16:00:07 <lbragstad> #startmeeting keystone
16:00:10 <openstack> Meeting started Tue Mar 13 16:00:07 2018 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:12 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:12 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
16:00:15 <openstack> The meeting name has been set to 'keystone'
16:00:16 <lbragstad> agenda ^
16:00:22 <lbragstad> ping ayoung, breton, cmurphy, dstanek, gagehugo, henrynash, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rderose, rodrigods, samueldmq, spilla, aselius, dpar, jdennis, ruan_he, wxy
16:00:37 <raildo> o/
16:00:40 <hrybacki> o/
16:00:43 <jgr> Hello
16:00:46 <hrybacki> we got moved out of #openstack-meeting ?
16:00:51 <wxy|> o/
16:00:53 <lbragstad> hrybacki: there was a conflict
16:00:59 <hrybacki> ack
16:01:00 <lbragstad> wxy|: o/ nice to see you in the meeting :)
16:01:06 <wxy|> lbragstad: :)
16:01:11 <hrybacki> wxy|++
16:01:12 <knikolla> o/
16:01:34 <knikolla> thanks for the ping on -keystone, wasn't in the -meeting-alt channel.
16:01:57 <lbragstad> yeah - i wasn't either until about 2 minutes ago
16:02:14 <cmurphy> o/
16:02:38 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
16:02:45 <lbragstad> agenda in case folks missed it
16:03:05 <spilla> o/
16:03:21 <lbragstad> cool - let's go ahead and get started
16:03:29 <lbragstad> #topic announcements: new meeting time
16:03:38 <lbragstad> so - the big one is that the meeting time has changed
16:03:47 <lbragstad> unfortunately during the same time as american dst
16:03:47 <hrybacki> +1 for inclusion
16:03:50 <lbragstad> (sorry about that)
16:04:11 <lbragstad> as a result, we've had to move meeting channels to avoid a conflict in #openstack-meeting
16:04:35 * hrybacki updated the agenda to reflect as much
16:05:01 <lbragstad> if you rely on calendars like I do, there is an updated .ics file you can import into your calendar with the new time and location
16:05:02 <lbragstad> http://eavesdrop.openstack.org/#Keystone_Team_Meeting
16:05:04 <lbragstad> #link http://eavesdrop.openstack.org/#Keystone_Team_Meeting
16:05:32 <lbragstad> #topic office hours topics
16:05:34 <hrybacki> would it help if there was a calendar invite that we maintained?
16:06:03 <lbragstad> hrybacki: i believe that .ics is generated automatically
16:06:10 <hrybacki> ack, disregard :)
16:06:37 <lbragstad> http://git.openstack.org/cgit/openstack-infra/yaml2ical/
16:06:56 <lbragstad> anytime there is a change to the meetings repo, new icals are generated
16:07:57 <lbragstad> any other questions or comments about meetings or icals?
16:09:08 <lbragstad> ok - moving on
16:09:29 <lbragstad> if you haven't noticed, things in Trello have shuffled around quite a bit
16:09:49 <lbragstad> but - over the past week or so, we've got the Rocky roadmap in pretty good shape
16:09:56 <lbragstad> #link v
16:10:00 <lbragstad> #link https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap
16:10:32 <lbragstad> thanks to hrybacki for making sense of that board
16:10:52 <hrybacki> teamwerk makes the dreamwerk
16:10:54 <wxy|> hrybacki: really cool
16:11:25 <lbragstad> hrybacki: is there anything about that board you want to talk about? structure? process?
16:12:07 <hrybacki> lbragstad: so it is very similar to the Queens board
16:12:33 <hrybacki> The biggest thing to note is that items in the Next and In Progress column should be scoped to the closest milestone
16:12:50 <hrybacki> e.g. any items in those two columns are things we 'think we'll accomplish NLT 20-April-2018'
16:12:55 <lbragstad> that's something we didn't do for queens
16:12:56 <hrybacki> we can go over the specific items during office hours
16:13:02 <hrybacki> yeah
16:13:18 <hrybacki> we don't need to be dead on, but this will give us a baseline for sprint planning of M2/M3 and subsequent releases
16:13:32 * lbragstad hopes that helps make the Next list more reasonable
16:13:36 <hrybacki> tl;dr let's do some basic things and figure out where we need to improve without putting a lot of work on anyone
16:14:11 <hrybacki> also, if anyone has thoughts for improvements in the board/process please let us know
16:14:33 <hrybacki> I can write up docs for 'formalize' a process if folks would like to see/reference that
16:15:10 <hrybacki> my only ask is that everyone error on the side of being /too verbose/ in their cards as they work
16:15:24 <hrybacki> err* on
16:15:39 <cmurphy> how can I add a keystone team member?
16:15:57 <hrybacki> good question cmurphy -- I can find out before office hours
16:16:03 <cmurphy> I tried to add jgr to the board but it shows him as a lonely "non-team member"
16:16:39 <hrybacki> lbragstad: did you create the keystone team originally?
16:16:46 <lbragstad> i think i did
16:16:55 <lbragstad> cmurphy: jgr do you have an email?
16:16:59 <hrybacki> I'm not sure where/how 'teams' are managed
16:17:12 <lbragstad> it's literally the same as keystone groups :)
16:17:22 <hrybacki> #link keystone team page on Trello: https://trello.com/keystone42
16:17:36 <jgr> lbragstad: yes, let me quickly check which one I used for Trello...
16:17:39 <hrybacki> perhaps we just make the group public so folks can join at will?
16:17:46 <cmurphy> ++
16:17:49 <hrybacki> it is private presently
16:17:58 <hrybacki> lbragstad: I think you have to do that
16:18:13 <lbragstad> yep - i can do that quick
16:18:22 <hrybacki> cmurphy: did you ever get public access to the retro? Sorry I was kind of in a fog over the past couple of weeks =/
16:18:26 <jgr> lbragstad: I used johannes.grassler@suse.com for Trello.
16:18:30 <lbragstad> done
16:18:36 <cmurphy> hrybacki: yes you fixed it
16:18:40 <lbragstad> jgr: are you able to join the board now that it is public
16:18:55 <hrybacki> cmurphy++
16:19:16 <jgr> lbragstad: I think I have joined it...
16:19:45 <jgr> lbragstad: as far as I remember that "non-team member" thing is only a flag that doesn't impact board use.
16:19:48 <lbragstad> sweet - i think i still had to add you
16:19:58 <hrybacki> jgr: I see you on the team member list now: https://trello.com/keystone42/members
16:19:59 <lbragstad> but you were able to invite yourself
16:20:06 <cmurphy> i added him to the board
16:20:28 <lbragstad> good deal
16:20:41 <jgr> Ah, now I'm in the member list, too. Thanks :-)
16:21:05 <lbragstad> jgr: no problem - thank you!
16:21:53 <lbragstad> hrybacki: anything else on the board specifically, or do we want to get into office hours stuff?
16:22:14 <hrybacki> no, I can brief everything else on the video conference
16:22:20 <lbragstad> ok - cool
16:22:24 <lbragstad> #topic open discussion
16:22:30 <lbragstad> floor is open if anyone has topics
16:22:31 <knikolla> what's the schedule for that?
16:22:51 <lbragstad> knikolla: we're going to keep office hours immediately after the meeting, so the format should be the same
16:23:06 <lbragstad> unless we come up with a reason to change it
16:23:16 <knikolla> ack! so we're jumping on the conference call right after this?
16:23:17 <hrybacki> aim in the first hour is to review the board and agree upon things for M1 ('sprint planning')
16:26:23 <lbragstad> i do have a couple things to propose for office hours, but only after sprint planning
16:26:39 <lbragstad> wxy|: i assume you'll drop after the meeting?
16:26:59 <lbragstad> given it's going on 1:00 AM where you are?
16:27:16 <wxy|> lbragstad: i'll try to attend the online meeting. not sure the internet is Ok or not.
16:28:55 <kmalloc> ugh.
16:28:57 <lbragstad> wxy|: i just want to make sure we cover whatever you need while we have you on the line, in case you decide to drop after the meeting
16:29:57 <kmalloc> lbragstad: we moved to meeting-alt?
16:30:26 <ayoung> kmalloc, no
16:30:29 <lbragstad> kmalloc: yeah - there was a conflict in #openstack-meeting at 1600
16:30:29 <ayoung> kmalloc, this is not happening
16:30:33 <ayoung> its all a dream.
16:30:36 <ayoung> wake up.
16:30:38 <kmalloc> oh, ok
16:30:41 <ayoung> Heh
16:30:45 <lbragstad> lol
16:31:00 <kmalloc> >.>
16:31:06 <ayoung> Heh
16:31:23 <ayoung> so, since we are in open discussion:  multi-site
16:31:35 <ayoung> I started chatting about this in #openstack-keystone
16:31:53 <ayoung> Let me suggest that people read the edge-stuff from PTG:
16:32:09 <ayoung> http://markvoelker.github.io/blog/dublin-ptg-edge-sessions/
16:32:23 <ayoung> And I know a few people have stumbled over stuff like this before.
16:33:18 <lbragstad> ayoung: correct me if i'm wrong, but the tl;dr is that there are a bunch of small deployments that need to act as a single cloud, right?
16:33:27 <ayoung> lbragstad, yeah
16:33:40 <ayoung> that is the driving story, IIUC
16:34:04 <ayoung> How do you sync?  How do you upgrade? How do you keep the music playing?
16:34:51 <ayoung> K2K federation provides an insulatin layer between them, but it is useless if the First K is down.
16:35:14 <ayoung> I think a lot of people have gone Hub-and-Spoke and made Keystone at the spoke read only
16:35:39 <ayoung> but that messes up things like application credentials.  You have to write them centrally, not at the Keystone server that shows up in your Service catalog
16:36:06 <ayoung> also, a use case that has come up a lot is "I have a region that is for special customers.  How do I keep out the riff raff?"
16:37:15 <ayoung> K2K is OK if the people in the gold tier don't want to reuse anything from the regular tier, but they are the ones paying the most.  They want their resources.
16:37:51 <ayoung> That last seems mostly like a policy thing;  add an additional role to all operations on a specific endpoint.
16:38:39 <ayoung> I was thinking in terms of "This region can write values for this domain"
16:38:56 <ayoung> and then eventually-consistent semantics for syncing to the other keystones.
16:40:11 <ayoung> So if we have Boston and Berlin as Regions, and each region had a keystone, and each keystone has two domains, Named DomBoston and DomBerlin,  the Keystone in Boston can write to DomBoston and will push its changes to DomBerlin.
16:40:33 <ayoung> Keystone in Berlin would ignore any changes for DomBerlin unless it wrote them
16:41:08 <ayoung> You would need a central arbiter to make sure that regions to domains was set up in a consistant manner.  But assume changes to that are infrequent
16:41:26 <lbragstad> hmm - so would on the domain be sync'd?
16:41:31 <lbragstad> what about the user tables?
16:42:06 <ayoung> right...so the synced data would be all tables in identity, assignement and the project table in Resource
16:42:43 <ayoung> but only the values tagged with DomBoston would be acceptable to the Berlin Keystone
16:42:49 <ayoung> and the reverse
16:45:11 <ayoung> So...let me throw that out there as a starting point.  We should participate in the Edge computing discussions, as Keystone is going to be a nexus for that use case to work
16:45:20 * ayoung surrenders the conch
16:45:31 <lbragstad> yeah...
16:45:39 <cmurphy> agreed that we need to be thinking about this more seriously
16:45:43 <lbragstad> ++
16:46:06 <lbragstad> and that's apparent in how many requests we've gotten for various things (like project IDs over the API)
16:46:38 <lbragstad> i'll re-read the edge etherpad from dublin
16:46:55 <ayoung> lbragstad, yeah, and there is second one called Alan'S Problems
16:46:58 <lbragstad> #link http://markvoelker.github.io/blog/dublin-ptg-edge-sessions/
16:47:10 <ayoung> https://etherpad.openstack.org/p/edge-alans-problems
16:47:16 <ayoung> #lionk https://etherpad.openstack.org/p/edge-alans-problems
16:47:19 <ayoung> #link https://etherpad.openstack.org/p/edge-alans-problems
16:47:28 <ayoung> #lionk is short for Lion King
16:47:45 <knikolla> i'll do some background reading.
16:48:01 <lbragstad> nice - i'll dig into those
16:48:23 <lbragstad> i have some context on the problem, but i feel like i should at least step back and read everything first
16:48:35 <lbragstad> thanks ayoung
16:49:35 <lbragstad> anything else for open discussion?
16:49:46 <lbragstad> otherwise we can end 15 minutes early and prepare for sprint planning
16:49:52 <lbragstad> er 11 minutes early
16:50:49 <lbragstad> alright - thanks for coming
16:50:54 <lbragstad> see everyone in a few minutes
16:50:57 <lbragstad> #endmeeting