#openstack-meeting-4 log

15:00:15 <apuimedo> #startmeeting kuryr
15:00:16 <openstack> Meeting started Mon Aug  3 15:00:15 2015 UTC and is due to finish in 60 minutes.  The chair is apuimedo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:17 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:19 <openstack> The meeting name has been set to 'kuryr'
15:00:33 <apuimedo> Hi all
15:00:46 <apuimedo> and welcome to the first community IRC meeting of Kuryr
15:00:52 <banix> hi
15:00:53 <apuimedo> who is here to join the fun?
15:01:08 <yalie> hi
15:01:18 <tfukushima> Hi
15:01:20 <red_trela> hi
15:01:55 <apuimedo> #info banix, apuimedo, yalie, tfukushima and red_trela present in the meeting
15:02:26 <apuimedo> According to the agenda, the first point is: Review the project goals
15:02:54 <banix> #link https://wiki.openstack.org/wiki/Meetings/Kuryr
15:02:59 <apuimedo> tfukushima got a patch merged that describes the current goals
15:03:23 <tfukushima> https://github.com/openstack/kuryr/blob/master/doc/source/design.rst
15:03:44 <apuimedo> #link https://review.openstack.org/#/c/206956/
15:04:07 <apuimedo> Did everybody have time to take a look?
15:04:33 <apuimedo> Does somebody have further comments for the current definition or proposals for the following steps?
15:06:00 <apuimedo> I am going to submit a draft blueprint that describes the mechanism that the different port types will follow for binding and unbinding the veths to the overlays
15:06:13 <yalie> great
15:06:58 <apuimedo> It will follow a similar pattern to the nova vif-plug-script proposal that was discussed in Vancouver
15:06:59 <banix> sounds good. there was/is an effort in Nova to have the vif plu/unplug sumting pluable but i don’t think that has happened…
15:07:15 <apuimedo> banix: you are well informed
15:07:22 <apuimedo> AFAIK it has not happened yet
15:07:32 <apuimedo> but the approach will be similar
15:07:50 <apuimedo> Since the task is very similar to what happens in nova
15:07:56 <apuimedo> I want to aim for consistency
15:08:01 <banix> makes sense
15:08:40 <apuimedo> and simplicity, and having just executables for bind and unbind seems the simplest and most powerful of the solutions (albeit it may bring some grief to selinux policy updaters)
15:09:31 <apuimedo> #action apuimedo to submit a draft proposal for vif-binding-unbinding
15:09:39 <yalie> hi apuimedo, what is the nova vif-plug-script proposal?
15:09:46 <yalie> is there a link?
15:09:51 <apuimedo> yalie: https://etherpad.openstack.org/p/nova_vif_plug_script_spec
15:09:55 <yalie> thanks!
15:10:04 <apuimedo> I think it made it to gerrit
15:10:08 <apuimedo> but I can't find the link now
15:10:28 <yalie> it's enough,thank you
15:11:01 <banix> there may have been some concern wrt security but I do not recall the details… will follow up
15:11:39 <apuimedo> well, for me, as long as it has an appropriate apparmor selinux confinement it should be okay
15:12:14 <apuimedo> I don't think Kuryr should run with full root, just CAP_NET_ADMIN
15:12:41 <SourabhP> I believe the vif plug script was abandoned in favor of a library model
15:12:50 <SourabhP> https://review.openstack.org/#/c/193668
15:13:29 <apuimedo> #link https://review.openstack.org/#/c/193668
15:13:36 <apuimedo> thanks SourabhP
15:13:47 <apuimedo> I'll study it and take it into consideration for the draft!
15:13:51 <apuimedo> :-)
15:14:12 <apuimedo> Another issue that we should tackle leading to next week's meeting will be the one about configuration
15:14:33 <apuimedo> whether we should have /etc/kuryr/kuryr.conf or just get config from Docker, or both
15:14:52 <apuimedo> (Just raising it so people can start thinking about it :-) )
15:15:45 <apuimedo> #action apuimedo to put in the next week's agenda configuration management
15:16:09 <apuimedo> Does anybody have any other thing for the first meeting point?
15:16:20 <banix> yes let’s think; to me there are some configs that docker shouldn’t care about but lets discuss more next week
15:17:26 <apuimedo> banix: thanks banix. I was thinking maybe we should have an etherpad to draft a blueprint for that
15:17:57 <banix> apuimedo: ok let me get that started
15:17:57 <tfukushima> I started implementing the actual code of bridging Kuryr and Neutron. I need to handle how I can set the information required by Neutron, i.e., user, password and the root endpoint URL.
15:18:23 <tfukushima> I mean, I need to figure it out.
15:18:27 <apuimedo> tfukushima: I guess for now we can use ENV variables
15:18:45 <apuimedo> while we work on the blueprint draft that banix will set up
15:19:04 <apuimedo> #action banix to set up a draft spec for configuration management
15:19:41 <apuimedo> #info On to the second item of the day "Magnum/Kolla"
15:19:49 <tfukushima> Ok, that makes sense. I'll use ENV vars for now.
15:19:57 <SourabhP> That could be one use-case for having kuryr.conf? Keystone credentials for Neutron tenants ?
15:20:09 <apuimedo> SourabhP: definitely
15:20:41 <apuimedo> and I think that Kuryr should be properly registered in Keystone as a service and have its own token
15:20:46 <banix> SourabhP: speaking of tenant”s”, there ia  lot to discuss as how we deal with multiple tenants
15:21:19 <apuimedo> banix: that's a very interesting topic
15:21:34 <SourabhP> Yes, I was trying to understand how to map Neutron’s use of tenants for container world
15:21:37 <apuimedo> my thought was that single requests should pass a docker label
15:21:48 <apuimedo> so if you do docker network create
15:22:12 <apuimedo> you should be passing a label that contains a temporary token of your user
15:22:26 <apuimedo> otherwise you can't have multiple tenants on the same host
15:22:38 <apuimedo> but I have to fully consider the security implications of that
15:22:59 <banix> apuimedo: yes it seems that labels should be involved :)
15:23:26 <SourabhP> Would these labels correspond to users/tenants in Keystone?
15:23:30 <apuimedo> #info set up discussion about multi-tenancy for an eventual blueprint
15:23:48 <apuimedo> SourabhP: the labels is just the Docker mechanism to pass arbitrary data to commands
15:23:59 <apuimedo> in this case, it could be something like
15:24:12 <apuimedo> #link https://docs.docker.com/userguide/labels-custom-metadata/
15:24:29 <SourabhP> apuimedo: thanks. will look that up.
15:24:37 <banix> so i think this is the area where we have to see how docker is evolving and what the plans (if any) are for the short and long term
15:25:02 <apuimedo> #link https://github.com/docker/docker/pull/9882
15:25:23 <apuimedo> yes, we'll have to keep up to date ;-)
15:26:51 <apuimedo> It could look like  `docker run --publish-service=db.mynet.kuryr --label token=180413823-48-03 cirros`
15:27:34 <apuimedo> you can try labels in 1.8 experimtal builds
15:27:53 <apuimedo> so, now. Magnum and Kolla
15:29:00 <apuimedo> there was some discussion in the Magnum specs about the adequacy of the networking abstraction they propose
15:29:03 <apuimedo> #link https://review.openstack.org/#/c/204686/
15:30:05 <yalie> seems this spec want to create a magnum network plugin?
15:30:20 <apuimedo> However, seeing that unfortunately gsagie and mestery could not make it to the meeting today, and being that they are the ones that have most thoroughly reviewed that spec, I'd adjourn the discussion on Magnum for the next Monday.
15:30:55 <apuimedo> yalie: IIUC it creates a layer to abstract several networking providers
15:31:17 <banix> sounds good
15:31:18 <apuimedo> one of them could be Neutron via Kuryr
15:31:28 <apuimedo> banix: you mean adjourning?
15:31:34 <banix> yes :)
15:31:58 <apuimedo> #info Discussion about the Magnum spec postponed to the next meeting
15:32:00 <sdake> magnum network plugin makes sense to me
15:32:26 <apuimedo> #action apuimedo to add the topic to the next meeting agenda
15:32:27 <banix> I will be talking to the Magnum people about Kuryr.
15:32:28 <sdake> but originally the neutron community said thye were not planning to touch neutron networking
15:32:29 <apuimedo> sdake: Hi!
15:32:32 <sdake> hey :)
15:32:43 <sdake> sorry - saw kolla/magnum pop up - makes my comoputer buzz
15:32:56 <apuimedo> sdake: I'm happy to see you here
15:32:59 <sdake> you should invite daneyon to yournext meeting
15:33:06 <apuimedo> sdake: indeed
15:33:12 <apuimedo> I'll shoot him an email
15:33:19 <sdake> danehans@cisco.com
15:33:25 <apuimedo> #info next topic: Kolla
15:33:56 <sdake> touch neutorn networking/ touch container networking
15:34:01 <apuimedo> In regards to Kolla, the relationship between Kuryr and Kolla is no different than the one between Nova, Neutron, etc and Kolla
15:34:03 <sdake> above 10 lines above ^^
15:34:06 <apuimedo> except that we want it more
15:34:17 <apuimedo> sdake: my brain auto-corrected :P
15:34:25 <sdake> yar
15:34:33 <sdake> 8am - brain barely operational
15:34:47 <apuimedo> I know the feeling :P
15:35:07 <apuimedo> We have to work with Kolla people asap and make a Kuryr container
15:35:17 <apuimedo> I'll be happy if there is some taker :P
15:36:10 <sdake> note to make containers we need something that is pip installable (from source container) or rpm installable (from binary container)
15:36:10 <banix> apuimedo: what do we need to do here?
15:36:40 <apuimedo> sdake: gsagie set it up on pypi
15:36:40 <sdake> then ideally add support for ansible to our networking monstrosity that supports linuxbridge and ovs atm
15:36:52 <apuimedo> but we have to work on the whole installation
15:37:03 <sdake> ansible work takes about 4 hours
15:37:10 <sdake> container work takes about 4 hours
15:37:19 <sdake> (for experienced people with kolla)
15:37:20 <apuimedo> #info: we must look at ansible and pip/rpm based installation
15:37:27 <sdake> for someone new might take twice as long
15:37:33 <apuimedo> sdake: a deployment takes 4h?
15:37:36 <sdake> i'd focus on from source first
15:37:40 <sdake> a deployment takes 2 minutes
15:37:43 <apuimedo> ah
15:37:44 <sdake> making th ansible code takes 4 hours
15:37:49 <apuimedo> cause that was my experience :P
15:37:58 <apuimedo> 2 minutes, I mean
15:38:08 <apuimedo> cool
15:38:17 <sdake> join us in #kolla
15:38:25 <sdake> samyaple is the go to guy in our community on hard ansible questions
15:38:36 <sdake> of which networking is hard because we have conditionals
15:38:36 <apuimedo> sdake: thanks!
15:39:33 <apuimedo> #info For work on Kolla-Kuryr contact sdake and samaple
15:39:39 <apuimedo> #info For work on Kolla-Kuryr contact sdake and samyaple
15:39:48 <sdake> rather join #kolla
15:39:55 <sdake> and ask around - we have 8 core reviewers
15:39:57 <sdake> any can help
15:40:35 <apuimedo> #info kolla-kuryr join #kolla to get help on the integration
15:41:02 <apuimedo> banix: it's basically get our pip/rpm deployment ready to be part of Kolla
15:41:11 <banix> got it
15:41:16 <apuimedo> so that Kolla will be able to deploy Kuryr
15:41:30 <apuimedo> it's its unbelievably fast show of OpenStack
15:41:45 <apuimedo> I would really like it if we could demo Kuryr in Tokyo
15:41:50 <apuimedo> running on Kolla
15:41:57 <banix> we will :)
15:42:09 <sdake> note we jut started liberty-3
15:42:25 <sdake> so now is the time to write a blueprint so I can set to discussions tage
15:43:07 <apuimedo> sdake: you mean the blueprint at the kolla repo, right?
15:43:27 <apuimedo> #action apuimedo to find takers for the kolla blueprint
15:43:32 <banix> apuimedo: did anyone take this? if not I will find out what is to be done and file the blueprint
15:43:45 <apuimedo> well, that action was fast :P
15:43:46 <sdake> you ahve to write a blueprint firstyes
15:43:49 <apuimedo> we have a taker
15:43:49 <sdake> no specs required
15:44:15 <apuimedo> #action banix to look at Kolla and draft a spec for Kuryr inclusion
15:44:16 <banix> sdake: i will bug you and company in #kolla if not clear
15:44:26 <sdake> wfm
15:44:26 <apuimedo> sorry, I meant blueprint
15:44:39 <sdake> ya dont waste time on a spec
15:44:44 <apuimedo> ;-)
15:44:44 <sdake> we only use those on rare circumstances
15:44:53 <apuimedo> thanks for that :-)
15:45:08 <sdake> basically to build consensus where there is none around the core reviewer team
15:45:25 <apuimedo> #info Final agenda topic: reviews
15:45:42 <apuimedo> Currently everything posted has been merged
15:46:03 <apuimedo> I believe tfukushima will be pushing some patches soon
15:46:44 <yalie> apuimedo: do you mean the basic function has been working?
15:47:10 <apuimedo> yalie: no. We do mock answers to the requests
15:47:21 <tfukushima> Yes, I have some code with unit tests. But again I need to run it against the real Neutron API.
15:47:24 <apuimedo> but Docker already treats Kuryr as a driver
15:47:35 <yalie> great
15:47:44 <apuimedo> tfukushima: looking forward to see that code
15:47:57 <apuimedo> any comments about the current working of the reviews? Things we should improve?
15:47:57 <yalie> tfukushima: looking forward too
15:48:50 <apuimedo> tfukushima: I was now wondering that for the unit tests that you are doing for the communication with the Neutron API
15:49:03 <apuimedo> probably Magnum already has something done
15:49:18 <apuimedo> and nova
15:49:30 <apuimedo> actually probably Nova is more likely
15:49:37 <apuimedo> since it does a very similar usage
15:49:47 <apuimedo> I wonder if we can reuse some of their test work
15:49:56 <tfukushima> I looked at python-neutronclient and followed what they're doing basically.
15:50:05 <apuimedo> good :-)
15:50:18 <banix> that sounds about right tfukushima  :)
15:50:40 <apuimedo> tfukushima: I hope you soon have more company in the `git log` :-)
15:51:05 <tfukushima> I don't test neutronclient itself but only the part of Kuryr mocking the calls against Neutron.
15:51:13 <apuimedo> right
15:51:20 <apuimedo> that's why I said Nova
15:51:28 <apuimedo> because they have to do exactly the same
15:51:46 <tfukushima> I'm assuming create_network and delete_network would be succeeded and return the appropriate response. Or I'll add tests for the failures.
15:51:54 <apuimedo> good
15:51:57 <banix> tfukushima: yes please reach oout to me for any piece that can be done in parallel
15:52:11 <apuimedo> thanks banix
15:52:15 <apuimedo> #info Open floor. Anybody with another topic for the present meeting?
15:52:29 <apuimedo> (8mins remaining)
15:52:43 <banix> apuimedo: great first meeting!
15:53:00 <yalie> thank you apuimedo
15:53:03 <apuimedo> banix: thanks ;-) I'm a chair newbie :P
15:53:20 <banix> apuimedo: you did very well
15:53:43 <apuimedo> thanks a lot banix, yalie, tfukushima, SourabhP and sdake for participating!
15:54:00 <tfukushima> Thanks all.
15:54:03 <banix> do we have an IRC channel by the way?
15:54:15 <apuimedo> banix: for now we use #openstack-neutron
15:54:21 <banix> cool
15:54:33 <apuimedo> this way the neutron cores have less work tracking us
15:54:34 <sdake> interestingpattern ;-)
15:54:35 <apuimedo> :-)
15:54:51 <SourabhP> apuimedo: thanks! great first meeting!
15:54:58 <apuimedo> thanks all
15:55:00 <apuimedo> #endmeeting