#openstack-meeting-4 log

15:02:00 <apuimedo> #startmeeting kuryr
15:02:01 <openstack> Meeting started Mon Sep 28 15:02:00 2015 UTC and is due to finish in 60 minutes.  The chair is apuimedo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:02 <salv-orlando> aloha. Finally a monday without conflicts at 5PM my time.
15:02:02 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:05 <openstack> The meeting name has been set to 'kuryr'
15:02:23 <apuimedo> Hello and welcome to another Kuryr meeting!
15:02:31 <apuimedo> who is here?
15:02:38 <diga> o/
15:02:42 <tfukushima> o/
15:02:49 <banix> I/
15:03:19 <apuimedo> salv-orlando: so you are here for the meeting?
15:04:15 <salv-orlando> apuimedo: yeah, for what else?
15:04:38 <salv-orlando> surely you don't want me here to tell jokes ;)
15:05:13 <apuimedo> salv-orlando: jokes are nice to put the meeting in a nicer mood
15:05:14 <apuimedo> :-)
15:05:38 <apuimedo> #info salv-orlando banix tfukushima diga and apuimedo present in the meeting
15:05:53 <apuimedo> #topic virtual sprint
15:06:27 <apuimedo> Last week tfukushima was working on a demo
15:06:32 <apuimedo> tfukushima: please update us
15:06:54 <tfukushima> Sorry, I had some urgent issues and I couldn't have the complete demo.
15:07:18 <tfukushima> However, I have the incomplete one used somewhere.
15:07:20 <tfukushima> https://drive.google.com/file/d/0BwURaz1ic-5tUFlIQklJRnBQc2s/view?usp=sharing
15:07:24 <apuimedo> tfukushima: Did you find any bugs while getting it to work?
15:07:32 <apuimedo> that we should discuss?
15:07:40 <banix_> tfukushima: apuimedo is the demo using the master or a different branch?
15:08:18 <apuimedo> #link https://drive.google.com/file/d/0BwURaz1ic-5tUFlIQklJRnBQc2s/view?usp=sharing
15:08:19 <tfukushima> It's my local branch. But basically I put everything on GerritHub.
15:08:37 <tfukushima> Actually patches on GerritHub are better. :-p
15:08:39 <apuimedo> banix_: it's the work tfukushima had to do on top of master to get it to work
15:08:56 <apuimedo> there was some stuff we had wrong about ip address setting
15:09:03 <apuimedo> some other stuff about mac address
15:09:05 <banix_> tfukushima: what you need to do, you have submitted as patches?
15:09:09 <salv-orlando> tfukushima: gerrit or github? Probably you're taling about the former as I see your patches to fix interactions wiht libnetwork
15:09:15 <apuimedo> and other things
15:09:23 <tfukushima> I made a shortkit for the default subnetpool  because I could only get Juno stack.
15:09:24 <apuimedo> I think he means gerrit
15:10:01 <apuimedo> salv-orlando: salv-orlando he has been on a coding marathon since yesterday ;-)
15:10:05 <tfukushima> Sorry I meant Gerrit. There's a service called GerritHub. I'm confused.
15:10:20 <tfukushima> That's similar to Gerrit hosted by OpenStack community.
15:10:31 <salv-orlando> tfukushima. apuimedo: no worries I just wanted to make sure I was looking at the right patches
15:10:44 <apuimedo> #action tfukushima to address the reviews made on his latest patches
15:10:51 <banix_> tfukushima: so you have all your changes submitted to gerrit?
15:11:14 <tfukushima> Yes, basically.
15:11:29 <apuimedo> #info tfukushima's demo was done over Juno and he posted his changes to gerrit
15:11:47 <banix_> I found a few minor issues preventing the code from working at all, I submitted three tiny patches for those
15:11:53 <tfukushima> I had bad workarounds in my local and I clean them up. The patches on Gerrit are nicer.
15:12:00 <apuimedo> #info apuimedo prepared a kilo image to port the demo to it, since juno required some hacks
15:12:06 <apuimedo> tfukushima: thanks tfukushima
15:12:13 <apuimedo> :-)
15:12:28 <tfukushima> banix_: Yes, I tested with Docker 1.8.0 experimental.
15:12:35 <apuimedo> banix_: thanks for that. Di dyou add us as reviewers?
15:12:43 <tfukushima> libnetwork APIs are changed a little bit in Docker 1.9.0 experimental.
15:13:06 <apuimedo> the new image I made for tfukushima is with midonet+kilo+docker1.9 experimental
15:13:28 <apuimedo> banix_: salv-orlando: I wonder if you would like access to the image
15:13:41 <tfukushima> Yes, I'll run Kuryr against that env from now on.
15:13:51 <apuimedo> good
15:14:18 <banix_> banix: thanks but no as it uses midonet
15:14:50 <banix_> i will using the rference implementation: ml2, ovs for testing
15:14:55 <apuimedo> banix_: ok, It should be easy enough to reconfigure neutron, but I guess you have your own ;-)
15:15:02 <tfukushima> s/shortkit/short circuit/
15:15:03 <apuimedo> banix_: great
15:15:26 <apuimedo> ok, moving to another virtual sprint topic
15:15:33 <salv-orlando> apuimedo: I actually wonder if we should ensure it's publicly accessible, assuming it might be useful to all contributors
15:16:08 <apuimedo> salv-orlando: is there some place we can put qcow2 images in OSt infra?
15:16:24 <apuimedo> or should we just put Puppet modules somewhere?
15:16:28 <tfukushima> Yes, I want the reference stack with OVS publicly accessible.
15:16:57 <apuimedo> my goal would be that we'd have it with Puppet so that infra can use it for the "tempest" testing
15:17:16 <salv-orlando> apuimedo: the latter approach is probably more feasible. Maybe in kuryr itself, pending a more suitable place.
15:17:16 <apuimedo> and then we could have sample manifests for OVS and midonet
15:17:26 <apuimedo> salv-orlando: cool
15:17:32 <salv-orlando> I'm not sure if we have an "openstack place" where images can be uploaded
15:18:07 <apuimedo> so for the moment puppet it is ;-) and in the meantime maybe I can put the image in some server
15:18:42 <apuimedo> I was investigating about the cap_net_admin approach to running kuryr so it would not need root
15:19:42 <apuimedo> We (me and Peter Saveliev from pyroute2) were able to drop privileges until only CAP_NET_ADMIN was remaining
15:19:42 <banix_> I will have a colleague work on the Kolla image for Kuryr
15:19:59 <apuimedo> #info banix's team will work on the kolla image
15:20:03 <apuimedo> banix_: that's great!
15:20:22 <sdake> ya for mitaka we are going full on capabilities dropping and running as specific users for kolla
15:20:30 <apuimedo> Originally I wanted to have a kuryr user that got CAP_NET_ADMIN only instead of starting as root and dropping privileges
15:20:36 <sdake> for improved security
15:20:46 <apuimedo> sdake: nice to see you here
15:20:57 <sdake> just random luck i guess ;-)
15:21:10 <apuimedo> sdake: so are your service files starting the daemon as root and then dropping and changing?
15:21:34 <sdake> we want to run as a user and drop prior to entering the container (have docker do the priviledge management early on)
15:21:49 <apuimedo> makes sense
15:22:05 <sdake> atm everythign runs as root
15:22:12 <apuimedo> for the non containerized run I considered doing a small executable that did that for me
15:22:12 <sdake> only some containers run with all capabiltieis
15:22:17 <sdake> (--privieleged option)
15:22:50 <apuimedo> #info: both kolla and kuryr will run with dropped privileges and user switching in Mitaka
15:23:12 <apuimedo> I want to talk to the systemd guys to see if I can avoid having the executable somehow
15:23:50 <apuimedo> sdake: yes, that's how I saw it last time
15:24:03 <apuimedo> sdake: who is leading this effort in kolla?
15:24:20 <sdake> the privilege dropping?
15:24:25 <sdake> undefined at this point, we typically all chip in
15:24:37 <sdake> i generally do most of the facilitating
15:24:55 <apuimedo> ok
15:25:11 <sdake> i expct it will happen in mitaka-1
15:25:17 <apuimedo> nice
15:25:32 <apuimedo> #topic testing
15:26:12 <apuimedo> salv-orlando: do you have any news from talking with infra people about running functional tests in there?
15:26:23 <apuimedo> I expect that having puppet modules will be a requirement
15:29:27 <banix> salv-orlando is at the small pub again
15:29:50 <apuimedo> :-)
15:29:53 <sdake> running functional tests is a big job
15:29:56 <sdake> be prepared for some pain :)
15:32:05 <apuimedo> sdake: :-) Thanks
15:32:27 <apuimedo> I didn't expect it easy, but it's good to go prepared into it
15:32:39 <apuimedo> #topic: open floor
15:32:55 <apuimedo> Does anybody else have some topic to bring up?
15:32:57 <sdake> so quick q
15:33:07 <sdake> what type of containers do you intend to create exactly?
15:33:10 <sdake> a whoel bunch or just one?
15:33:12 <banix> apuimedo: so one piece missing is the libnetwork support for labels
15:33:25 <salv-orlando> apuimedo: I had to answer another call. No I did not chat yet to infra people, thanks for the reminder. I'll make a note of doing that.
15:33:48 <banix> sdake: just one is what I had in mind
15:33:52 <apuimedo> #action salv-orlando to chat with the infra people about running func tests there
15:34:07 <sdake> banix cool - we definately are willing to host the code inside kolla
15:34:08 <apuimedo> sdake: there should be just one
15:34:12 <sdake> so feel free to submit the patches there
15:34:26 <apuimedo> for midonet there'll be two, one for midonet agent and one for kuryr
15:34:37 <apuimedo> I expect other vendors to do similarly
15:34:52 <banix> sdake: thanks, yes, working on getting kuryr in a decent shape
15:35:07 <sdake> one thing we want to tackle in kolla is plugins for cinder/neutron/nova
15:35:18 <sdake> there are about 50 plugins per cinder/neutron
15:35:22 <sdake> and 10 in nova
15:35:33 <banix> so using wget to get kuryr rather that installing through yum or apt-get is acceptable as a start point?
15:35:35 <sdake> so we dont want to create 50 containers, but just 1 container that is plugin selectable
15:35:47 <sdake> banix we have a system for source building
15:35:55 <tfukushima> banix: Regarding label, I'm not sure if libnetwork guys make it happen in Docker 1.9.0.
15:36:07 <sdake> banix you basically point it at a git repo or a tarball.gz and it builds the image properly
15:36:19 <tfukushima> #link Labels support for Network, Endpoint Create, Join #222 https://github.com/docker/libnetwork/pull/222
15:36:36 <banix> tfukushima: i am told it is in 1.9 plan and ready to be added but a few more high priority stuff remains for them
15:37:07 <banix> tfukushima: yeah I talked to them, hopefully we will see it this week. How do you plan to use them?
15:37:13 <banix> sdake: thanks
15:37:18 <tfukushima> Ok, let's see...
15:37:51 <banix> tfukushima: any particular use case for labels you have in mind?
15:38:25 <tfukushima> Giving names of the networks and the endpoints to Kuryr.
15:38:51 <sdake> banix when your ready to get started, join #kolla and one of the core reviewers can help walk you through how to create a container for from source building
15:38:55 <tfukushima> Now we'll see Docker IDs as the names in Neutron.
15:39:02 <apuimedo> #info kuryr will be a single container
15:39:22 <banix> sdake: sounds good. Thank you.
15:39:25 <apuimedo> #info kuryr will be a single kolla container for now
15:39:58 <apuimedo> banix: IIRC the contact sdake gave us is SamYapple
15:40:07 <sdake> Yaple
15:40:17 <sdake> but feel free to contact anyone in #kolla that is a core reviewer
15:40:27 <sdake> or anyone else for that matter
15:40:32 <apuimedo> :-)
15:40:34 <sdake> but the crs are the best folks to giveoyu wa lkthrough of the code
15:40:36 <apuimedo> thanks sdake
15:41:07 <banix> sure
15:41:09 <apuimedo> sdake: what's the shape now of the ansible based orchestration of Kolla?
15:41:20 <sdake> fantastically good? :)
15:41:36 <sdake> if you could be more precise in oyur question i could give a more precise answer :)
15:41:43 <apuimedo> if we were to base our functional tests on it, could we do so now, or should we wait for liberty release?
15:41:58 <sdake> we are releasing rc1 tomorrow at 10am pst
15:42:03 <sdake> (hopefully)
15:42:07 <sdake> that is what i'd work against
15:42:15 <sdake> (the liberty branch will happen at this time as well)
15:42:27 <sdake> butreally I'd submit patches against master
15:42:36 <sdake> we aren't backporting features into liberty
15:43:25 <apuimedo> sdake: thanks
15:43:45 <banix> tfukushima: apuimedo can we make sure all corrections you make on your local branch get to master?
15:44:19 <apuimedo> banix: we'll re-run the demo on kilo with master plus what's on gerrit to make sure we didn't miss anything
15:44:27 <apuimedo> otherwise we'll go crazy :P
15:44:43 <banix> yes exactly
15:44:45 <banix> :)
15:45:43 <apuimedo> #action tfukushima apuimedo to run the demo again on kilo + master + tfukushima's under review patches
15:45:51 <apuimedo> anything else?
15:46:47 <tfukushima> #link patches https://review.openstack.org/#/q/status:open+project:openstack/kuryr,n,z
15:48:00 <apuimedo> thanks tfukushima
15:48:09 <banix> thanks tfukushima
15:48:21 <banix> by the way diga do you plan to update your patch?
15:48:42 <apuimedo> banix: he had to take off
15:48:56 <apuimedo> let's sync tomorrow with him on #openstack-neutron
15:49:03 <apuimedo> banix: tfukushima: sdake: salv-orl_: diga: thanks for joining!
15:49:07 <banix> apuimedo: ok
15:49:14 <apuimedo> #endmeeting