a bug fix it can land before RC-1
12:28:05 <Daisy_> Thanks for the date. Translators might need 1 month to translate.
12:28:47 <david-lyle> Daisy_: thank you, please let me know if you need anything from me
12:29:06 <Daisy_> david-lyle: Thank you. I will work closely with amotoki.
12:29:25 <david-lyle> thank you both
12:30:01 <david-lyle> #topic Open Discussion
12:30:15 <david-lyle> oh, I forgot one topic
12:30:27 <david-lyle> #topic Keystone auth plugins
12:31:14 <david-lyle> There are several semi-related features in keystone that need to slightly change how authentication is done
12:31:56 <david-lyle> jamielennox sent an email to the ML a couple days ago and I've been talking to him on IRC
12:32:35 <mattfarina> david-lyle are you trying to get that in for kilo?
12:32:48 <david-lyle> #link http://lists.openstack.org/pipermail/openstack-dev/2015-March/059139.html
12:33:19 <david-lyle> he's unable to attend the meeting so I said I would bring it up for him to raise awareness and solicit feedback
12:33:58 <david-lyle> Things that people are working on, WebSSO, which is a BP approved in Horizon for Kilo
12:34:10 <tqtran> along similar lines, how important is the websso stuff? we're really close to getting it in
12:34:36 <david-lyle> but does not follow any sort of proper plugin and is going to create swiss cheese in the code, especially if that format is duplicated
12:35:09 <david-lyle> there's K2K federation work (doug-fish) that will change things a bit more
12:35:30 <doug-fish> yeah - I'm not sure k2k benefits as much from what Jamie has proposed
12:35:42 <david-lyle> and there's other plugins desired for say kerberos (jamielennox)
12:36:30 <david-lyle> Our main problem is that D-O-A is built to work with keystone credential based auth and not much else
12:36:43 <david-lyle> and makes a lot of assumptions that you are using credentials
12:37:00 <mattfarina> david-lyle is this the kind of thing that should be external to horizon but horizon has a good plug-in mechanism to support it?
12:37:24 <david-lyle> I would like a cleaner way to do auth plugins in d-o-a
12:37:34 <doug-fish> david-lyle: do you mean it doa is tied to id/pw?  because I think there will always be some kind of credentials
12:38:11 <david-lyle> doug-fish: we'll still want to support credentials, but that's just one way keystone now supports to auth
12:38:35 <doug-fish> got it
12:38:40 <david-lyle> tqtran: I think websso is a high priority, but I'm not sure it's ready yet
12:38:58 <david-lyle> we have 3 options as I see it
12:39:23 <amotoki> d-o-a has three interfaces: to hoirzon, to users (view), to keystone or other auth mechanisms. from horizon point of view, the interface to horizon is not chnaged so much (or no change).
12:40:00 <david-lyle> 1) roll in websso and take on some technical debt in Liberty to fix how it ties in
12:40:30 <david-lyle> 2) establish a proper plugin mechanism before merging any other auth types
12:41:14 <david-lyle> 3) restructure/rewrite D-O-A to make more sense
12:41:45 <tqtran> I'm ok with going with option #2 first
12:42:00 <mrunge> option 2 makes sense to me
12:42:19 <david-lyle> 2 and 3 may not be mutually exclusive ;)
12:42:27 <doug-fish> yeah 2+3 is what I was thinking
12:42:29 <tqtran> I think it might be a bit rushed anyhow, websso just barely made kilo. and reviews for it came in rather late.
12:43:41 <david-lyle> we can also discuss how much sense a separate auth package for horizon makes
12:43:56 <doug-fish> david-lyle: can you expand on that?
12:44:02 <david-lyle> but that's a summit discussion I think
12:44:29 <david-lyle> doug-fish: history lesson time
12:44:31 <david-lyle> :)
12:44:35 <doug-fish> :-)
12:44:36 <mattfarina> ooooo
12:45:07 <david-lyle> D-O-A used to be part of horizon, it was rolled out to be an extensible django based auth tool for openstack
12:45:19 <david-lyle> keystone was just one possible backend
12:45:23 * tqtran settles in. Getting the smore ready.
12:45:38 <david-lyle> hence in backend, KeystoneBackend
12:46:26 <david-lyle> since then we've made changes that make the library very tightly coupled to Horizon and Keystone
12:46:59 <david-lyle> so not reusable by anyone other than someone rewriting Horizon in django and auth'ing to keystone
12:47:12 <david-lyle> I'm thinking that's a very small set of projects
12:48:03 <doug-fish> david-lyle: I thought at one time some groups didn't use keystone for the backend - was that ever part of the motivation for DOA?  so they could plug in their own auth?
12:48:03 <david-lyle> In the future, I think a lot of what is set up in DOA for the session will be stored on the client side and not in the session
12:48:55 <david-lyle> doug-fish: It probably was
12:49:27 <david-lyle> I used DOA with the keystone backend for a custom IdP
12:49:43 <david-lyle> because so much structure from keystone is expected in Horizon
12:50:10 <doug-fish> yeah, Horizon is really tied to keystone
12:50:38 <david-lyle> any way, massive restructuring is a conversation for another time and gets really complicated
12:51:05 <david-lyle> it could also be potentially disruptive to deployers
12:51:21 <doug-fish> you think they would miss DOA?
12:51:26 <david-lyle> but allowing for auth plugins to D-O-A makes sense
12:51:54 <david-lyle> doug-fish: if they've built a solution that has a customized doa
12:52:16 <doug-fish> BTW, I think the plugin we want is bigger than a keystone auth plugin, but smaller than a django auth backend
12:52:50 <david-lyle> doug-fish: trying to imagine how far apart your hands are
12:52:55 <doug-fish> we need to coordinate a scoped/unscoped keystone auth plugin, its method for getting projects, and messages/ui presentation at the very least
12:53:07 <doug-fish> :-)
12:53:31 <tqtran> could you elaborate on what exactly in session setup by doa will be stored client side?
12:53:51 <mrunge> doug-fish, david-lyle I'm curently counting 37 public forks on github for doa
12:54:00 <doug-fish> :-O
12:54:02 <doug-fish> wow
12:54:29 <david-lyle> tqtran: eventually I would say catalog, authorized project list, role assignments
12:54:41 <mrunge> for reference: https://github.com/openstack/django_openstack_auth/network
12:54:53 <doug-fish> tqtran: maybe tokens too?
12:55:59 <david-lyle> doug-fish: yeah
12:56:00 <doug-fish> david-lyle: while we are thinking about changing DOA .... do you see any future for domain scoped tokens?
12:56:12 <david-lyle> doug-fish: yes and no
12:56:14 <doug-fish> you seemed a bit down on that earlier this week
12:56:31 <david-lyle> only short term
12:57:04 <david-lyle> I think a set of patches that allow using domain scoped tokens is the best path at this point
12:57:28 <david-lyle> not necessarily merging them
12:57:39 <doug-fish> interesting ...
12:57:45 <david-lyle> keystone's direction is changing
12:58:10 <david-lyle> and I see hierarchical projects actually being supported outside of keystone and horizon
12:58:15 <david-lyle> where domains never will be
12:58:26 <doug-fish> yeah - that seemed like a major limitation to me
12:58:30 <david-lyle> 2 years in, no support
12:58:42 * david-lyle check watch
12:58:45 <doug-fish> though heirarchical projects don't get supported for free in the other services do they?
12:58:48 <david-lyle> time of death 6:58
12:58:52 <doug-fish> :-)
12:58:54 <mattfarina> doug-fish they don't
12:58:57 <david-lyle> doug-fish: no
12:59:25 <david-lyle> they need quotas calculation changes at a minimum
12:59:56 * david-lyle sees to many s's not sure which one should go
13:00:07 <david-lyle> *quota
13:00:24 <tqtran> *quotas calculations changes
13:00:31 <david-lyle> +!
13:00:31 <mattfarina> and sharing of resources cross-sub-project (like glance images)
13:00:34 <david-lyle> +1
13:01:05 <mrunge> let's drop quota and make it an external service
13:01:36 <david-lyle> yeah, that's going to be interesting code
13:01:51 <mrunge> just an api call away :D
13:01:54 <mattfarina> at least the api should be easy to consume :)
13:01:55 <david-lyle> alright times up, any parting thoughts?
13:02:03 <david-lyle> questions
13:02:39 <david-lyle> just to close on DOA, I think we should get a plugin model established
13:02:56 <mrunge> +1 david-lyle
13:03:01 <doug-fish> yeah - would be good to have something well underway before the summit
13:03:13 <david-lyle> doug-fish: agreed
13:03:30 <david-lyle> tqtran: ok with that?
13:03:38 <tqtran> yep
13:03:58 * david-lyle easily strays off topic
13:04:15 <david-lyle> alright, thanks everyone
13:04:22 <mrunge> thanks david-lyle
13:04:28 <david-lyle> some reviews of the items in k-3 would be very helpful
13:04:38 <david-lyle> have a great week
13:04:42 <david-lyle> #endmeeting